diff --git a/clusters/mitre-attack-pattern.json b/clusters/mitre-attack-pattern.json index e8598c3..811f5df 100644 --- a/clusters/mitre-attack-pattern.json +++ b/clusters/mitre-attack-pattern.json @@ -97,9 +97,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1222/002", - "https://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100", + "https://labs.sentinelone.com/20-common-tools-techniques-used-by-macos-threat-actors-malware/", "https://www.hybrid-analysis.com/sample/22dab012c3e20e3d9291bce14a2bfc448036d3b966c6e78167f4626f5f9e38d6?environmentId=110", - "https://labs.sentinelone.com/20-common-tools-techniques-used-by-macos-threat-actors-malware/" + "https://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100" ] }, "related": [ @@ -363,8 +363,8 @@ "mitre-pre-attack:compromise" ], "refs": [ - "https://attack.mitre.org/techniques/T1385", - "https://arstechnica.com/tech-policy/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack/" + "https://arstechnica.com/tech-policy/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack/", + "https://attack.mitre.org/techniques/T1385" ] }, "uuid": "fb39384c-00e4-414a-88af-e80c4904e0b8", @@ -402,19 +402,19 @@ "iOS" ], "refs": [ - "https://attack.mitre.org/techniques/T1475", - "https://pages.nist.gov/mobile-threat-catalogue/ecosystem-threats/ECO-4.html", - "https://pages.nist.gov/mobile-threat-catalogue/ecosystem-threats/ECO-16.html", - "https://pages.nist.gov/mobile-threat-catalogue/ecosystem-threats/ECO-17.html", - "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-20.html", - "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-21.html", - "https://pages.nist.gov/mobile-threat-catalogue/ecosystem-threats/ECO-22.html", "http://dl.acm.org/citation.cfm?id=2592796", + "http://www.vvdveen.com/publications/BAndroid.pdf", + "https://attack.mitre.org/techniques/T1475", + "https://jon.oberheide.org/blog/2010/06/25/remote-kill-and-install-on-google-android/", "https://jon.oberheide.org/files/summercon12-bouncer.pdf", "https://media.blackhat.com/bh-us-12/Briefings/Percoco/BH_US_12_Percoco_Adventures_in_Bouncerland_WP.pdf", - "https://www.usenix.org/conference/usenixsecurity13/technical-sessions/presentation/wang_tielei", - "https://jon.oberheide.org/blog/2010/06/25/remote-kill-and-install-on-google-android/", - "http://www.vvdveen.com/publications/BAndroid.pdf" + "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-20.html", + "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-21.html", + "https://pages.nist.gov/mobile-threat-catalogue/ecosystem-threats/ECO-16.html", + "https://pages.nist.gov/mobile-threat-catalogue/ecosystem-threats/ECO-17.html", + "https://pages.nist.gov/mobile-threat-catalogue/ecosystem-threats/ECO-22.html", + "https://pages.nist.gov/mobile-threat-catalogue/ecosystem-threats/ECO-4.html", + "https://www.usenix.org/conference/usenixsecurity13/technical-sessions/presentation/wang_tielei" ] }, "uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a", @@ -504,11 +504,11 @@ "mitre-attack:exfiltration" ], "mitre_data_sources": [ + "Command: Command Execution", "File: File Access", - "Network Traffic: Network Traffic Flow", - "Network Traffic: Network Traffic Content", "Network Traffic: Network Connection Creation", - "Command: Command Execution" + "Network Traffic: Network Traffic Content", + "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ "Linux", @@ -516,8 +516,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1048/001", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/techniques/T1048/001" ] }, "related": [ @@ -537,11 +537,11 @@ "mitre-attack:exfiltration" ], "mitre_data_sources": [ - "File: File Access", - "Network Traffic: Network Traffic Flow", "Command: Command Execution", + "File: File Access", "Network Traffic: Network Connection Creation", - "Network Traffic: Network Traffic Content" + "Network Traffic: Network Traffic Content", + "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ "Linux", @@ -549,8 +549,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1048/002", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/techniques/T1048/002" ] }, "related": [ @@ -584,8 +584,8 @@ "mitre-pre-attack:persona-development" ], "refs": [ - "https://attack.mitre.org/techniques/T1343", - "https://arstechnica.com/tech-policy/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack/" + "https://arstechnica.com/tech-policy/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack/", + "https://attack.mitre.org/techniques/T1343" ] }, "uuid": "9a8c47f6-ae69-4044-917d-4b1602af64d9", @@ -634,24 +634,24 @@ "mitre-attack:privilege-escalation" ], "mitre_data_sources": [ - "Windows Registry: Windows Registry Key Creation", - "File: File Modification", "Command: Command Execution", + "File: File Modification", "Process: Process Creation", + "Windows Registry: Windows Registry Key Creation", "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Windows" ], "refs": [ + "http://msdn.microsoft.com/en-us/library/aa376977", "https://attack.mitre.org/techniques/T1547/001", "https://blog.malwarebytes.com/cybercrime/2013/10/hiding-in-plain-sight/", - "https://support.microsoft.com/help/310593/description-of-the-runonceex-registry-key", + "https://capec.mitre.org/data/definitions/270.html", "https://docs.microsoft.com/en-us/windows/win32/sysinfo/32-bit-and-64-bit-application-data-in-the-registry", - "http://msdn.microsoft.com/en-us/library/aa376977", "https://oddvar.moe/2018/03/21/persistence-using-runonceex-hidden-from-autoruns-exe/", - "https://technet.microsoft.com/en-us/sysinternals/bb963902", - "https://capec.mitre.org/data/definitions/270.html" + "https://support.microsoft.com/help/310593/description-of-the-runonceex-registry-key", + "https://technet.microsoft.com/en-us/sysinternals/bb963902" ] }, "related": [ @@ -728,21 +728,21 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ + "Active Directory: Active Directory Object Modification", "Command: Command Execution", "File: File Metadata", - "Process: Process Creation", - "Active Directory: Active Directory Object Modification" + "Process: Process Creation" ], "mitre_platforms": [ "Windows" ], "refs": [ "https://attack.mitre.org/techniques/T1222/001", - "https://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100", - "https://www.hybrid-analysis.com/sample/22dab012c3e20e3d9291bce14a2bfc448036d3b966c6e78167f4626f5f9e38d6?environmentId=110", - "https://docs.microsoft.com/windows/desktop/secauthz/dacls-and-aces", "https://docs.microsoft.com/en-us/windows/win32/secauthz/access-control-lists", - "https://www.eventtracker.com/tech-articles/monitoring-file-permission-changes-windows-security-log/" + "https://docs.microsoft.com/windows/desktop/secauthz/dacls-and-aces", + "https://www.eventtracker.com/tech-articles/monitoring-file-permission-changes-windows-security-log/", + "https://www.hybrid-analysis.com/sample/22dab012c3e20e3d9291bce14a2bfc448036d3b966c6e78167f4626f5f9e38d6?environmentId=110", + "https://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100" ] }, "related": [ @@ -764,10 +764,10 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "File: File Modification", "File: File Creation", - "Windows Registry: Windows Registry Key Modification", - "Process: Process Creation" + "File: File Modification", + "Process: Process Creation", + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Windows" @@ -797,19 +797,19 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "File: File Modification", "File: File Creation", + "File: File Modification", "Process: Process Creation" ], "mitre_platforms": [ "Windows" ], "refs": [ + "http://msdn.microsoft.com/en-us/library/ms682425", + "http://msdn.microsoft.com/en-us/library/ms687393", "https://attack.mitre.org/techniques/T1574/008", "https://capec.mitre.org/data/definitions/159.html", - "http://msdn.microsoft.com/en-us/library/ms682425", "https://docs.microsoft.com/en-us/previous-versions//cc723564(v=technet.10)?redirectedfrom=MSDN#XSLTsection127121120120", - "http://msdn.microsoft.com/en-us/library/ms687393", "https://docs.microsoft.com/en-us/previous-versions//fd7hxfdd(v=vs.85)?redirectedfrom=MSDN" ] }, @@ -834,11 +834,11 @@ "Windows" ], "refs": [ + "http://msdn.microsoft.com/en-us/library/aa376977", "https://attack.mitre.org/techniques/T1060", "https://capec.mitre.org/data/definitions/270.html", - "http://msdn.microsoft.com/en-us/library/aa376977", - "https://support.microsoft.com/help/310593/description-of-the-runonceex-registry-key", "https://oddvar.moe/2018/03/21/persistence-using-runonceex-hidden-from-autoruns-exe/", + "https://support.microsoft.com/help/310593/description-of-the-runonceex-registry-key", "https://technet.microsoft.com/en-us/sysinternals/bb963902" ] }, @@ -866,14 +866,14 @@ "iOS" ], "refs": [ - "https://attack.mitre.org/techniques/T1449", - "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-37.html", - "https://berlin.ccc.de/~tobias/31c3-ss7-locate-track-manipulate.pdf", - "https://www.youtube.com/watch?v=q0n5ySqbfdI", "http://www.3gpp.org/ftp/tsg_sa/wg3_security/_specs/33900-120.pdf", - "https://www.ptsecurity.com/upload/ptcom/PT-SS7-AD-Data-Sheet-eng.pdf", + "https://attack.mitre.org/techniques/T1449", + "https://berlin.ccc.de/~tobias/31c3-ss7-locate-track-manipulate.pdf", + "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-37.html", "https://www.fcc.gov/files/csric5-wg10-finalreport031517pdf", - "https://www.theregister.co.uk/2017/05/03/hackers_fire_up_ss7_flaw/" + "https://www.ptsecurity.com/upload/ptcom/PT-SS7-AD-Data-Sheet-eng.pdf", + "https://www.theregister.co.uk/2017/05/03/hackers_fire_up_ss7_flaw/", + "https://www.youtube.com/watch?v=q0n5ySqbfdI" ] }, "uuid": "fb3fa94a-3aee-4ab0-b7e7-abdf0a51286d", @@ -915,8 +915,8 @@ "mitre-pre-attack:technical-weakness-identification" ], "refs": [ - "https://attack.mitre.org/techniques/T1290", - "http://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf" + "http://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf", + "https://attack.mitre.org/techniques/T1290" ] }, "uuid": "b26babc7-9127-4bd5-9750-5e49748c9be3", @@ -934,13 +934,13 @@ "iOS" ], "refs": [ - "https://attack.mitre.org/techniques/T1450", - "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-38.html", - "https://berlin.ccc.de/~tobias/31c3-ss7-locate-track-manipulate.pdf", - "https://www.youtube.com/watch?v=q0n5ySqbfdI", "http://www.3gpp.org/ftp/tsg_sa/wg3_security/_specs/33900-120.pdf", + "https://attack.mitre.org/techniques/T1450", + "https://berlin.ccc.de/~tobias/31c3-ss7-locate-track-manipulate.pdf", + "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-38.html", + "https://www.fcc.gov/files/csric5-wg10-finalreport031517pdf", "https://www.ptsecurity.com/upload/ptcom/PT-SS7-AD-Data-Sheet-eng.pdf", - "https://www.fcc.gov/files/csric5-wg10-finalreport031517pdf" + "https://www.youtube.com/watch?v=q0n5ySqbfdI" ] }, "uuid": "52651225-0b3a-482d-aa7e-10618fd063b5", @@ -959,8 +959,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1413", - "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-3.html", - "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-13.html" + "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-13.html", + "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-3.html" ] }, "uuid": "29e07491-8947-43a3-8d4e-9a787c45f3d3", @@ -1000,17 +1000,17 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1175", - "https://www.fireeye.com/blog/threat-research/2019/06/hunting-com-objects.html", - "https://msdn.microsoft.com/library/windows/desktop/ms680573.aspx", "https://docs.microsoft.com/en-us/windows/desktop/com/dcom-security-enhancements-in-windows-xp-service-pack-2-and-windows-server-2003-service-pack-1", - "https://msdn.microsoft.com/en-us/library/windows/desktop/ms687317(v=vs.85).aspx", - "https://msdn.microsoft.com/en-us/library/windows/desktop/ms694331(v=vs.85).aspx", - "https://googleprojectzero.blogspot.com/2018/04/windows-exploitation-tricks-exploiting.html", - "https://enigma0x3.net/2017/11/16/lateral-movement-using-outlooks-createobject-method-and-dotnettojscript/", "https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/", "https://enigma0x3.net/2017/01/23/lateral-movement-via-dcom-round-2/", "https://enigma0x3.net/2017/09/11/lateral-movement-using-excel-application-and-dcom/", - "https://www.cybereason.com/blog/leveraging-excel-dde-for-lateral-movement-via-dcom" + "https://enigma0x3.net/2017/11/16/lateral-movement-using-outlooks-createobject-method-and-dotnettojscript/", + "https://googleprojectzero.blogspot.com/2018/04/windows-exploitation-tricks-exploiting.html", + "https://msdn.microsoft.com/en-us/library/windows/desktop/ms687317(v=vs.85).aspx", + "https://msdn.microsoft.com/en-us/library/windows/desktop/ms694331(v=vs.85).aspx", + "https://msdn.microsoft.com/library/windows/desktop/ms680573.aspx", + "https://www.cybereason.com/blog/leveraging-excel-dde-for-lateral-movement-via-dcom", + "https://www.fireeye.com/blog/threat-research/2019/06/hunting-com-objects.html" ] }, "uuid": "772bc7a8-a157-42cc-8728-d648e25c7fe7", @@ -1024,9 +1024,9 @@ "mitre-pre-attack:persona-development" ], "refs": [ + "http://media.blackhat.com/bh-us-10/whitepapers/Ryan/BlackHat-USA-2010-Ryan-Getting-In-Bed-With-Robin-Sage-v1.0.pdf", "https://attack.mitre.org/techniques/T1342", - "https://www.securityweek.com/iranian-hackers-targeted-us-officials-elaborate-social-media-attack-operation", - "http://media.blackhat.com/bh-us-10/whitepapers/Ryan/BlackHat-USA-2010-Ryan-Getting-In-Bed-With-Robin-Sage-v1.0.pdf" + "https://www.securityweek.com/iranian-hackers-targeted-us-officials-elaborate-social-media-attack-operation" ] }, "uuid": "271e6d40-e191-421a-8f87-a8102452c201", @@ -1260,8 +1260,8 @@ "mitre-pre-attack:compromise" ], "refs": [ - "https://attack.mitre.org/techniques/T1386", - "https://arstechnica.com/tech-policy/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack/" + "https://arstechnica.com/tech-policy/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack/", + "https://attack.mitre.org/techniques/T1386" ] }, "uuid": "0440f60f-9056-4791-a740-8eae96eb61fa", @@ -1325,8 +1325,8 @@ "https://attack.mitre.org/techniques/T1398", "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-26.html", "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-27.html", - "https://www2.samsungknox.com/en/faq/what-knox-warranty-bit-and-how-it-triggered", - "https://www.apple.com/business/docs/iOS_Security_Guide.pdf" + "https://www.apple.com/business/docs/iOS_Security_Guide.pdf", + "https://www2.samsungknox.com/en/faq/what-knox-warranty-bit-and-how-it-triggered" ] }, "uuid": "46d818a5-67fa-4585-a7fc-ecf15376c8d5", @@ -1344,12 +1344,12 @@ "iOS" ], "refs": [ - "https://attack.mitre.org/techniques/T1458", - "https://pages.nist.gov/mobile-threat-catalogue/physical-threats/PHY-1.html", "http://krebsonsecurity.com/2011/08/beware-of-juice-jacking/", - "https://media.blackhat.com/us-13/US-13-Lau-Mactans-Injecting-Malware-into-iOS-Devices-via-Malicious-Chargers-WP.pdf", - "https://securityintelligence.com/android-vulnerabilities-attacking-nexus-6-and-6p-custom-boot-modes/", + "https://attack.mitre.org/techniques/T1458", "https://googleprojectzero.blogspot.com/2018/09/oatmeal-on-universal-cereal-bus.html", + "https://media.blackhat.com/us-13/US-13-Lau-Mactans-Injecting-Malware-into-iOS-Devices-via-Malicious-Chargers-WP.pdf", + "https://pages.nist.gov/mobile-threat-catalogue/physical-threats/PHY-1.html", + "https://securityintelligence.com/android-vulnerabilities-attacking-nexus-6-and-6p-custom-boot-modes/", "https://www.computerworld.com/article/3268729/apple-ios/two-vendors-now-sell-iphone-cracking-technology-and-police-are-buying.html" ] }, @@ -1369,12 +1369,12 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1476", + "https://blog.trendmicro.com/trendlabs-security-intelligence/flappy-bird-and-third-party-app-stores/", + "https://blog.trendmicro.com/trendlabs-security-intelligence/user-beware-rooting-malware-found-in-3rd-party-app-stores/", "https://pages.nist.gov/mobile-threat-catalogue/authentication-threats/AUT-9.html", "https://pages.nist.gov/mobile-threat-catalogue/ecosystem-threats/ECO-13.html", "https://pages.nist.gov/mobile-threat-catalogue/ecosystem-threats/ECO-21.html", "https://www.ibtimes.co.uk/danger-lurks-third-party-android-app-stores-1544861", - "https://blog.trendmicro.com/trendlabs-security-intelligence/user-beware-rooting-malware-found-in-3rd-party-app-stores/", - "https://blog.trendmicro.com/trendlabs-security-intelligence/flappy-bird-and-third-party-app-stores/", "https://www.welivesecurity.com/2018/12/11/android-trojan-steals-money-paypal-accounts-2fa/" ] }, @@ -1404,9 +1404,9 @@ "mitre-attack:collection" ], "mitre_data_sources": [ - "Service: Service Creation", - "Network Traffic: Network Traffic Flow", "Network Traffic: Network Traffic Content", + "Network Traffic: Network Traffic Flow", + "Service: Service Creation", "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ @@ -1414,15 +1414,15 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1557/001", - "https://en.wikipedia.org/wiki/Link-Local_Multicast_Name_Resolution", - "https://technet.microsoft.com/library/cc958811.aspx", - "https://byt3bl33d3r.github.io/practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-5-minutes.html", "https://blog.secureideas.com/2018/04/ever-run-a-relay-why-smb-relays-should-be-on-your-mind.html", - "https://github.com/nomex/nbnspoof", - "https://www.rapid7.com/db/modules/auxiliary/spoof/llmnr/llmnr_response", + "https://byt3bl33d3r.github.io/practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-5-minutes.html", + "https://en.wikipedia.org/wiki/Link-Local_Multicast_Name_Resolution", + "https://github.com/Kevin-Robertson/Conveigh", "https://github.com/SpiderLabs/Responder", - "https://www.sternsecurity.com/blog/local-network-attacks-llmnr-and-nbt-ns-poisoning", - "https://github.com/Kevin-Robertson/Conveigh" + "https://github.com/nomex/nbnspoof", + "https://technet.microsoft.com/library/cc958811.aspx", + "https://www.rapid7.com/db/modules/auxiliary/spoof/llmnr/llmnr_response", + "https://www.sternsecurity.com/blog/local-network-attacks-llmnr-and-nbt-ns-poisoning" ] }, "related": [ @@ -1442,10 +1442,10 @@ "mitre-attack:exfiltration" ], "mitre_data_sources": [ - "Network Traffic: Network Connection Creation", - "Network Traffic: Network Traffic Content", "Command: Command Execution", "File: File Access", + "Network Traffic: Network Connection Creation", + "Network Traffic: Network Traffic Content", "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ @@ -1454,8 +1454,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1048/003", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/techniques/T1048/003" ] }, "related": [ @@ -1476,8 +1476,8 @@ ], "mitre_data_sources": [ "File: File Metadata", - "Process: Process Metadata", - "Image: Image Metadata" + "Image: Image Metadata", + "Process: Process Metadata" ], "mitre_platforms": [ "Linux", @@ -1486,11 +1486,11 @@ "Containers" ], "refs": [ + "http://pages.endgame.com/rs/627-YBU-612/images/EndgameJournal_The%20Masquerade%20Ball_Pages_R2.pdf", "https://attack.mitre.org/techniques/T1036/005", "https://capec.mitre.org/data/definitions/177.html", - "http://pages.endgame.com/rs/627-YBU-612/images/EndgameJournal_The%20Masquerade%20Ball_Pages_R2.pdf", - "https://twitter.com/ItsReallyNick/status/1055321652777619457", - "https://docs.docker.com/engine/reference/commandline/images/" + "https://docs.docker.com/engine/reference/commandline/images/", + "https://twitter.com/ItsReallyNick/status/1055321652777619457" ] }, "related": [ @@ -1510,10 +1510,10 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "Windows Registry: Windows Registry Key Modification", + "Command: Command Execution", "Firewall: Firewall Disable", "Firewall: Firewall Rule Modification", - "Command: Command Execution" + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Linux", @@ -1569,24 +1569,24 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ + "File: File Modification", "Module: Module Load", - "Windows Registry: Windows Registry Key Modification", - "File: File Modification" + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Windows" ], "refs": [ + "http://www.entrust.net/knowledge-base/technote.cfm?tn=8165", "https://attack.mitre.org/techniques/T1553/003", - "https://msdn.microsoft.com/library/ms537359.aspx", - "https://msdn.microsoft.com/library/windows/desktop/aa388208.aspx", - "https://specterops.io/assets/resources/SpecterOps_Subverting_Trust_in_Windows.pdf", "https://blogs.technet.microsoft.com/eduardonavarro/2008/07/11/sips-subject-interface-package-and-authenticode/", + "https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd941614(v=ws.10)", + "https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn311461(v=ws.11)", "https://docs.microsoft.com/windows-hardware/drivers/install/catalog-files", "https://github.com/mattifestation/PoCSubjectInterfacePackage", - "http://www.entrust.net/knowledge-base/technote.cfm?tn=8165", - "https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn311461(v=ws.11)", - "https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd941614(v=ws.10)" + "https://msdn.microsoft.com/library/ms537359.aspx", + "https://msdn.microsoft.com/library/windows/desktop/aa388208.aspx", + "https://specterops.io/assets/resources/SpecterOps_Subverting_Trust_in_Windows.pdf" ] }, "related": [ @@ -1608,23 +1608,23 @@ ], "mitre_data_sources": [ "Command: Command Execution", - "WMI: WMI Creation", - "Process: Process Creation" + "Process: Process Creation", + "WMI: WMI Creation" ], "mitre_platforms": [ "Windows" ], "refs": [ "https://attack.mitre.org/techniques/T1546/003", - "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-windows-management-instrumentation.pdf", - "https://www.secureworks.com/blog/wmi-persistence", - "https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/sans-dfir-2015.pdf", - "https://medium.com/threatpunter/detecting-removing-wmi-persistence-60ccbb7dff96", - "https://www.elastic.co/blog/hunting-for-persistence-using-elastic-security-part-1", - "https://www2.fireeye.com/rs/fireye/images/rpt-m-trends-2015.pdf", "https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/register-wmievent?view=powershell-5.1", + "https://docs.microsoft.com/en-us/windows/win32/wmisdk/managed-object-format--mof-", + "https://medium.com/threatpunter/detecting-removing-wmi-persistence-60ccbb7dff96", "https://technet.microsoft.com/en-us/sysinternals/bb963902", - "https://docs.microsoft.com/en-us/windows/win32/wmisdk/managed-object-format--mof-" + "https://www.elastic.co/blog/hunting-for-persistence-using-elastic-security-part-1", + "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-windows-management-instrumentation.pdf", + "https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/sans-dfir-2015.pdf", + "https://www.secureworks.com/blog/wmi-persistence", + "https://www2.fireeye.com/rs/fireye/images/rpt-m-trends-2015.pdf" ] }, "related": [ @@ -1646,10 +1646,10 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "Process: Process Creation", "File: File Creation", "File: File Modification", "Module: Module Load", + "Process: Process Creation", "Service: Service Metadata" ], "mitre_platforms": [ @@ -1657,8 +1657,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1574/005", - "https://www.mozilla.org/en-US/security/advisories/mfsa2012-98/", - "https://seclists.org/fulldisclosure/2015/Dec/34" + "https://seclists.org/fulldisclosure/2015/Dec/34", + "https://www.mozilla.org/en-US/security/advisories/mfsa2012-98/" ] }, "related": [ @@ -1680,9 +1680,9 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "Process: Process Creation", + "File: File Creation", "File: File Modification", - "File: File Creation" + "Process: Process Creation" ], "mitre_platforms": [ "Windows" @@ -1714,20 +1714,20 @@ "mitre-attack:persistence" ], "mitre_data_sources": [ - "Process: Process Creation", "Command: Command Execution", + "Process: Process Creation", "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Windows" ], "refs": [ + "http://blog.crowdstrike.com/registry-analysis-with-crowdresponse/", "https://attack.mitre.org/techniques/T1546/012", "https://blogs.msdn.microsoft.com/mithuns/2010/03/24/image-file-execution-options-ifeo/", "https://docs.microsoft.com/windows-hardware/drivers/debugger/gflags-overview", "https://docs.microsoft.com/windows-hardware/drivers/debugger/registry-entries-for-silent-process-exit", "https://oddvar.moe/2018/04/10/persistence-using-globalflags-in-image-file-execution-options-hidden-from-autoruns-exe/", - "http://blog.crowdstrike.com/registry-analysis-with-crowdresponse/", "https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process", "https://www.f-secure.com/v-descs/backdoor_w32_hupigon_emv.shtml", "https://www.symantec.com/security_response/writeup.jsp?docid=2008-062807-2501-99&tabid=2" @@ -1750,9 +1750,9 @@ "mitre-pre-attack:persona-development" ], "refs": [ + "http://media.blackhat.com/bh-us-10/whitepapers/Ryan/BlackHat-USA-2010-Ryan-Getting-In-Bed-With-Robin-Sage-v1.0.pdf", "https://attack.mitre.org/techniques/T1344", - "https://www.securityweek.com/iranian-hackers-targeted-us-officials-elaborate-social-media-attack-operation", - "http://media.blackhat.com/bh-us-10/whitepapers/Ryan/BlackHat-USA-2010-Ryan-Getting-In-Bed-With-Robin-Sage-v1.0.pdf" + "https://www.securityweek.com/iranian-hackers-targeted-us-officials-elaborate-social-media-attack-operation" ] }, "related": [ @@ -1775,8 +1775,8 @@ "mitre-pre-attack:stage-capabilities" ], "refs": [ - "https://attack.mitre.org/techniques/T1364", - "http://media.blackhat.com/bh-us-10/whitepapers/Ryan/BlackHat-USA-2010-Ryan-Getting-In-Bed-With-Robin-Sage-v1.0.pdf" + "http://media.blackhat.com/bh-us-10/whitepapers/Ryan/BlackHat-USA-2010-Ryan-Getting-In-Bed-With-Robin-Sage-v1.0.pdf", + "https://attack.mitre.org/techniques/T1364" ] }, "related": [ @@ -1890,14 +1890,14 @@ }, "related": [ { - "dest-uuid": "c721b235-679a-4d76-9ae9-e08921fccf84", + "dest-uuid": "7718e92f-b011-4f88-b822-ae245a1de407", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "related-to" }, { - "dest-uuid": "7718e92f-b011-4f88-b822-ae245a1de407", + "dest-uuid": "c721b235-679a-4d76-9ae9-e08921fccf84", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1950,14 +1950,14 @@ }, "related": [ { - "dest-uuid": "96eb59d1-6c46-44bb-bfcd-56be02a00d41", + "dest-uuid": "092f05e3-f7c0-4cd2-91be-3a8d6ed3cadc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "related-to" }, { - "dest-uuid": "092f05e3-f7c0-4cd2-91be-3a8d6ed3cadc", + "dest-uuid": "96eb59d1-6c46-44bb-bfcd-56be02a00d41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1975,11 +1975,11 @@ "mitre-attack:exfiltration" ], "mitre_data_sources": [ - "Network Traffic: Network Traffic Content", "Command: Command Execution", - "Network Traffic: Network Traffic Flow", + "File: File Access", "Network Traffic: Network Connection Creation", - "File: File Access" + "Network Traffic: Network Traffic Content", + "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ "Linux", @@ -2066,11 +2066,11 @@ "refs": [ "https://attack.mitre.org/techniques/T1530", "https://aws.amazon.com/premiumsupport/knowledge-center/secure-s3-resources/", - "https://docs.microsoft.com/en-us/azure/storage/common/storage-security-guide", "https://cloud.google.com/storage/docs/best-practices", + "https://docs.microsoft.com/en-us/azure/storage/common/storage-security-guide", + "https://www.hipaajournal.com/47gb-medical-records-unsecured-amazon-s3-bucket/", "https://www.trendmicro.com/vinfo/us/security/news/virtualization-and-cloud/a-misconfigured-amazon-s3-exposed-almost-50-thousand-pii-in-australia", - "https://www.wired.com/story/magecart-amazon-cloud-hacks/", - "https://www.hipaajournal.com/47gb-medical-records-unsecured-amazon-s3-bucket/" + "https://www.wired.com/story/magecart-amazon-cloud-hacks/" ] }, "uuid": "3298ce88-1628-43b1-87d9-0b5336b193d7", @@ -2085,12 +2085,12 @@ "mitre-attack:privilege-escalation" ], "mitre_data_sources": [ - "Windows Registry: Windows Registry Key Creation", "Active Directory: Active Directory Object Modification", "Command: Command Execution", "File: File Creation", "File: File Modification", - "Process: Process Creation" + "Process: Process Creation", + "Windows Registry: Windows Registry Key Creation" ], "mitre_platforms": [ "macOS", @@ -2113,8 +2113,8 @@ "mitre-attack:collection" ], "mitre_data_sources": [ - "File: File Access", "Command: Command Execution", + "File: File Access", "Network Share: Network Share Access" ], "mitre_platforms": [ @@ -2143,10 +2143,10 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1407", - "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-20.html", - "https://www.internetsociety.org/sites/default/files/10_5_0.pdf", "https://labs.bromium.com/2014/07/31/remote-code-execution-on-android-devices/", + "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-20.html", "https://www.fireeye.com/blog/threat-research/2016/01/hot_or_not_the_bene.html", + "https://www.internetsociety.org/sites/default/files/10_5_0.pdf", "https://www.usenix.org/conference/usenixsecurity13/technical-sessions/presentation/wang_tielei" ] }, @@ -2166,11 +2166,11 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1084", - "https://www.secureworks.com/blog/wmi-persistence", - "https://www.defcon.org/images/defcon-22/dc-22-presentations/Kazanciyan-Hastings/DEFCON-22-Ryan-Kazanciyan-Matt-Hastings-Investigating-Powershell-Attacks.pdf", - "https://www2.fireeye.com/rs/fireye/images/rpt-m-trends-2015.pdf", + "https://medium.com/threatpunter/detecting-removing-wmi-persistence-60ccbb7dff96", "https://technet.microsoft.com/en-us/sysinternals/bb963902", - "https://medium.com/threatpunter/detecting-removing-wmi-persistence-60ccbb7dff96" + "https://www.defcon.org/images/defcon-22/dc-22-presentations/Kazanciyan-Hastings/DEFCON-22-Ryan-Kazanciyan-Matt-Hastings-Investigating-Powershell-Attacks.pdf", + "https://www.secureworks.com/blog/wmi-persistence", + "https://www2.fireeye.com/rs/fireye/images/rpt-m-trends-2015.pdf" ] }, "related": [ @@ -2199,8 +2199,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1094", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/techniques/T1094" ] }, "related": [ @@ -2223,17 +2223,17 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "Process: Process Creation", - "Command: Command Execution" + "Command: Command Execution", + "Process: Process Creation" ], "mitre_platforms": [ "Windows" ], "refs": [ + "http://www.exploit-monday.com/2016/08/windbg-cdb-shellcode-runner.html", "https://attack.mitre.org/techniques/T1127", "https://enigma0x3.net/2016/11/17/bypassing-application-whitelisting-by-using-dnx-exe/", "https://enigma0x3.net/2016/11/21/bypassing-application-whitelisting-by-using-rcsi-exe/", - "http://www.exploit-monday.com/2016/08/windbg-cdb-shellcode-runner.html", "https://lolbas-project.github.io/lolbas/OtherMSBinaries/Tracker/" ] }, @@ -2309,16 +2309,16 @@ "Windows" ], "refs": [ + "http://www.entrust.net/knowledge-base/technote.cfm?tn=8165", "https://attack.mitre.org/techniques/T1198", - "https://msdn.microsoft.com/library/ms537359.aspx", - "https://msdn.microsoft.com/library/windows/desktop/aa388208.aspx", - "https://specterops.io/assets/resources/SpecterOps_Subverting_Trust_in_Windows.pdf", "https://blogs.technet.microsoft.com/eduardonavarro/2008/07/11/sips-subject-interface-package-and-authenticode/", + "https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd941614(v=ws.10)", + "https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn311461(v=ws.11)", "https://docs.microsoft.com/windows-hardware/drivers/install/catalog-files", "https://github.com/mattifestation/PoCSubjectInterfacePackage", - "http://www.entrust.net/knowledge-base/technote.cfm?tn=8165", - "https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn311461(v=ws.11)", - "https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd941614(v=ws.10)" + "https://msdn.microsoft.com/library/ms537359.aspx", + "https://msdn.microsoft.com/library/windows/desktop/aa388208.aspx", + "https://specterops.io/assets/resources/SpecterOps_Subverting_Trust_in_Windows.pdf" ] }, "related": [ @@ -2343,8 +2343,8 @@ "mitre_data_sources": [ "Active Directory: Active Directory Object Modification", "Command: Command Execution", - "Process: Process Creation", - "File: File Metadata" + "File: File Metadata", + "Process: Process Creation" ], "mitre_platforms": [ "Linux", @@ -2353,9 +2353,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1222", - "https://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100", + "https://www.eventtracker.com/tech-articles/monitoring-file-permission-changes-windows-security-log/", "https://www.hybrid-analysis.com/sample/22dab012c3e20e3d9291bce14a2bfc448036d3b966c6e78167f4626f5f9e38d6?environmentId=110", - "https://www.eventtracker.com/tech-articles/monitoring-file-permission-changes-windows-security-log/" + "https://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100" ] }, "uuid": "65917ae0-b854-4139-83fe-bf2441cf0196", @@ -2437,10 +2437,10 @@ "Android" ], "refs": [ - "https://attack.mitre.org/techniques/T1427", - "https://pages.nist.gov/mobile-threat-catalogue/physical-threats/PHY-2.html", + "http://arstechnica.com/security/2016/11/meet-poisontap-the-5-tool-that-ransacks-password-protected-computers/", "http://dl.acm.org/citation.cfm?id=1920314", - "http://arstechnica.com/security/2016/11/meet-poisontap-the-5-tool-that-ransacks-password-protected-computers/" + "https://attack.mitre.org/techniques/T1427", + "https://pages.nist.gov/mobile-threat-catalogue/physical-threats/PHY-2.html" ] }, "uuid": "a0464539-e1b7-4455-a355-12495987c300", @@ -2487,14 +2487,14 @@ }, "related": [ { - "dest-uuid": "7baccb84-356c-4e89-8c5d-58e701f033fc", + "dest-uuid": "092f05e3-f7c0-4cd2-91be-3a8d6ed3cadc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "related-to" }, { - "dest-uuid": "092f05e3-f7c0-4cd2-91be-3a8d6ed3cadc", + "dest-uuid": "7baccb84-356c-4e89-8c5d-58e701f033fc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2531,14 +2531,14 @@ }, "related": [ { - "dest-uuid": "96eb59d1-6c46-44bb-bfcd-56be02a00d41", + "dest-uuid": "7baccb84-356c-4e89-8c5d-58e701f033fc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "related-to" }, { - "dest-uuid": "7baccb84-356c-4e89-8c5d-58e701f033fc", + "dest-uuid": "96eb59d1-6c46-44bb-bfcd-56be02a00d41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2635,16 +2635,16 @@ "mitre-attack:privilege-escalation" ], "mitre_data_sources": [ - "Windows Registry: Windows Registry Key Creation", - "Service: Service Creation", - "Service: Service Modification", "Command: Command Execution", - "File: File Creation", "Driver: Driver Load", + "File: File Creation", + "File: File Modification", "Process: OS API Execution", "Process: Process Creation", - "Windows Registry: Windows Registry Key Modification", - "File: File Modification" + "Service: Service Creation", + "Service: Service Modification", + "Windows Registry: Windows Registry Key Creation", + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Windows", @@ -2702,9 +2702,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1439", + "https://experts.illinois.edu/en/publications/security-concerns-in-android-mhealth-apps", "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-0.html", - "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-1.html", - "https://experts.illinois.edu/en/publications/security-concerns-in-android-mhealth-apps" + "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-1.html" ] }, "uuid": "393e8c12-a416-4575-ba90-19cc85656796", @@ -2732,12 +2732,12 @@ "mitre-attack:exfiltration" ], "mitre_data_sources": [ - "Snapshot: Snapshot Creation", + "Cloud Storage: Cloud Storage Creation", "Cloud Storage: Cloud Storage Metadata", "Cloud Storage: Cloud Storage Modification", - "Snapshot: Snapshot Modification", - "Cloud Storage: Cloud Storage Creation", - "Snapshot: Snapshot Metadata" + "Snapshot: Snapshot Creation", + "Snapshot: Snapshot Metadata", + "Snapshot: Snapshot Modification" ], "mitre_platforms": [ "IaaS" @@ -2745,8 +2745,8 @@ "refs": [ "https://attack.mitre.org/techniques/T1537", "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modifying-snapshot-permissions.html", - "https://docs.microsoft.com/en-us/rest/api/storageservices/delegate-access-with-shared-access-signature", "https://docs.microsoft.com/en-us/azure/storage/blobs/snapshots-overview", + "https://docs.microsoft.com/en-us/rest/api/storageservices/delegate-access-with-shared-access-signature", "https://www.justice.gov/file/1080281/download" ] }, @@ -2835,16 +2835,16 @@ "iOS" ], "refs": [ + "http://csrc.nist.gov/publications/drafts/800-187/sp800_187_draft.pdf", + "https://arstechnica.com/tech-policy/2016/03/man-accused-of-jamming-passengers-cell-phones-on-chicago-subway/", "https://attack.mitre.org/techniques/T1464", "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-7.html", "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-8.html", - "https://pages.nist.gov/mobile-threat-catalogue/lan-pan-threats/LPN-5.html", "https://pages.nist.gov/mobile-threat-catalogue/gps-threats/GPS-0.html", - "http://csrc.nist.gov/publications/drafts/800-187/sp800_187_draft.pdf", + "https://pages.nist.gov/mobile-threat-catalogue/lan-pan-threats/LPN-5.html", "https://www.cnet.com/news/man-put-cell-phone-jammer-in-car-to-stop-driver-calls-fcc-says/", - "https://www.nytimes.com/2007/11/04/technology/04jammer.html", "https://www.digitaltrends.com/mobile/florida-teacher-punished-after-signal-jamming-his-students-cell-phones/", - "https://arstechnica.com/tech-policy/2016/03/man-accused-of-jamming-passengers-cell-phones-on-chicago-subway/" + "https://www.nytimes.com/2007/11/04/technology/04jammer.html" ] }, "uuid": "d2e112dc-f6d4-488d-b8df-ecbfb57a0a2d", @@ -2859,13 +2859,13 @@ "mitre-attack:privilege-escalation" ], "mitre_data_sources": [ - "Process: OS API Execution", "Command: Command Execution", - "File: File Modification", + "Driver: Driver Load", "File: File Creation", + "File: File Modification", "Kernel: Kernel Module Load", "Module: Module Load", - "Driver: Driver Load", + "Process: OS API Execution", "Process: Process Creation", "Windows Registry: Windows Registry Key Creation", "Windows Registry: Windows Registry Key Modification" @@ -2876,14 +2876,14 @@ "Windows" ], "refs": [ + "http://msdn.microsoft.com/en-us/library/aa376977", "https://attack.mitre.org/techniques/T1547", "https://blog.cylance.com/windows-registry-persistence-part-2-the-run-keys-and-search-order", + "https://capec.mitre.org/data/definitions/564.html", "https://msdn.microsoft.com/library/windows/desktop/aa374733.aspx", - "http://msdn.microsoft.com/en-us/library/aa376977", "https://msdn.microsoft.com/library/windows/desktop/ms725475.aspx", - "https://www.tldp.org/LDP/lkmpg/2.4/lkmpg.pdf", "https://technet.microsoft.com/en-us/sysinternals/bb963902", - "https://capec.mitre.org/data/definitions/564.html" + "https://www.tldp.org/LDP/lkmpg/2.4/lkmpg.pdf" ] }, "uuid": "1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf", @@ -2902,9 +2902,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1468", + "https://krebsonsecurity.com/2018/05/tracking-firm-locationsmart-leaked-location-data-for-customers-of-all-major-u-s-mobile-carriers-in-real-time-via-its-web-site/", "https://pages.nist.gov/mobile-threat-catalogue/ecosystem-threats/ECO-5.html", - "https://pages.nist.gov/mobile-threat-catalogue/emm-threats/EMM-7.html", - "https://krebsonsecurity.com/2018/05/tracking-firm-locationsmart-leaked-location-data-for-customers-of-all-major-u-s-mobile-carriers-in-real-time-via-its-web-site/" + "https://pages.nist.gov/mobile-threat-catalogue/emm-threats/EMM-7.html" ] }, "uuid": "6f86d346-f092-4abc-80df-8558a90c426a", @@ -2945,9 +2945,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1478", + "https://blog.talosintelligence.com/2018/07/Mobile-Malware-Campaign-uses-Malicious-MDM.html", "https://pages.nist.gov/mobile-threat-catalogue/stack-threats/STA-7.html", - "https://www.symantec.com/connect/blogs/malicious-profiles-sleeping-giant-ios-security", - "https://blog.talosintelligence.com/2018/07/Mobile-Malware-Campaign-uses-Malicious-MDM.html" + "https://www.symantec.com/connect/blogs/malicious-profiles-sleeping-giant-ios-security" ] }, "uuid": "cde2cb84-455e-410c-8aa9-086f2788bcd2", @@ -2961,10 +2961,10 @@ "mitre-attack:credential-access" ], "mitre_data_sources": [ - "File: File Access", "Active Directory: Active Directory Credential Request", - "Logon Session: Logon Session Metadata", - "Command: Command Execution" + "Command: Command Execution", + "File: File Access", + "Logon Session: Logon Session Metadata" ], "mitre_platforms": [ "Windows", @@ -2972,23 +2972,23 @@ "macOS" ], "refs": [ - "https://attack.mitre.org/techniques/T1558", - "https://capec.mitre.org/data/definitions/652.html", - "https://adsecurity.org/?p=227", - "https://docs.microsoft.com/windows-server/administration/windows-commands/klist", - "https://web.mit.edu/kerberos/krb5-1.12/doc/basic/ccache_def.html", - "https://www.fireeye.com/blog/threat-research/2020/04/kerberos-tickets-on-linux-red-teams.html", - "https://labs.portcullis.co.uk/download/eu-18-Wadhwa-Brown-Where-2-worlds-collide-Bringing-Mimikatz-et-al-to-UNIX.pdf", - "https://github.com/gentilkiwi/kekeo", - "https://posts.specterops.io/when-kirbi-walks-the-bifrost-4c727807744f", "http://web.mit.edu/macdev/KfM/Common/Documentation/preferences.html", "https://adsecurity.org/?p=1515", - "https://blog.stealthbits.com/detect-pass-the-ticket-attacks", - "https://cert.europa.eu/static/WhitePapers/UPDATED%20-%20CERT-EU_Security_Whitepaper_2014-007_Kerberos_Golden_Ticket_Protection_v1_4.pdf", - "https://gallery.technet.microsoft.com/scriptcenter/Kerberos-Golden-Ticket-b4814285", - "https://blogs.technet.microsoft.com/motiba/2018/02/23/detecting-kerberoasting-activity-using-azure-security-center/", + "https://adsecurity.org/?p=227", "https://adsecurity.org/?p=2293", - "https://medium.com/threatpunter/detecting-attempts-to-steal-passwords-from-memory-558f16dce4ea" + "https://attack.mitre.org/techniques/T1558", + "https://blog.stealthbits.com/detect-pass-the-ticket-attacks", + "https://blogs.technet.microsoft.com/motiba/2018/02/23/detecting-kerberoasting-activity-using-azure-security-center/", + "https://capec.mitre.org/data/definitions/652.html", + "https://cert.europa.eu/static/WhitePapers/UPDATED%20-%20CERT-EU_Security_Whitepaper_2014-007_Kerberos_Golden_Ticket_Protection_v1_4.pdf", + "https://docs.microsoft.com/windows-server/administration/windows-commands/klist", + "https://gallery.technet.microsoft.com/scriptcenter/Kerberos-Golden-Ticket-b4814285", + "https://github.com/gentilkiwi/kekeo", + "https://labs.portcullis.co.uk/download/eu-18-Wadhwa-Brown-Where-2-worlds-collide-Bringing-Mimikatz-et-al-to-UNIX.pdf", + "https://medium.com/threatpunter/detecting-attempts-to-steal-passwords-from-memory-558f16dce4ea", + "https://posts.specterops.io/when-kirbi-walks-the-bifrost-4c727807744f", + "https://web.mit.edu/kerberos/krb5-1.12/doc/basic/ccache_def.html", + "https://www.fireeye.com/blog/threat-research/2020/04/kerberos-tickets-on-linux-red-teams.html" ] }, "uuid": "3fc01293-ef5e-41c6-86ce-61f10706b64a", @@ -3049,15 +3049,15 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1171", - "https://en.wikipedia.org/wiki/Link-Local_Multicast_Name_Resolution", - "https://technet.microsoft.com/library/cc958811.aspx", - "https://byt3bl33d3r.github.io/practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-5-minutes.html", "https://blog.secureideas.com/2018/04/ever-run-a-relay-why-smb-relays-should-be-on-your-mind.html", - "https://github.com/nomex/nbnspoof", - "https://www.rapid7.com/db/modules/auxiliary/spoof/llmnr/llmnr_response", + "https://byt3bl33d3r.github.io/practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-5-minutes.html", + "https://en.wikipedia.org/wiki/Link-Local_Multicast_Name_Resolution", + "https://github.com/Kevin-Robertson/Conveigh", "https://github.com/SpiderLabs/Responder", - "https://www.sternsecurity.com/blog/local-network-attacks-llmnr-and-nbt-ns-poisoning", - "https://github.com/Kevin-Robertson/Conveigh" + "https://github.com/nomex/nbnspoof", + "https://technet.microsoft.com/library/cc958811.aspx", + "https://www.rapid7.com/db/modules/auxiliary/spoof/llmnr/llmnr_response", + "https://www.sternsecurity.com/blog/local-network-attacks-llmnr-and-nbt-ns-poisoning" ] }, "related": [ @@ -3094,10 +3094,10 @@ "mitre-attack:credential-access" ], "mitre_data_sources": [ - "User Account: User Account Authentication", "Application Log: Application Log Content", + "Logon Session: Logon Session Creation", "Logon Session: Logon Session Metadata", - "Logon Session: Logon Session Creation" + "User Account: User Account Authentication" ], "mitre_platforms": [ "Windows", @@ -3111,8 +3111,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1621", - "https://therecord.media/russian-hackers-bypass-2fa-by-annoying-victims-with-repeated-push-notifications/", "https://portswigger.net/daily-swig/mfa-fatigue-attacks-users-tricked-into-allowing-device-access-due-to-overload-of-push-notifications", + "https://therecord.media/russian-hackers-bypass-2fa-by-annoying-victims-with-repeated-push-notifications/", "https://www.mandiant.com/resources/russian-targeting-gov-business" ] }, @@ -3131,10 +3131,10 @@ "iOS" ], "refs": [ - "https://attack.mitre.org/techniques/T1465", - "https://pages.nist.gov/mobile-threat-catalogue/lan-pan-threats/LPN-0.html", "http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-153.pdf", - "https://blog.kaspersky.com/darkhotel-apt/6613/" + "https://attack.mitre.org/techniques/T1465", + "https://blog.kaspersky.com/darkhotel-apt/6613/", + "https://pages.nist.gov/mobile-threat-catalogue/lan-pan-threats/LPN-0.html" ] }, "uuid": "633baf01-6de4-4963-bb54-ff6c6357bed3", @@ -3148,9 +3148,9 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "Process: OS API Execution", + "Command: Command Execution", "File: File Deletion", - "Command: Command Execution" + "Process: OS API Execution" ], "mitre_platforms": [ "Windows" @@ -3158,8 +3158,8 @@ "refs": [ "https://attack.mitre.org/techniques/T1070/001", "https://docs.microsoft.com/powershell/module/microsoft.powershell.management/clear-eventlog", - "https://msdn.microsoft.com/library/system.diagnostics.eventlog.clear.aspx", - "https://docs.microsoft.com/windows-server/administration/windows-commands/wevtutil" + "https://docs.microsoft.com/windows-server/administration/windows-commands/wevtutil", + "https://msdn.microsoft.com/library/system.diagnostics.eventlog.clear.aspx" ] }, "related": [ @@ -3179,8 +3179,8 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "Network Traffic: Network Traffic Content", "Command: Command Execution", + "Network Traffic: Network Traffic Content", "Process: Process Creation", "User Account: User Account Authentication" ], @@ -3210,24 +3210,24 @@ ], "mitre_data_sources": [ "Module: Module Load", - "Process: Process Creation", - "Network Traffic: Network Connection Creation" + "Network Traffic: Network Connection Creation", + "Process: Process Creation" ], "mitre_platforms": [ "Windows" ], "refs": [ "https://attack.mitre.org/techniques/T1021/003", - "https://www.fireeye.com/blog/threat-research/2019/06/hunting-com-objects.html", - "https://msdn.microsoft.com/library/windows/desktop/ms680573.aspx", - "https://msdn.microsoft.com/en-us/library/windows/desktop/ms687317(v=vs.85).aspx", "https://docs.microsoft.com/en-us/windows/desktop/com/dcom-security-enhancements-in-windows-xp-service-pack-2-and-windows-server-2003-service-pack-1", - "https://enigma0x3.net/2017/11/16/lateral-movement-using-outlooks-createobject-method-and-dotnettojscript/", "https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/", "https://enigma0x3.net/2017/01/23/lateral-movement-via-dcom-round-2/", "https://enigma0x3.net/2017/09/11/lateral-movement-using-excel-application-and-dcom/", + "https://enigma0x3.net/2017/11/16/lateral-movement-using-outlooks-createobject-method-and-dotnettojscript/", + "https://msdn.microsoft.com/en-us/library/aa394582.aspx", + "https://msdn.microsoft.com/en-us/library/windows/desktop/ms687317(v=vs.85).aspx", + "https://msdn.microsoft.com/library/windows/desktop/ms680573.aspx", "https://www.cybereason.com/blog/leveraging-excel-dde-for-lateral-movement-via-dcom", - "https://msdn.microsoft.com/en-us/library/aa394582.aspx" + "https://www.fireeye.com/blog/threat-research/2019/06/hunting-com-objects.html" ] }, "related": [ @@ -3255,8 +3255,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1602/002", - "https://us-cert.cisa.gov/ncas/alerts/TA18-106A", "https://community.cisco.com/t5/security-blogs/attackers-continue-to-target-legacy-devices/ba-p/4169954", + "https://us-cert.cisa.gov/ncas/alerts/TA18-106A", "https://www.us-cert.gov/ncas/alerts/TA18-086A" ] }, @@ -3304,8 +3304,8 @@ ], "mitre_data_sources": [ "Application Log: Application Log Content", - "User Account: User Account Modification", - "Group: Group Modification" + "Group: Group Modification", + "User Account: User Account Modification" ], "mitre_platforms": [ "Windows", @@ -3314,13 +3314,13 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1098/002", - "https://www.slideshare.net/DouglasBienstock/shmoocon-2019-becs-and-beyond-investigating-and-defending-office-365", - "https://www.crowdstrike.com/blog/hiding-in-plain-sight-using-the-office-365-activities-api-to-investigate-business-email-compromises/", + "https://docs.microsoft.com/en-us/powershell/module/exchange/mailboxes/add-mailboxpermission?view=exchange-ps", "https://googleblog.blogspot.com/2011/06/ensuring-your-information-is-safe.html", "https://support.google.com/a/answer/7223765?hl=en", + "https://www.crowdstrike.com/blog/hiding-in-plain-sight-using-the-office-365-activities-api-to-investigate-business-email-compromises/", + "https://www.fireeye.com/blog/threat-research/2021/01/remediation-and-hardening-strategies-for-microsoft-365-to-defend-against-unc2452.html", "https://www.fireeye.com/content/dam/collateral/en/mtrends-2018.pdf", - "https://docs.microsoft.com/en-us/powershell/module/exchange/mailboxes/add-mailboxpermission?view=exchange-ps", - "https://www.fireeye.com/blog/threat-research/2021/01/remediation-and-hardening-strategies-for-microsoft-365-to-defend-against-unc2452.html" + "https://www.slideshare.net/DouglasBienstock/shmoocon-2019-becs-and-beyond-investigating-and-defending-office-365" ] }, "related": [ @@ -3341,10 +3341,10 @@ ], "mitre_data_sources": [ "Command: Command Execution", - "Service: Service Metadata", - "Service: Service Creation", "Scheduled Job: Scheduled Job Metadata", - "Scheduled Job: Scheduled Job Modification" + "Scheduled Job: Scheduled Job Modification", + "Service: Service Creation", + "Service: Service Metadata" ], "mitre_platforms": [ "Windows", @@ -3352,11 +3352,11 @@ "macOS" ], "refs": [ + "http://researchcenter.paloaltonetworks.com/2016/11/unit42-shamoon-2-return-disttrack-wiper/", "https://attack.mitre.org/techniques/T1036/004", "https://technet.microsoft.com/en-us/library/bb490996.aspx", - "https://www.freedesktop.org/software/systemd/man/systemd.service.html", - "http://researchcenter.paloaltonetworks.com/2016/11/unit42-shamoon-2-return-disttrack-wiper/", - "https://vms.drweb.com/virus/?i=4276269" + "https://vms.drweb.com/virus/?i=4276269", + "https://www.freedesktop.org/software/systemd/man/systemd.service.html" ] }, "related": [ @@ -3385,8 +3385,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1560/003", - "http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf" + "http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf", + "https://attack.mitre.org/techniques/T1560/003" ] }, "related": [ @@ -3417,10 +3417,10 @@ "https://msdn.microsoft.com/library/windows/desktop/ms633574.aspx", "https://msdn.microsoft.com/library/windows/desktop/ms633584.aspx", "https://msdn.microsoft.com/library/windows/desktop/ms633591.aspx", + "https://msdn.microsoft.com/library/windows/desktop/ms644953.aspx", "https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process", "https://www.malwaretech.com/2013/08/powerloader-injection-something-truly.html", - "https://www.welivesecurity.com/2013/03/19/gapz-and-redyms-droppers-based-on-power-loader-code/", - "https://msdn.microsoft.com/library/windows/desktop/ms644953.aspx" + "https://www.welivesecurity.com/2013/03/19/gapz-and-redyms-droppers-based-on-power-loader-code/" ] }, "related": [ @@ -3441,8 +3441,8 @@ "mitre-attack:privilege-escalation" ], "mitre_data_sources": [ - "Process: OS API Execution", - "Command: Command Execution" + "Command: Command Execution", + "Process: OS API Execution" ], "mitre_platforms": [ "Windows" @@ -3470,9 +3470,9 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ + "Command: Command Execution", "Process: Process Termination", "Sensor Health: Host Status", - "Command: Command Execution", "Service: Service Metadata", "Windows Registry: Windows Registry Key Deletion", "Windows Registry: Windows Registry Key Modification" @@ -3600,12 +3600,12 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1546/001", - "https://support.microsoft.com/en-us/help/18539/windows-7-change-default-programs", "http://msdn.microsoft.com/en-us/library/bb166549.aspx", + "https://attack.mitre.org/techniques/T1546/001", + "https://capec.mitre.org/data/definitions/556.html", "https://docs.microsoft.com/windows-server/administration/windows-commands/assoc", - "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/troj_fakeav.gzd", - "https://capec.mitre.org/data/definitions/556.html" + "https://support.microsoft.com/en-us/help/18539/windows-7-change-default-programs", + "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/troj_fakeav.gzd" ] }, "related": [ @@ -3625,10 +3625,10 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "File: File Creation", - "Process: Process Creation", "Command: Command Execution", - "File: File Metadata" + "File: File Creation", + "File: File Metadata", + "Process: Process Creation" ], "mitre_platforms": [ "Windows", @@ -3637,8 +3637,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1564/001", - "https://researchcenter.paloaltonetworks.com/2016/09/unit42-sofacys-komplex-os-x-trojan/", "https://blog.malwarebytes.com/threat-analysis/2017/01/new-mac-backdoor-using-antiquated-code/", + "https://researchcenter.paloaltonetworks.com/2016/09/unit42-sofacys-komplex-os-x-trojan/", "https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/Unit_42/unit42-wirelurker.pdf" ] }, @@ -3671,14 +3671,14 @@ "refs": [ "https://attack.mitre.org/techniques/T1574/001", "https://capec.mitre.org/data/definitions/471.html", - "https://docs.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-search-order?redirectedfrom=MSDN", - "https://www.fireeye.com/blog/threat-research/2010/07/malware-persistence-windows-registry.html", - "https://www.owasp.org/index.php/Binary_planting", - "https://www.fireeye.com/blog/threat-research/2011/06/fxsst.html", "https://docs.microsoft.com/en-us/security-updates/securityadvisories/2010/2269637", "https://docs.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-redirection?redirectedfrom=MSDN", + "https://docs.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-search-order?redirectedfrom=MSDN", "https://msdn.microsoft.com/en-US/library/aa375365", - "https://www.fireeye.com/blog/threat-research/2010/08/dll-search-order-hijacking-revisited.html" + "https://www.fireeye.com/blog/threat-research/2010/07/malware-persistence-windows-registry.html", + "https://www.fireeye.com/blog/threat-research/2010/08/dll-search-order-hijacking-revisited.html", + "https://www.fireeye.com/blog/threat-research/2011/06/fxsst.html", + "https://www.owasp.org/index.php/Binary_planting" ] }, "related": [ @@ -3701,8 +3701,8 @@ ], "mitre_data_sources": [ "File: File Creation", - "Process: Process Creation", "File: File Modification", + "Process: Process Creation", "Service: Service Metadata" ], "mitre_platforms": [ @@ -3730,10 +3730,10 @@ "mitre-attack:exfiltration" ], "mitre_data_sources": [ - "Network Traffic: Network Traffic Flow", - "File: File Access", "Command: Command Execution", - "Network Traffic: Network Traffic Content" + "File: File Access", + "Network Traffic: Network Traffic Content", + "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ "Linux", @@ -3789,28 +3789,28 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "Windows Registry: Windows Registry Key Creation", - "Process: Process Creation", - "Sensor Health: Host Status", - "Command: Command Execution", "Application Log: Application Log Content", - "Script: Script Execution" + "Command: Command Execution", + "Process: Process Creation", + "Script: Script Execution", + "Sensor Health: Host Status", + "Windows Registry: Windows Registry Key Creation" ], "mitre_platforms": [ "Windows" ], "refs": [ "https://attack.mitre.org/techniques/T1562/002", - "https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/", - "https://www.coretechnologies.com/blog/windows-services/eventlog/", - "https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/audit-policy", - "https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings", - "https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/auditpol", "https://dmcxblue.gitbook.io/red-team-notes-2-0/red-team-techniques/defense-evasion/t1562-impair-defenses/disable-windows-event-logging", - "https://strontic.github.io/xcyclopedia/library/auditpol.exe-214E0EA1F7F7C27C82D23F183F9D23F1.html", + "https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/auditpol", + "https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings", + "https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/audit-policy", "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.002/T1562.002.md", + "https://strontic.github.io/xcyclopedia/library/auditpol.exe-214E0EA1F7F7C27C82D23F183F9D23F1.html", + "https://svch0st.medium.com/event-log-tampering-part-1-disrupting-the-eventlog-service-8d4b7d67335c", + "https://www.coretechnologies.com/blog/windows-services/eventlog/", "https://www.hackingarticles.in/defense-evasion-windows-event-logging-t1562-002/", - "https://svch0st.medium.com/event-log-tampering-part-1-disrupting-the-eventlog-service-8d4b7d67335c" + "https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/" ] }, "related": [ @@ -3830,8 +3830,8 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "Sensor Health: Host Status", - "Command: Command Execution" + "Command: Command Execution", + "Sensor Health: Host Status" ], "mitre_platforms": [ "Linux", @@ -3841,10 +3841,10 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1562/003", + "https://capec.mitre.org/data/definitions/13.html", "https://community.sophos.com/products/intercept/early-access-program/f/live-discover-response-queries/121529/live-discover---powershell-command-audit", - "https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_history?view=powershell-7", "https://community.sophos.com/products/malware/b/blog/posts/powershell-command-history-forensics", - "https://capec.mitre.org/data/definitions/13.html" + "https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_history?view=powershell-7" ] }, "related": [ @@ -3866,25 +3866,25 @@ ], "mitre_data_sources": [ "Command: Command Execution", - "Windows Registry: Windows Registry Key Modification", + "Process: Process Creation", "Process: Process Metadata", - "Process: Process Creation" + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1548/002", - "http://www.pretentiousname.com/misc/win7_uac_whitelist2.html", - "https://technet.microsoft.com/en-us/itpro/windows/keep-secure/how-user-account-control-works", "http://pen-testing.sans.org/blog/pen-testing/2013/08/08/psexec-uac-bypass", - "https://msdn.microsoft.com/en-us/library/ms679687.aspx", + "http://www.pretentiousname.com/misc/win7_uac_whitelist2.html", + "https://attack.mitre.org/techniques/T1548/002", + "https://blog.fortinet.com/2016/12/16/malicious-macro-bypasses-uac-to-elevate-privilege-for-fareit-malware", "https://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking/", "https://enigma0x3.net/2017/03/14/bypassing-uac-using-app-paths/", "https://enigma0x3.net/2017/03/17/fileless-uac-bypass-using-sdclt-exe/", + "https://github.com/hfiref0x/UACME", + "https://msdn.microsoft.com/en-us/library/ms679687.aspx", "https://technet.microsoft.com/en-US/magazine/2009.07.uac.aspx", - "https://blog.fortinet.com/2016/12/16/malicious-macro-bypasses-uac-to-elevate-privilege-for-fareit-malware", - "https://github.com/hfiref0x/UACME" + "https://technet.microsoft.com/en-us/itpro/windows/keep-secure/how-user-account-control-works" ] }, "related": [ @@ -3906,8 +3906,8 @@ ], "mitre_data_sources": [ "Command: Command Execution", - "Process: Process Creation", - "Process: OS API Execution" + "Process: OS API Execution", + "Process: Process Creation" ], "mitre_platforms": [ "Linux", @@ -3917,9 +3917,9 @@ "refs": [ "https://attack.mitre.org/techniques/T1497/002", "https://drive.google.com/file/d/1t0jn3xr4ff2fR30oQAUn_RsWSnMpOAQc", - "https://www.sans.org/reading-room/whitepapers/forensics/detecting-malware-sandbox-evasion-techniques-36667", "https://unit42.paloaltonetworks.com/unit42-sofacy-continues-global-attacks-wheels-new-cannon-trojan/", - "https://www.fireeye.com/blog/threat-research/2017/04/fin7-phishing-lnk.html" + "https://www.fireeye.com/blog/threat-research/2017/04/fin7-phishing-lnk.html", + "https://www.sans.org/reading-room/whitepapers/forensics/detecting-malware-sandbox-evasion-techniques-36667" ] }, "related": [ @@ -3968,10 +3968,10 @@ "mitre-attack:exfiltration" ], "mitre_data_sources": [ - "File: File Access", - "Network Traffic: Network Traffic Flow", "Command: Command Execution", - "Network Traffic: Network Traffic Content" + "File: File Access", + "Network Traffic: Network Traffic Content", + "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ "Linux", @@ -4000,10 +4000,10 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ + "Command: Command Execution", "File: File Modification", - "Process: Process Metadata", "Process: Process Creation", - "Command: Command Execution" + "Process: Process Metadata" ], "mitre_platforms": [ "Linux", @@ -4011,9 +4011,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1548/003", - "https://www.sudo.ws/", "https://blog.malwarebytes.com/threat-analysis/2017/04/new-osx-dok-malware-intercepts-web-traffic/", - "https://www.cybereason.com/blog/labs-proton-b-what-this-mac-malware-actually-does" + "https://www.cybereason.com/blog/labs-proton-b-what-this-mac-malware-actually-does", + "https://www.sudo.ws/" ] }, "related": [ @@ -4033,10 +4033,10 @@ "mitre-attack:credential-access" ], "mitre_data_sources": [ - "File: File Access", - "Process: Process Access", "Command: Command Execution", - "Process: OS API Execution" + "File: File Access", + "Process: OS API Execution", + "Process: Process Access" ], "mitre_platforms": [ "Linux", @@ -4047,9 +4047,9 @@ "https://attack.mitre.org/techniques/T1555/003", "https://blog.talosintelligence.com/2018/02/olympic-destroyer.html", "https://docs.microsoft.com/en-us/windows/desktop/api/dpapi/nf-dpapi-cryptunprotectdata", - "https://www.proofpoint.com/us/threat-insight/post/new-vega-stealer-shines-brightly-targeted-campaign", + "https://github.com/putterpanda/mimikittenz", "https://www.fireeye.com/blog/threat-research/2017/07/hawkeye-malware-distributed-in-phishing-campaign.html", - "https://github.com/putterpanda/mimikittenz" + "https://www.proofpoint.com/us/threat-insight/post/new-vega-stealer-shines-brightly-targeted-campaign" ] }, "related": [ @@ -4069,9 +4069,9 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "Windows Registry: Windows Registry Key Modification", + "Command: Command Execution", "Process: Process Creation", - "Command: Command Execution" + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Windows", @@ -4079,14 +4079,14 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1553/006", - "https://docs.microsoft.com/en-us/previous-versions/windows/hardware/design/dn653559(v=vs.85)?redirectedfrom=MSDN", + "https://blog-assets.f-secure.com/wp-content/uploads/2019/10/15163408/BlackEnergy_Quedagh.pdf", "https://developer.apple.com/documentation/security/disabling_and_enabling_system_integrity_protection", + "https://docs.microsoft.com/en-us/previous-versions/windows/hardware/design/dn653559(v=vs.85)?redirectedfrom=MSDN", "https://docs.microsoft.com/en-us/windows-hardware/drivers/install/installing-an-unsigned-driver-during-development-and-test", "https://docs.microsoft.com/en-us/windows-hardware/drivers/install/the-testsigning-boot-configuration-option", - "https://www.fireeye.com/blog/threat-research/2012/08/hikit-rootkit-advanced-persistent-attack-techniques-part-2.html", "https://github.com/hfiref0x/TDL", - "https://blog-assets.f-secure.com/wp-content/uploads/2019/10/15163408/BlackEnergy_Quedagh.pdf", - "https://unit42.paloaltonetworks.com/acidbox-rare-malware/" + "https://unit42.paloaltonetworks.com/acidbox-rare-malware/", + "https://www.fireeye.com/blog/threat-research/2012/08/hikit-rootkit-advanced-persistent-attack-techniques-part-2.html" ] }, "related": [ @@ -4107,8 +4107,8 @@ "mitre-attack:persistence" ], "mitre_data_sources": [ - "File: File Creation", "Command: Command Execution", + "File: File Creation", "File: File Modification", "Process: Process Creation" ], @@ -4118,18 +4118,18 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1546/004", - "https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/", "https://bencane.com/2013/09/16/understanding-a-little-more-about-etcprofile-and-etcbashrc/", - "https://www.anomali.com/blog/illicit-cryptomining-threat-actor-rocke-changes-tactics-now-more-difficult-to-detect", - "https://wiki.archlinux.org/index.php/Bash#Invocation", - "https://unit42.paloaltonetworks.com/unit42-new-iotlinux-malware-targets-dvrs-forms-botnet/", - "https://www.anomali.com/blog/pulling-linux-rabbit-rabbot-malware-out-of-a-hat", "https://blog.sucuri.net/2018/05/shell-logins-as-a-magento-reinfection-vector.html", - "https://scriptingosx.com/2019/06/moving-to-zsh-part-2-configuration-files/", - "https://posts.specterops.io/persistent-jxa-66e1c3cd1cf5", - "https://github.com/D00MFist/PersistentJXA/blob/master/BashProfilePersist.js", "https://cedowens.medium.com/macos-ms-office-sandbox-brain-dump-4509b5fed49a", - "https://objective-see.com/blog/blog_0x48.html" + "https://github.com/D00MFist/PersistentJXA/blob/master/BashProfilePersist.js", + "https://objective-see.com/blog/blog_0x48.html", + "https://posts.specterops.io/persistent-jxa-66e1c3cd1cf5", + "https://scriptingosx.com/2019/06/moving-to-zsh-part-2-configuration-files/", + "https://unit42.paloaltonetworks.com/unit42-new-iotlinux-malware-targets-dvrs-forms-botnet/", + "https://wiki.archlinux.org/index.php/Bash#Invocation", + "https://www.anomali.com/blog/illicit-cryptomining-threat-actor-rocke-changes-tactics-now-more-difficult-to-detect", + "https://www.anomali.com/blog/pulling-linux-rabbit-rabbot-malware-out-of-a-hat", + "https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/" ] }, "related": [ @@ -4150,8 +4150,8 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "Process: Process Creation", - "Process: OS API Execution" + "Process: OS API Execution", + "Process: Process Creation" ], "mitre_platforms": [ "macOS" @@ -4159,9 +4159,9 @@ "refs": [ "https://attack.mitre.org/techniques/T1548/004", "https://developer.apple.com/documentation/security/1540038-authorizationexecutewithprivileg", + "https://objective-see.com/blog/blog_0x2A.html", "https://speakerdeck.com/patrickwardle/defcon-2017-death-by-1000-installers-its-all-broken?slide=8", - "https://www.carbonblack.com/2019/02/12/tau-threat-intelligence-notification-new-macos-malware-variant-of-shlayer-osx-discovered/", - "https://objective-see.com/blog/blog_0x2A.html" + "https://www.carbonblack.com/2019/02/12/tau-threat-intelligence-notification-new-macos-malware-variant-of-shlayer-osx-discovered/" ] }, "related": [ @@ -4181,10 +4181,10 @@ "mitre-attack:impact" ], "mitre_data_sources": [ - "Sensor Health: Host Status", "Application Log: Application Log Content", "Network Traffic: Network Traffic Content", - "Network Traffic: Network Traffic Flow" + "Network Traffic: Network Traffic Flow", + "Sensor Health: Host Status" ], "mitre_platforms": [ "Windows", @@ -4219,36 +4219,36 @@ "mitre-attack:privilege-escalation" ], "mitre_data_sources": [ - "Kernel: Kernel Module Load", - "File: File Modification", - "Process: Process Creation", "Command: Command Execution", - "File: File Creation" + "File: File Creation", + "File: File Modification", + "Kernel: Kernel Module Load", + "Process: Process Creation" ], "mitre_platforms": [ "macOS", "Linux" ], "refs": [ + "http://tldp.org/HOWTO/Module-HOWTO/x197.html", + "http://www.megasecurity.org/papers/Rootkits.pdf", + "http://www.tldp.org/LDP/lkmpg/2.4/html/x437.html", "https://attack.mitre.org/techniques/T1547/006", + "https://blog.trendmicro.com/trendlabs-security-intelligence/skidmap-linux-malware-uses-rootkit-capabilities-to-hide-cryptocurrency-mining-payload/", "https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf", "https://developer.apple.com/support/kernel-extensions/", - "https://support.apple.com/guide/deployment/system-and-kernel-extensions-in-macos-depa5fb8376f/web", + "https://en.wikipedia.org/wiki/Loadable_kernel_module#Linux", "https://github.com/f0rb1dd3n/Reptile", - "https://volatility-labs.blogspot.com/2012/10/phalanx-2-revealed-using-volatility-to.html", - "http://www.megasecurity.org/papers/Rootkits.pdf", - "http://tldp.org/HOWTO/Module-HOWTO/x197.html", - "https://www.crowdstrike.com/blog/http-iframe-injecting-linux-rootkit/", "https://github.com/m0nad/Diamorphine", - "https://securelist.com/the-ventir-trojan-assemble-your-macos-spy/67267/", "https://pikeralpha.wordpress.com/2017/08/29/user-approved-kernel-extension-loading/", - "http://www.tldp.org/LDP/lkmpg/2.4/html/x437.html", - "https://www.tldp.org/LDP/lkmpg/2.4/lkmpg.pdf", - "https://blog.trendmicro.com/trendlabs-security-intelligence/skidmap-linux-malware-uses-rootkit-capabilities-to-hide-cryptocurrency-mining-payload/", "https://richard-purves.com/2017/11/09/mdm-and-the-kextpocalypse-2/", - "https://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-Wardle.pdf", + "https://securelist.com/the-ventir-trojan-assemble-your-macos-spy/67267/", + "https://support.apple.com/guide/deployment/system-and-kernel-extensions-in-macos-depa5fb8376f/web", + "https://volatility-labs.blogspot.com/2012/10/phalanx-2-revealed-using-volatility-to.html", + "https://www.crowdstrike.com/blog/http-iframe-injecting-linux-rootkit/", "https://www.synack.com/2017/09/08/high-sierras-secure-kernel-extension-loading-is-broken/", - "https://en.wikipedia.org/wiki/Loadable_kernel_module#Linux" + "https://www.tldp.org/LDP/lkmpg/2.4/lkmpg.pdf", + "https://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-Wardle.pdf" ] }, "related": [ @@ -4270,10 +4270,10 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "Windows Registry: Windows Registry Key Modification", - "Service: Service Modification", + "Command: Command Execution", "Process: Process Creation", - "Command: Command Execution" + "Service: Service Modification", + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Windows" @@ -4281,14 +4281,14 @@ "refs": [ "https://attack.mitre.org/techniques/T1574/011", "https://capec.mitre.org/data/definitions/478.html", + "https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns", + "https://docs.microsoft.com/en-us/windows-hardware/drivers/install/hklm-system-currentcontrolset-services-registry-tree", "https://docs.microsoft.com/en-us/windows/win32/sysinfo/registry-key-security-and-access-rights?redirectedfrom=MSDN", - "https://www.bleepingcomputer.com/tutorials/how-malware-hides-as-a-service/", + "https://itm4n.github.io/windows-registry-rpceptmapper-eop/", "https://trustedsignal.blogspot.com/2014/05/kansa-service-related-collectors-and.html", "https://twitter.com/r0wdy_/status/936365549553991680", - "https://docs.microsoft.com/en-us/windows-hardware/drivers/install/hklm-system-currentcontrolset-services-registry-tree", - "https://itm4n.github.io/windows-registry-rpceptmapper-eop/", - "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/troj_zegost", - "https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns" + "https://www.bleepingcomputer.com/tutorials/how-malware-hides-as-a-service/", + "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/troj_zegost" ] }, "related": [ @@ -4309,18 +4309,18 @@ "mitre-attack:persistence" ], "mitre_data_sources": [ - "Windows Registry: Windows Registry Key Modification", + "Command: Command Execution", "Module: Module Load", "Process: Process Creation", - "Command: Command Execution" + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Windows" ], "refs": [ "https://attack.mitre.org/techniques/T1546/015", - "https://msdn.microsoft.com/library/ms694363.aspx", "https://blog.gdatasoftware.com/2014/10/23941-com-object-hijacking-the-discreet-way-of-persistence", + "https://msdn.microsoft.com/library/ms694363.aspx", "https://www.elastic.co/blog/how-hunt-detecting-persistence-evasion-com" ] }, @@ -4341,9 +4341,9 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "Script: Script Execution", + "File: File Modification", "Process: Process Creation", - "File: File Modification" + "Script: Script Execution" ], "mitre_platforms": [ "Windows", @@ -4410,8 +4410,8 @@ "mitre-attack:exfiltration" ], "mitre_data_sources": [ - "Network Traffic: Network Traffic Flow", - "Network Traffic: Network Connection Creation" + "Network Traffic: Network Connection Creation", + "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ "Linux", @@ -4419,8 +4419,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1030", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/techniques/T1030" ] }, "uuid": "c3888c54-775d-4b2f-b759-75a2ececcbfd", @@ -4434,11 +4434,11 @@ "mitre-attack:collection" ], "mitre_data_sources": [ - "Process: Process Creation", - "Script: Script Execution", - "Process: OS API Execution", + "Command: Command Execution", "File: File Access", - "Command: Command Execution" + "Process: OS API Execution", + "Process: Process Creation", + "Script: Script Execution" ], "mitre_platforms": [ "Linux", @@ -4463,16 +4463,16 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "Windows Registry: Windows Registry Key Deletion", - "File: File Metadata", - "User Account: User Account Authentication", - "Process: Process Creation", "Command: Command Execution", "File: File Deletion", - "Process: OS API Execution", - "Windows Registry: Windows Registry Key Modification", + "File: File Metadata", + "File: File Modification", "Network Traffic: Network Traffic Content", - "File: File Modification" + "Process: OS API Execution", + "Process: Process Creation", + "User Account: User Account Authentication", + "Windows Registry: Windows Registry Key Deletion", + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Linux", @@ -4497,11 +4497,11 @@ "mitre-attack:exfiltration" ], "mitre_data_sources": [ - "Network Traffic: Network Traffic Content", + "Command: Command Execution", "File: File Access", "Network Traffic: Network Connection Creation", - "Network Traffic: Network Traffic Flow", - "Command: Command Execution" + "Network Traffic: Network Traffic Content", + "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ "Linux", @@ -4509,8 +4509,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1041", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/techniques/T1041" ] }, "uuid": "92d7da27-2d91-488e-a00c-059dc162766d", @@ -4524,8 +4524,8 @@ "mitre-attack:lateral-movement" ], "mitre_data_sources": [ - "Network Traffic: Network Traffic Content", - "Application Log: Application Log Content" + "Application Log: Application Log Content", + "Network Traffic: Network Traffic Content" ], "mitre_platforms": [ "Linux", @@ -4534,10 +4534,10 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1210", - "https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-microsoft-windows-smb-server-could-allow-for-remote-code-execution/", - "https://nvd.nist.gov/vuln/detail/CVE-2017-0176", + "https://nvd.nist.gov/vuln/detail/CVE-2014-7169", "https://nvd.nist.gov/vuln/detail/CVE-2016-6662", - "https://nvd.nist.gov/vuln/detail/CVE-2014-7169" + "https://nvd.nist.gov/vuln/detail/CVE-2017-0176", + "https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-microsoft-windows-smb-server-could-allow-for-remote-code-execution/" ] }, "uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", @@ -4551,10 +4551,10 @@ "mitre-attack:discovery" ], "mitre_data_sources": [ - "Process: Process Creation", - "Script: Script Execution", + "Command: Command Execution", "Process: OS API Execution", - "Command: Command Execution" + "Process: Process Creation", + "Script: Script Execution" ], "mitre_platforms": [ "Linux", @@ -4564,9 +4564,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1016", + "https://capec.mitre.org/data/definitions/309.html", "https://www.mandiant.com/resources/apt41-initiates-global-intrusion-campaign-using-multiple-exploits ", - "https://www.us-cert.gov/ncas/alerts/TA18-106A", - "https://capec.mitre.org/data/definitions/309.html" + "https://www.us-cert.gov/ncas/alerts/TA18-106A" ] }, "uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", @@ -4581,9 +4581,9 @@ "mitre-attack:initial-access" ], "mitre_data_sources": [ - "File: File Creation", - "File: File Access", "Drive: Drive Creation", + "File: File Access", + "File: File Creation", "Process: Process Creation" ], "mitre_platforms": [ @@ -4604,8 +4604,8 @@ "mitre-attack:execution" ], "mitre_data_sources": [ - "Process: Process Creation", - "Application Log: Application Log Content" + "Application Log: Application Log Content", + "Process: Process Creation" ], "mitre_platforms": [ "Linux", @@ -4631,11 +4631,11 @@ "Windows" ], "refs": [ + "http://msdn.microsoft.com/en-us/library/bb166549.aspx", "https://attack.mitre.org/techniques/T1042", "https://capec.mitre.org/data/definitions/556.html", - "https://support.microsoft.com/en-us/help/18539/windows-7-change-default-programs", - "http://msdn.microsoft.com/en-us/library/bb166549.aspx", "https://docs.microsoft.com/windows-server/administration/windows-commands/assoc", + "https://support.microsoft.com/en-us/help/18539/windows-7-change-default-programs", "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/troj_fakeav.gzd" ] }, @@ -4699,9 +4699,9 @@ "mitre-attack:exfiltration" ], "mitre_data_sources": [ + "Command: Command Execution", "Drive: Drive Creation", "File: File Access", - "Command: Command Execution", "Process: Process Creation" ], "mitre_platforms": [ @@ -4724,8 +4724,8 @@ "mitre-attack:collection" ], "mitre_data_sources": [ - "Network Traffic: Network Traffic Content", - "Network Traffic: Network Connection Creation" + "Network Traffic: Network Connection Creation", + "Network Traffic: Network Traffic Content" ], "mitre_platforms": [ "Network" @@ -4748,10 +4748,10 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "Process: Process Creation", - "File: File Metadata", + "Command: Command Execution", "File: File Creation", - "Command: Command Execution" + "File: File Metadata", + "Process: Process Creation" ], "mitre_platforms": [ "Linux", @@ -4761,14 +4761,14 @@ "refs": [ "https://attack.mitre.org/techniques/T1027", "https://capec.mitre.org/data/definitions/267.html", - "https://www.volexity.com/blog/2016/11/09/powerduke-post-election-spear-phishing-campaigns-targeting-think-tanks-and-ngos/", - "https://www.welivesecurity.com/2013/04/26/linuxcdorked-new-apache-backdoor-in-the-wild-serves-blackhole/", + "https://github.com/danielbohannon/Revoke-Obfuscation", + "https://github.com/itsreallynick/office-crackros", + "https://researchcenter.paloaltonetworks.com/2017/03/unit42-pulling-back-the-curtains-on-encodedcommand-powershell-attacks/", "https://www.carbonblack.com/2016/09/23/security-advisory-variants-well-known-adware-families-discovered-include-sophisticated-obfuscation-techniques-previously-associated-nation-state-attacks/", "https://www.fireeye.com/blog/threat-research/2017/06/obfuscation-in-the-wild.html", "https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/revoke-obfuscation-report.pdf", - "https://researchcenter.paloaltonetworks.com/2017/03/unit42-pulling-back-the-curtains-on-encodedcommand-powershell-attacks/", - "https://github.com/danielbohannon/Revoke-Obfuscation", - "https://github.com/itsreallynick/office-crackros" + "https://www.volexity.com/blog/2016/11/09/powerduke-post-election-spear-phishing-campaigns-targeting-think-tanks-and-ngos/", + "https://www.welivesecurity.com/2013/04/26/linuxcdorked-new-apache-backdoor-in-the-wild-serves-blackhole/" ] }, "uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", @@ -4782,8 +4782,8 @@ "mitre-attack:command-and-control" ], "mitre_data_sources": [ - "Drive: Drive Creation", - "Drive: Drive Access" + "Drive: Drive Access", + "Drive: Drive Creation" ], "mitre_platforms": [ "Linux", @@ -4832,9 +4832,9 @@ "https://attack.mitre.org/techniques/T1503", "https://blog.talosintelligence.com/2018/02/olympic-destroyer.html", "https://docs.microsoft.com/en-us/windows/desktop/api/dpapi/nf-dpapi-cryptunprotectdata", - "https://www.proofpoint.com/us/threat-insight/post/new-vega-stealer-shines-brightly-targeted-campaign", + "https://github.com/putterpanda/mimikittenz", "https://www.fireeye.com/blog/threat-research/2017/07/hawkeye-malware-distributed-in-phishing-campaign.html", - "https://github.com/putterpanda/mimikittenz" + "https://www.proofpoint.com/us/threat-insight/post/new-vega-stealer-shines-brightly-targeted-campaign" ] }, "related": [ @@ -4857,9 +4857,9 @@ "mitre-attack:discovery" ], "mitre_data_sources": [ + "Command: Command Execution", "Process: OS API Execution", - "Process: Process Creation", - "Command: Command Execution" + "Process: Process Creation" ], "mitre_platforms": [ "Linux", @@ -4870,9 +4870,9 @@ "refs": [ "https://attack.mitre.org/techniques/T1083", "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", - "https://www.us-cert.gov/ncas/alerts/TA18-106A", "https://capec.mitre.org/data/definitions/127.html", - "https://capec.mitre.org/data/definitions/497.html" + "https://capec.mitre.org/data/definitions/497.html", + "https://www.us-cert.gov/ncas/alerts/TA18-106A" ] }, "uuid": "7bc57495-ea59-4380-be31-a64af124ef18", @@ -4892,14 +4892,14 @@ "Windows" ], "refs": [ + "http://msdn.microsoft.com/en-US/library/ms682586", + "http://msdn.microsoft.com/en-US/library/ms682600", "https://attack.mitre.org/techniques/T1038", "https://capec.mitre.org/data/definitions/471.html", - "http://msdn.microsoft.com/en-US/library/ms682586", - "https://www.owasp.org/index.php/Binary_planting", - "https://msrc-blog.microsoft.com/2010/08/21/microsoft-security-advisory-2269637-released/", - "http://msdn.microsoft.com/en-US/library/ms682600", "https://msdn.microsoft.com/en-US/library/aa375365", - "https://www.mandiant.com/blog/dll-search-order-hijacking-revisited/" + "https://msrc-blog.microsoft.com/2010/08/21/microsoft-security-advisory-2269637-released/", + "https://www.mandiant.com/blog/dll-search-order-hijacking-revisited/", + "https://www.owasp.org/index.php/Binary_planting" ] }, "related": [ @@ -4963,10 +4963,10 @@ "macOS" ], "refs": [ + "http://seclists.org/fulldisclosure/2015/Dec/34", "https://attack.mitre.org/techniques/T1044", "https://capec.mitre.org/data/definitions/17.html", - "https://www.mozilla.org/en-US/security/advisories/mfsa2012-98/", - "http://seclists.org/fulldisclosure/2015/Dec/34" + "https://www.mozilla.org/en-US/security/advisories/mfsa2012-98/" ] }, "related": [ @@ -4993,12 +4993,12 @@ "iOS" ], "refs": [ - "https://attack.mitre.org/techniques/T1406", - "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-21.html", - "http://pages.cs.wisc.edu/~vrastogi/static/papers/rcj13b.pdf", - "http://ieeexplore.ieee.org/document/6234407", "http://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-improve-android-malware-stealth-routines-with-obad/", - "http://www.slideshare.net/Shakacon/fruit-vs-zombies-defeat-nonjailbroken-ios-malware-by-claud-xiao" + "http://ieeexplore.ieee.org/document/6234407", + "http://pages.cs.wisc.edu/~vrastogi/static/papers/rcj13b.pdf", + "http://www.slideshare.net/Shakacon/fruit-vs-zombies-defeat-nonjailbroken-ios-malware-by-claud-xiao", + "https://attack.mitre.org/techniques/T1406", + "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-21.html" ] }, "uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", @@ -5017,10 +5017,10 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1470", + "https://blog.elcomsoft.com/2017/07/extract-and-decrypt-whatsapp-backups-from-icloud/", "https://pages.nist.gov/mobile-threat-catalogue/ecosystem-threats/ECO-0.html", "https://pages.nist.gov/mobile-threat-catalogue/ecosystem-threats/ECO-1.html", - "https://www.elcomsoft.com/eppb.html", - "https://blog.elcomsoft.com/2017/07/extract-and-decrypt-whatsapp-backups-from-icloud/" + "https://www.elcomsoft.com/eppb.html" ] }, "uuid": "0c71033e-401e-4b97-9309-7a7c95e43a5d", @@ -5034,11 +5034,11 @@ "mitre-attack:exfiltration" ], "mitre_data_sources": [ - "Network Traffic: Network Traffic Content", "Command: Command Execution", - "Network Traffic: Network Traffic Flow", + "File: File Access", "Network Traffic: Network Connection Creation", - "File: File Access" + "Network Traffic: Network Traffic Content", + "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ "Linux", @@ -5046,10 +5046,10 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1048", "http://researchcenter.paloaltonetworks.com/2016/10/unit42-oilrig-malware-campaign-updates-toolset-and-expands-targets/", - "https://labs.sentinelone.com/20-common-tools-techniques-used-by-macos-threat-actors-malware/", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/techniques/T1048", + "https://labs.sentinelone.com/20-common-tools-techniques-used-by-macos-threat-actors-malware/" ] }, "uuid": "a19e86f8-1c0a-4fea-8407-23b73d615776", @@ -5085,8 +5085,8 @@ ], "mitre_data_sources": [ "Command: Command Execution", - "Process: Process Creation", - "Process: OS API Execution" + "Process: OS API Execution", + "Process: Process Creation" ], "mitre_platforms": [ "Windows", @@ -5097,9 +5097,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1049", + "https://cloud.google.com/vpc/docs/vpc", "https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html", "https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-overview", - "https://cloud.google.com/vpc/docs/vpc", "https://www.us-cert.gov/ncas/alerts/TA18-106A" ] }, @@ -5115,11 +5115,11 @@ "mitre-attack:lateral-movement" ], "mitre_data_sources": [ - "Web Credential: Web Credential Usage", + "Active Directory: Active Directory Credential Request", "Application Log: Application Log Content", "Logon Session: Logon Session Creation", "User Account: User Account Authentication", - "Active Directory: Active Directory Credential Request" + "Web Credential: Web Credential Usage" ], "mitre_platforms": [ "Windows", @@ -5131,8 +5131,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1550", - "https://csrc.nist.gov/glossary/term/authentication", "https://csrc.nist.gov/glossary/term/Multi_Factor-Authentication", + "https://csrc.nist.gov/glossary/term/authentication", "https://technet.microsoft.com/en-us/library/dn487457.aspx" ] }, @@ -5155,9 +5155,9 @@ "https://attack.mitre.org/techniques/T1058", "https://capec.mitre.org/data/definitions/478.html", "https://msdn.microsoft.com/library/windows/desktop/ms724878.aspx", + "https://technet.microsoft.com/en-us/sysinternals/bb963902", "https://trustedsignal.blogspot.com/2014/05/kansa-service-related-collectors-and.html", - "https://twitter.com/r0wdy_/status/936365549553991680", - "https://technet.microsoft.com/en-us/sysinternals/bb963902" + "https://twitter.com/r0wdy_/status/936365549553991680" ] }, "related": [ @@ -5180,11 +5180,11 @@ "mitre-attack:execution" ], "mitre_data_sources": [ - "Module: Module Load", - "Process: Process Metadata", - "Script: Script Execution", "Command: Command Execution", - "Process: Process Creation" + "Module: Module Load", + "Process: Process Creation", + "Process: Process Metadata", + "Script: Script Execution" ], "mitre_platforms": [ "Linux", @@ -5194,9 +5194,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1059", - "https://www.thepythoncode.com/article/executing-bash-commands-remotely-in-python", + "https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/running-remote-commands?view=powershell-7.1", "https://tools.cisco.com/security/center/resources/integrity_assurance.html#23", - "https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/running-remote-commands?view=powershell-7.1" + "https://www.thepythoncode.com/article/executing-bash-commands-remotely-in-python" ] }, "uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", @@ -5215,9 +5215,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1590", - "https://www.whois.net/", "https://dnsdumpster.com/", - "https://www.circl.lu/services/passive-dns/" + "https://www.circl.lu/services/passive-dns/", + "https://www.whois.net/" ] }, "uuid": "9d48cab2-7929-4812-ad22-f536665f0109", @@ -5270,9 +5270,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1068", - "https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf", + "https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules", "https://unit42.paloaltonetworks.com/acidbox-rare-malware/", - "https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules" + "https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" ] }, "uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", @@ -5291,17 +5291,17 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1088", - "https://technet.microsoft.com/en-us/itpro/windows/keep-secure/how-user-account-control-works", - "https://technet.microsoft.com/en-US/magazine/2009.07.uac.aspx", - "https://msdn.microsoft.com/en-us/library/ms679687.aspx", - "http://www.pretentiousname.com/misc/win7_uac_whitelist2.html", - "https://github.com/hfiref0x/UACME", - "https://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking/", - "https://blog.fortinet.com/2016/12/16/malicious-macro-bypasses-uac-to-elevate-privilege-for-fareit-malware", "http://pen-testing.sans.org/blog/pen-testing/2013/08/08/psexec-uac-bypass", + "http://www.pretentiousname.com/misc/win7_uac_whitelist2.html", + "https://attack.mitre.org/techniques/T1088", + "https://blog.fortinet.com/2016/12/16/malicious-macro-bypasses-uac-to-elevate-privilege-for-fareit-malware", + "https://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking/", "https://enigma0x3.net/2017/03/14/bypassing-uac-using-app-paths/", - "https://enigma0x3.net/2017/03/17/fileless-uac-bypass-using-sdclt-exe/" + "https://enigma0x3.net/2017/03/17/fileless-uac-bypass-using-sdclt-exe/", + "https://github.com/hfiref0x/UACME", + "https://msdn.microsoft.com/en-us/library/ms679687.aspx", + "https://technet.microsoft.com/en-US/magazine/2009.07.uac.aspx", + "https://technet.microsoft.com/en-us/itpro/windows/keep-secure/how-user-account-control-works" ] }, "related": [ @@ -5353,10 +5353,10 @@ "https://msdn.microsoft.com/library/windows/desktop/ms633574.aspx", "https://msdn.microsoft.com/library/windows/desktop/ms633584.aspx", "https://msdn.microsoft.com/library/windows/desktop/ms633591.aspx", + "https://msdn.microsoft.com/library/windows/desktop/ms644953.aspx", "https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process", "https://www.malwaretech.com/2013/08/powerloader-injection-something-truly.html", - "https://www.welivesecurity.com/2013/03/19/gapz-and-redyms-droppers-based-on-power-loader-code/", - "https://msdn.microsoft.com/library/windows/desktop/ms644953.aspx" + "https://www.welivesecurity.com/2013/03/19/gapz-and-redyms-droppers-based-on-power-loader-code/" ] }, "related": [ @@ -5385,9 +5385,9 @@ "macOS" ], "refs": [ + "https://adsecurity.org/?p=1515", "https://attack.mitre.org/techniques/T1212", - "https://technet.microsoft.com/en-us/library/security/ms14-068.aspx", - "https://adsecurity.org/?p=1515" + "https://technet.microsoft.com/en-us/library/security/ms14-068.aspx" ] }, "uuid": "9c306d8d-cde7-4b4c-b6e8-d0bb16caca36", @@ -5407,8 +5407,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1122", - "https://msdn.microsoft.com/library/ms694363.aspx", "https://blog.gdatasoftware.com/2014/10/23941-com-object-hijacking-the-discreet-way-of-persistence", + "https://msdn.microsoft.com/library/ms694363.aspx", "https://www.elastic.co/blog/how-hunt-detecting-persistence-evasion-com" ] }, @@ -5432,8 +5432,8 @@ "mitre-attack:collection" ], "mitre_data_sources": [ - "Logon Session: Logon Session Creation", - "Application Log: Application Log Content" + "Application Log: Application Log Content", + "Logon Session: Logon Session Creation" ], "mitre_platforms": [ "Linux", @@ -5447,8 +5447,8 @@ "refs": [ "https://attack.mitre.org/techniques/T1213", "https://confluence.atlassian.com/confkb/how-to-enable-user-access-logging-182943.html", - "https://support.office.com/en-us/article/configure-audit-settings-for-a-site-collection-a9920c97-38c0-44f2-8bcb-4cf1e2ae22d2", - "https://docs.microsoft.com/en-us/microsoft-365/compliance/use-sharing-auditing?view=o365-worldwide#sharepoint-sharing-events" + "https://docs.microsoft.com/en-us/microsoft-365/compliance/use-sharing-auditing?view=o365-worldwide#sharepoint-sharing-events", + "https://support.office.com/en-us/article/configure-audit-settings-for-a-site-collection-a9920c97-38c0-44f2-8bcb-4cf1e2ae22d2" ] }, "uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416", @@ -5485,19 +5485,19 @@ "macOS" ], "refs": [ - "https://attack.mitre.org/techniques/T1215", - "https://www.tldp.org/LDP/lkmpg/2.4/lkmpg.pdf", + "http://tldp.org/HOWTO/Module-HOWTO/x197.html", + "http://www.megasecurity.org/papers/Rootkits.pdf", "http://www.tldp.org/LDP/lkmpg/2.4/html/x437.html", - "https://volatility-labs.blogspot.com/2012/10/phalanx-2-revealed-using-volatility-to.html", - "https://www.crowdstrike.com/blog/http-iframe-injecting-linux-rootkit/", + "https://attack.mitre.org/techniques/T1215", + "https://en.wikipedia.org/wiki/Loadable_kernel_module#Linux", "https://github.com/f0rb1dd3n/Reptile", "https://github.com/m0nad/Diamorphine", - "http://www.megasecurity.org/papers/Rootkits.pdf", - "https://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-Wardle.pdf", - "https://www.synack.com/2017/09/08/high-sierras-secure-kernel-extension-loading-is-broken/", "https://securelist.com/the-ventir-trojan-assemble-your-macos-spy/67267/", - "https://en.wikipedia.org/wiki/Loadable_kernel_module#Linux", - "http://tldp.org/HOWTO/Module-HOWTO/x197.html" + "https://volatility-labs.blogspot.com/2012/10/phalanx-2-revealed-using-volatility-to.html", + "https://www.crowdstrike.com/blog/http-iframe-injecting-linux-rootkit/", + "https://www.synack.com/2017/09/08/high-sierras-secure-kernel-extension-loading-is-broken/", + "https://www.tldp.org/LDP/lkmpg/2.4/lkmpg.pdf", + "https://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-Wardle.pdf" ] }, "related": [ @@ -5520,18 +5520,18 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "Network Traffic: Network Connection Creation", - "Network Traffic: Network Traffic Flow", "Image: Image Creation", - "Network Traffic: Network Traffic Content" + "Network Traffic: Network Connection Creation", + "Network Traffic: Network Traffic Content", + "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ "Containers" ], "refs": [ "https://attack.mitre.org/techniques/T1612", - "https://docs.docker.com/engine/api/v1.41/#operation/ImageBuild", "https://blog.aquasec.com/malicious-container-image-docker-container-host", + "https://docs.docker.com/engine/api/v1.41/#operation/ImageBuild", "https://info.aquasec.com/hubfs/Threat%20reports/AquaSecurity_Cloud_Native_Threat_Report_2021.pdf?utm_campaign=WP%20-%20Jun2021%20Nautilus%202021%20Threat%20Research%20Report&utm_medium=email&_hsmi=132931006&_hsenc=p2ANqtz-_8oopT5Uhqab8B7kE0l3iFo1koirxtyfTehxF7N-EdGYrwk30gfiwp5SiNlW3G0TNKZxUcDkYOtwQ9S6nNVNyEO-Dgrw&utm_content=132931006&utm_source=hs_automation" ] }, @@ -5574,8 +5574,8 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "Process: Process Creation", "Command: Command Execution", + "Process: Process Creation", "Script: Script Execution" ], "mitre_platforms": [ @@ -5583,8 +5583,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1216", - "https://github.com/api0cradle/UltimateAppLockerByPassList", - "https://github.com/LOLBAS-Project/LOLBAS#criteria" + "https://github.com/LOLBAS-Project/LOLBAS#criteria", + "https://github.com/api0cradle/UltimateAppLockerByPassList" ] }, "uuid": "f6fe9070-7a65-49ea-ae72-76292f42cebe", @@ -5598,13 +5598,13 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "Windows Registry: Windows Registry Key Modification", - "Network Traffic: Network Connection Creation", - "Process: OS API Execution", - "Module: Module Load", "Command: Command Execution", "File: File Creation", - "Process: Process Creation" + "Module: Module Load", + "Network Traffic: Network Connection Creation", + "Process: OS API Execution", + "Process: Process Creation", + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Windows", @@ -5613,8 +5613,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1218", - "https://gtfobins.github.io/gtfobins/split/", "https://github.com/LOLBAS-Project/LOLBAS#criteria", + "https://gtfobins.github.io/gtfobins/split/", "https://man7.org/linux/man-pages/man1/split.1.html" ] }, @@ -5629,9 +5629,9 @@ "mitre-pre-attack:persona-development" ], "refs": [ + "http://media.blackhat.com/bh-us-10/whitepapers/Ryan/BlackHat-USA-2010-Ryan-Getting-In-Bed-With-Robin-Sage-v1.0.pdf", "https://attack.mitre.org/techniques/T1341", - "https://www.securityweek.com/iranian-hackers-targeted-us-officials-elaborate-social-media-attack-operation", - "http://media.blackhat.com/bh-us-10/whitepapers/Ryan/BlackHat-USA-2010-Ryan-Getting-In-Bed-With-Robin-Sage-v1.0.pdf" + "https://www.securityweek.com/iranian-hackers-targeted-us-officials-elaborate-social-media-attack-operation" ] }, "uuid": "9108e212-1c94-4f8d-be76-1aad9b4c86a4", @@ -5645,8 +5645,8 @@ "mitre-pre-attack:build-capabilities" ], "refs": [ - "https://attack.mitre.org/techniques/T1351", - "https://arstechnica.com/information-technology/2014/06/active-malware-operation-let-attackers-sabotage-us-energy-industry/" + "https://arstechnica.com/information-technology/2014/06/active-malware-operation-let-attackers-sabotage-us-energy-industry/", + "https://attack.mitre.org/techniques/T1351" ] }, "uuid": "9755ecdc-deb0-40e6-af49-713cb0f8ed92", @@ -5661,11 +5661,11 @@ ], "mitre_data_sources": [ "Application Log: Application Log Content", + "Cluster: Cluster Metadata", "Container: Container Enumeration", "Container: Container Metadata", - "Pod: Pod Metadata", - "Cluster: Cluster Metadata", - "Pod: Pod Enumeration" + "Pod: Pod Enumeration", + "Pod: Pod Metadata" ], "mitre_platforms": [ "Containers" @@ -5721,9 +5721,9 @@ "refs": [ "https://attack.mitre.org/techniques/T1514", "https://developer.apple.com/documentation/security/1540038-authorizationexecutewithprivileg", + "https://objective-see.com/blog/blog_0x2A.html", "https://speakerdeck.com/patrickwardle/defcon-2017-death-by-1000-installers-its-all-broken?slide=8", - "https://www.carbonblack.com/2019/02/12/tau-threat-intelligence-notification-new-macos-malware-variant-of-shlayer-osx-discovered/", - "https://objective-see.com/blog/blog_0x2A.html" + "https://www.carbonblack.com/2019/02/12/tau-threat-intelligence-notification-new-macos-malware-variant-of-shlayer-osx-discovered/" ] }, "related": [ @@ -5772,8 +5772,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1158", - "https://researchcenter.paloaltonetworks.com/2016/09/unit42-sofacys-komplex-os-x-trojan/", "https://blog.malwarebytes.com/threat-analysis/2017/01/new-mac-backdoor-using-antiquated-code/", + "https://researchcenter.paloaltonetworks.com/2016/09/unit42-sofacys-komplex-os-x-trojan/", "https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/Unit_42/unit42-wirelurker.pdf" ] }, @@ -5845,8 +5845,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1422", - "https://developer.android.com/reference/java/net/NetworkInterface.html", - "https://developer.android.com/reference/android/telephony/TelephonyManager.html" + "https://developer.android.com/reference/android/telephony/TelephonyManager.html", + "https://developer.android.com/reference/java/net/NetworkInterface.html" ] }, "uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", @@ -6050,15 +6050,15 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1528", - "https://www.amnesty.org/en/latest/research/2019/08/evolving-phishing-attacks-targeting-journalists-and-human-rights-defenders-from-the-middle-east-and-north-africa/", - "https://auth0.com/learn/refresh-tokens/", "https://auth0.com/blog/why-should-use-accesstokens-to-secure-an-api/", + "https://auth0.com/learn/refresh-tokens/", "https://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-abuses-open-authentication-advanced-social-engineering-attacks", - "https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/", "https://docs.microsoft.com/en-us/azure/active-directory/develop/access-tokens", + "https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols", "https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app", "https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow", - "https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols" + "https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/", + "https://www.amnesty.org/en/latest/research/2019/08/evolving-phishing-attacks-targeting-journalists-and-human-rights-defenders-from-the-middle-east-and-north-africa/" ] }, "uuid": "890c9858-598c-401d-a4d5-c67ebcdd703a", @@ -6191,11 +6191,11 @@ "mitre-attack:lateral-movement" ], "mitre_data_sources": [ + "Command: Command Execution", + "Logon Session: Logon Session Creation", "Network Traffic: Network Traffic Content", "Network Traffic: Network Traffic Flow", - "Command: Command Execution", - "Process: Process Creation", - "Logon Session: Logon Session Creation" + "Process: Process Creation" ], "mitre_platforms": [ "Linux", @@ -6204,8 +6204,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1563", - "https://medium.com/@networksecurity/rdp-hijacking-how-to-hijack-rds-and-remoteapp-sessions-transparently-to-move-through-an-da2a1e73a5f6", - "https://matrix.org/blog/2019/05/08/post-mortem-and-remediations-for-apr-11-security-incident" + "https://matrix.org/blog/2019/05/08/post-mortem-and-remediations-for-apr-11-security-incident", + "https://medium.com/@networksecurity/rdp-hijacking-how-to-hijack-rds-and-remoteapp-sessions-transparently-to-move-through-an-da2a1e73a5f6" ] }, "uuid": "5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5", @@ -6219,8 +6219,8 @@ "mitre-attack:credential-access" ], "mitre_data_sources": [ - "Process: Process Access", - "File: File Access" + "File: File Access", + "Process: Process Access" ], "mitre_platforms": [ "Linux", @@ -6232,11 +6232,11 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1539", - "https://wunderwuzzi23.github.io/blog/passthecookie.html", + "https://github.com/kgretzky/evilginx2", + "https://github.com/muraenateam/muraena", "https://securelist.com/project-tajmahal/90240/", "https://unit42.paloaltonetworks.com/mac-malware-steals-cryptocurrency-exchanges-cookies/", - "https://github.com/kgretzky/evilginx2", - "https://github.com/muraenateam/muraena" + "https://wunderwuzzi23.github.io/blog/passthecookie.html" ] }, "uuid": "10ffac09-e42d-4f56-ab20-db94c67d76ff", @@ -6269,8 +6269,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1399", - "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-27.html", "https://hackinparis.com/data/slides/2013/Slidesthomasroth.pdf", + "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-27.html", "https://www.apple.com/business/docs/iOS_Security_Guide.pdf" ] }, @@ -6290,10 +6290,10 @@ "iOS" ], "refs": [ - "https://attack.mitre.org/techniques/T1444", - "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-31.html", - "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-14.html", "http://ieeexplore.ieee.org/document/6234407", + "https://attack.mitre.org/techniques/T1444", + "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-14.html", + "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-31.html", "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/" ] }, @@ -6308,10 +6308,10 @@ "mitre-attack:persistence" ], "mitre_data_sources": [ - "File: File Modification", - "File: File Metadata", "File: File Creation", - "File: File Deletion" + "File: File Deletion", + "File: File Metadata", + "File: File Modification" ], "mitre_platforms": [ "Linux", @@ -6334,13 +6334,13 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ + "Command: Command Execution", "File: File Metadata", + "File: File Modification", "Process: OS API Execution", "Process: Process Creation", - "File: File Modification", "Process: Process Metadata", - "Windows Registry: Windows Registry Key Modification", - "Command: Command Execution" + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Linux", @@ -6366,9 +6366,9 @@ "iOS" ], "refs": [ + "http://csrc.nist.gov/publications/drafts/800-187/sp800_187_draft.pdf", "https://attack.mitre.org/techniques/T1466", - "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-3.html", - "http://csrc.nist.gov/publications/drafts/800-187/sp800_187_draft.pdf" + "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-3.html" ] }, "uuid": "f58cd69a-e548-478b-9248-8a9af881dc34", @@ -6386,9 +6386,9 @@ "iOS" ], "refs": [ + "http://www.computerworld.com/article/2484538/cybercrime-hacking/researchers-exploit-cellular-tech-flaws-to-intercept-phone-calls.html", "https://attack.mitre.org/techniques/T1467", - "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-7.html", - "http://www.computerworld.com/article/2484538/cybercrime-hacking/researchers-exploit-cellular-tech-flaws-to-intercept-phone-calls.html" + "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-7.html" ] }, "uuid": "a5de0540-73e7-4c67-96da-4143afedc7ed", @@ -6402,12 +6402,12 @@ "mitre-attack:impact" ], "mitre_data_sources": [ + "Cloud Storage: Cloud Storage Metadata", + "Cloud Storage: Cloud Storage Modification", + "Command: Command Execution", "File: File Creation", "File: File Modification", - "Cloud Storage: Cloud Storage Modification", - "Process: Process Creation", - "Command: Command Execution", - "Cloud Storage: Cloud Storage Metadata" + "Process: Process Creation" ], "mitre_platforms": [ "Linux", @@ -6417,13 +6417,13 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1486", + "https://digital.nhs.uk/cyber-alerts/2020/cc-3681#summary", + "https://rhinosecuritylabs.com/aws/s3-ransomware-part-1-attack-vector/", "https://www.carbonblack.com/blog/tau-threat-discovery-conti-ransomware/", "https://www.fireeye.com/blog/threat-research/2017/05/wannacry-malware-profile.html", - "https://rhinosecuritylabs.com/aws/s3-ransomware-part-1-attack-vector/", - "https://digital.nhs.uk/cyber-alerts/2020/cc-3681#summary", + "https://www.us-cert.gov/ncas/alerts/AA18-337A", "https://www.us-cert.gov/ncas/alerts/TA16-091A", - "https://www.us-cert.gov/ncas/alerts/TA17-181A", - "https://www.us-cert.gov/ncas/alerts/AA18-337A" + "https://www.us-cert.gov/ncas/alerts/TA17-181A" ] }, "uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", @@ -6441,12 +6441,12 @@ "iOS" ], "refs": [ + "http://www.forbes.com/2009/07/28/hackers-iphone-apple-technology-security-hackers.html", + "http://www.theregister.co.uk/2015/11/12/mobile_pwn2own1/", "https://attack.mitre.org/techniques/T1477", "https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html", - "http://www.theregister.co.uk/2015/11/12/mobile_pwn2own1/", - "https://www.usenix.org/system/files/conference/woot12/woot12-final24.pdf", - "http://www.forbes.com/2009/07/28/hackers-iphone-apple-technology-security-hackers.html", - "https://srlabs.de/bites/rooting-sim-cards/" + "https://srlabs.de/bites/rooting-sim-cards/", + "https://www.usenix.org/system/files/conference/woot12/woot12-final24.pdf" ] }, "uuid": "2d646840-f6f5-4619-a5a8-29c8316bbac5", @@ -6476,10 +6476,10 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1498", + "https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/netflow/configuration/15-mt/nf-15-mt-book/nf-detct-analy-thrts.pdf", "https://www.fireeye.com/blog/threat-research/2014/11/operation-poisoned-handover-unveiling-ties-between-apt-activity-in-hong-kongs-pro-democracy-movement.html", "https://www.ic3.gov/media/2012/FraudAlertFinancialInstitutionEmployeeCredentialsTargeted.pdf", - "https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-continued-rise-of-ddos-attacks.pdf", - "https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/netflow/configuration/15-mt/nf-15-mt-book/nf-detct-analy-thrts.pdf" + "https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-continued-rise-of-ddos-attacks.pdf" ] }, "uuid": "d74c4a7e-ffbf-432f-9365-7ebf1f787cab", @@ -6493,10 +6493,10 @@ "mitre-attack:impact" ], "mitre_data_sources": [ + "Application Log: Application Log Content", "Network Traffic: Network Traffic Content", - "Sensor Health: Host Status", "Network Traffic: Network Traffic Flow", - "Application Log: Application Log Content" + "Sensor Health: Host Status" ], "mitre_platforms": [ "Windows", @@ -6510,17 +6510,17 @@ "Containers" ], "refs": [ - "https://attack.mitre.org/techniques/T1499", - "https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/netflow/configuration/15-mt/nf-15-mt-book/nf-detct-analy-thrts.pdf", - "https://www.ic3.gov/media/2012/FraudAlertFinancialInstitutionEmployeeCredentialsTargeted.pdf", "https://arstechnica.com/information-technology/2015/03/massive-denial-of-service-attack-on-github-tied-to-chinese-government/", - "https://www.fireeye.com/blog/threat-research/2014/11/operation-poisoned-handover-unveiling-ties-between-apt-activity-in-hong-kongs-pro-democracy-movement.html", - "https://www.justice.gov/opa/pr/seven-iranians-working-islamic-revolutionary-guard-corps-affiliated-entities-charged", - "https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-continued-rise-of-ddos-attacks.pdf", - "https://capec.mitre.org/data/definitions/227.html", - "https://capec.mitre.org/data/definitions/131.html", + "https://attack.mitre.org/techniques/T1499", + "https://capec.mitre.org/data/definitions/125.html", "https://capec.mitre.org/data/definitions/130.html", - "https://capec.mitre.org/data/definitions/125.html" + "https://capec.mitre.org/data/definitions/131.html", + "https://capec.mitre.org/data/definitions/227.html", + "https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/netflow/configuration/15-mt/nf-15-mt-book/nf-detct-analy-thrts.pdf", + "https://www.fireeye.com/blog/threat-research/2014/11/operation-poisoned-handover-unveiling-ties-between-apt-activity-in-hong-kongs-pro-democracy-movement.html", + "https://www.ic3.gov/media/2012/FraudAlertFinancialInstitutionEmployeeCredentialsTargeted.pdf", + "https://www.justice.gov/opa/pr/seven-iranians-working-islamic-revolutionary-guard-corps-affiliated-entities-charged", + "https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-continued-rise-of-ddos-attacks.pdf" ] }, "uuid": "c675646d-e204-4aa8-978d-e3d6d65885c4", @@ -6535,10 +6535,10 @@ ], "mitre_data_sources": [ "Command: Command Execution", - "Process: Process Creation", "File: File Access", "Process: OS API Execution", - "Process: Process Access" + "Process: Process Access", + "Process: Process Creation" ], "mitre_platforms": [ "Linux", @@ -6560,9 +6560,9 @@ "mitre-attack:exfiltration" ], "mitre_data_sources": [ - "Network Traffic: Network Traffic Content", - "File: File Access", "Command: Command Execution", + "File: File Access", + "Network Traffic: Network Traffic Content", "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ @@ -6590,13 +6590,13 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1596", - "https://www.whois.net/", "https://dnsdumpster.com/", - "https://www.circl.lu/services/passive-dns/", "https://medium.com/@menakajain/export-download-ssl-certificate-from-server-site-url-bcfc41ea46a2", - "https://www.sslshopper.com/ssl-checker.html", + "https://shodan.io", + "https://www.circl.lu/services/passive-dns/", "https://www.digitalshadows.com/blog-and-research/content-delivery-networks-cdns-can-leave-you-exposed-how-you-might-be-affected-and-what-you-can-do-about-it/", - "https://shodan.io" + "https://www.sslshopper.com/ssl-checker.html", + "https://www.whois.net/" ] }, "uuid": "55fc4df0-b42c-479a-b860-7a6761bcaad0", @@ -6610,20 +6610,20 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "Instance: Instance Modification", - "Snapshot: Snapshot Modification", - "Volume: Volume Modification", - "Instance: Instance Stop", - "Volume: Volume Metadata", - "Instance: Instance Metadata", - "Volume: Volume Deletion", - "Instance: Instance Deletion", - "Instance: Instance Start", - "Snapshot: Snapshot Deletion", - "Volume: Volume Creation", - "Snapshot: Snapshot Creation", "Instance: Instance Creation", - "Snapshot: Snapshot Metadata" + "Instance: Instance Deletion", + "Instance: Instance Metadata", + "Instance: Instance Modification", + "Instance: Instance Start", + "Instance: Instance Stop", + "Snapshot: Snapshot Creation", + "Snapshot: Snapshot Deletion", + "Snapshot: Snapshot Metadata", + "Snapshot: Snapshot Modification", + "Volume: Volume Creation", + "Volume: Volume Deletion", + "Volume: Volume Metadata", + "Volume: Volume Modification" ], "mitre_platforms": [ "IaaS" @@ -6652,14 +6652,14 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1589", - "https://www.opm.gov/cybersecurity/cybersecurity-incidents/", - "https://labs.detectify.com/2016/04/28/slack-bot-token-leakage-exposing-business-critical-information/", "https://github.com/dxa4481/truffleHog", - "https://grimhacker.com/2017/07/24/office365-activesync-username-enumeration/", - "https://www.theregister.com/2015/02/28/uber_subpoenas_github_for_hacker_details/", "https://github.com/michenriksen/gitrob", + "https://grimhacker.com/2017/07/24/office365-activesync-username-enumeration/", + "https://labs.detectify.com/2016/04/28/slack-bot-token-leakage-exposing-business-critical-information/", "https://www.cnet.com/news/massive-breach-leaks-773-million-emails-21-million-passwords/", "https://www.forbes.com/sites/runasandvik/2014/01/14/attackers-scrape-github-for-cloud-service-credentials-hijack-account-to-mine-virtual-currency/#242c479d3196", + "https://www.opm.gov/cybersecurity/cybersecurity-incidents/", + "https://www.theregister.com/2015/02/28/uber_subpoenas_github_for_hacker_details/", "https://www.theregister.com/2017/09/26/deloitte_leak_github_and_google/" ] }, @@ -6674,18 +6674,18 @@ "mitre-attack:collection" ], "mitre_data_sources": [ - "Network Traffic: Network Traffic Content", - "Network Traffic: Network Connection Creation" + "Network Traffic: Network Connection Creation", + "Network Traffic: Network Traffic Content" ], "mitre_platforms": [ "Network" ], "refs": [ "https://attack.mitre.org/techniques/T1602/001", - "https://www.sans.org/reading-room/whitepapers/networkdevs/securing-snmp-net-snmp-snmpv3-1051", - "https://www.us-cert.gov/ncas/alerts/TA18-106A", "https://community.cisco.com/t5/security-blogs/attackers-continue-to-target-legacy-devices/ba-p/4169954", - "https://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20080610-SNMPv3" + "https://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20080610-SNMPv3", + "https://www.sans.org/reading-room/whitepapers/networkdevs/securing-snmp-net-snmp-snmpv3-1051", + "https://www.us-cert.gov/ncas/alerts/TA18-106A" ] }, "related": [ @@ -6706,17 +6706,17 @@ "mitre-attack:privilege-escalation" ], "mitre_data_sources": [ - "Windows Registry: Windows Registry Key Creation", "Command: Command Execution", - "Process: Process Creation" + "Process: Process Creation", + "Windows Registry: Windows Registry Key Creation" ], "mitre_platforms": [ "Windows" ], "refs": [ + "http://www.hexacorn.com/blog/2014/11/14/beyond-good-ol-run-key-part-18/", "https://attack.mitre.org/techniques/T1037/001", - "https://technet.microsoft.com/en-us/library/cc758918(v=ws.10).aspx", - "http://www.hexacorn.com/blog/2014/11/14/beyond-good-ol-run-key-part-18/" + "https://technet.microsoft.com/en-us/library/cc758918(v=ws.10).aspx" ] }, "related": [ @@ -6752,17 +6752,17 @@ ], "mitre_data_sources": [ "Module: Module Load", - "Process: Process Modification", "Process: OS API Execution", - "Process: Process Access" + "Process: Process Access", + "Process: Process Modification" ], "mitre_platforms": [ "Windows" ], "refs": [ "https://attack.mitre.org/techniques/T1055/001", - "https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process", - "https://www.endgame.com/blog/technical-blog/hunting-memory" + "https://www.endgame.com/blog/technical-blog/hunting-memory", + "https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process" ] }, "related": [ @@ -6782,8 +6782,8 @@ "mitre-attack:initial-access" ], "mitre_data_sources": [ - "Network Traffic: Network Traffic Content", - "Application Log: Application Log Content" + "Application Log: Application Log Content", + "Network Traffic: Network Traffic Content" ], "mitre_platforms": [ "Windows", @@ -6795,13 +6795,13 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1190", - "https://cwe.mitre.org/top25/index.html", - "https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-microsoft-windows-smb-server-could-allow-for-remote-code-execution/", - "https://nvd.nist.gov/vuln/detail/CVE-2016-6662", - "https://nvd.nist.gov/vuln/detail/CVE-2014-7169", "https://community.cisco.com/t5/security-blogs/attackers-continue-to-target-legacy-devices/ba-p/4169954", - "https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project", - "https://us-cert.cisa.gov/ncas/alerts/TA18-106A" + "https://cwe.mitre.org/top25/index.html", + "https://nvd.nist.gov/vuln/detail/CVE-2014-7169", + "https://nvd.nist.gov/vuln/detail/CVE-2016-6662", + "https://us-cert.cisa.gov/ncas/alerts/TA18-106A", + "https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-microsoft-windows-smb-server-could-allow-for-remote-code-execution/", + "https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project" ] }, "uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", @@ -6829,8 +6829,8 @@ "mitre-attack:command-and-control" ], "mitre_data_sources": [ - "Network Traffic: Network Traffic Flow", - "Network Traffic: Network Traffic Content" + "Network Traffic: Network Traffic Content", + "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ "Windows", @@ -6839,12 +6839,12 @@ "Network" ], "refs": [ - "https://attack.mitre.org/techniques/T1095", "http://en.wikipedia.org/wiki/List_of_network_protocols_%28OSI_model%29", - "https://blogs.cisco.com/security/evolution-of-attacks-on-cisco-ios-devices", "http://support.microsoft.com/KB/170292", - "https://community.cisco.com/t5/security-blogs/attackers-continue-to-target-legacy-devices/ba-p/4169954", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/techniques/T1095", + "https://blogs.cisco.com/security/evolution-of-attacks-on-cisco-ios-devices", + "https://community.cisco.com/t5/security-blogs/attackers-continue-to-target-legacy-devices/ba-p/4169954" ] }, "uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", @@ -6858,9 +6858,9 @@ "mitre-attack:credential-access" ], "mitre_data_sources": [ - "Windows Registry: Windows Registry Key Modification", "Driver: Driver Load", - "Process: OS API Execution" + "Process: OS API Execution", + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Linux", @@ -6868,10 +6868,10 @@ "macOS" ], "refs": [ + "http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-finding-holes-operation-emmental.pdf", "https://attack.mitre.org/techniques/T1111", "https://dl.mandiant.com/EE/assets/PDF_MTrends_2011.pdf", - "https://gcn.com/articles/2011/06/07/rsa-confirms-tokens-used-to-hack-lockheed.aspx", - "http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-finding-holes-operation-emmental.pdf" + "https://gcn.com/articles/2011/06/07/rsa-confirms-tokens-used-to-hack-lockheed.aspx" ] }, "uuid": "dd43c543-bb85-4a6f-aa6e-160d90d06a49", @@ -6990,8 +6990,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1003/008", - "https://www.tldp.org/LDP/lame/LAME/linux-admin-made-easy/shadow-file-formats.html", - "https://www.cyberciti.biz/faq/unix-linux-password-cracking-john-the-ripper/" + "https://www.cyberciti.biz/faq/unix-linux-password-cracking-john-the-ripper/", + "https://www.tldp.org/LDP/lame/LAME/linux-admin-made-easy/shadow-file-formats.html" ] }, "related": [ @@ -7012,23 +7012,23 @@ ], "mitre_data_sources": [ "Command: Command Execution", - "Network Traffic: Network Traffic Flow", + "Logon Session: Logon Session Creation", "Network Share: Network Share Access", "Network Traffic: Network Connection Creation", - "Logon Session: Logon Session Creation" + "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ "Windows" ], "refs": [ + "http://support.microsoft.com/kb/314984", "https://attack.mitre.org/techniques/T1021/002", "https://capec.mitre.org/data/definitions/561.html", - "https://en.wikipedia.org/wiki/Server_Message_Block", - "https://technet.microsoft.com/en-us/library/cc787851.aspx", - "http://support.microsoft.com/kb/314984", - "https://docs.microsoft.com/en-us/archive/blogs/jepayne/tracking-lateral-movement-part-one-special-groups-and-specific-service-accounts", "https://docs.microsoft.com/en-us/archive/blogs/jepayne/monitoring-what-matters-windows-event-forwarding-for-everyone-even-if-you-already-have-a-siem", - "https://medium.com/threatpunter/detecting-removing-wmi-persistence-60ccbb7dff96" + "https://docs.microsoft.com/en-us/archive/blogs/jepayne/tracking-lateral-movement-part-one-special-groups-and-specific-service-accounts", + "https://en.wikipedia.org/wiki/Server_Message_Block", + "https://medium.com/threatpunter/detecting-removing-wmi-persistence-60ccbb7dff96", + "https://technet.microsoft.com/en-us/library/cc787851.aspx" ] }, "related": [ @@ -7076,9 +7076,9 @@ "mitre-attack:credential-access" ], "mitre_data_sources": [ + "Command: Command Execution", "File: File Access", - "Windows Registry: Windows Registry Key Access", - "Command: Command Execution" + "Windows Registry: Windows Registry Key Access" ], "mitre_platforms": [ "Windows" @@ -7140,9 +7140,9 @@ "refs": [ "https://attack.mitre.org/techniques/T1003/005", "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh994565(v%3Dws.11)", - "https://passlib.readthedocs.io/en/stable/lib/passlib.hash.msdcc2.html", + "https://github.com/mattifestation/PowerSploit", "https://ired.team/offensive-security/credential-access-and-credential-dumping/dumping-and-cracking-mscash-cached-domain-credentials", - "https://github.com/mattifestation/PowerSploit" + "https://passlib.readthedocs.io/en/stable/lib/passlib.hash.msdcc2.html" ] }, "related": [ @@ -7163,9 +7163,9 @@ ], "mitre_data_sources": [ "Command: Command Execution", - "User Account: User Account Authentication", + "File: File Deletion", "File: File Modification", - "File: File Deletion" + "User Account: User Account Authentication" ], "mitre_platforms": [ "Linux", @@ -7176,9 +7176,9 @@ "refs": [ "https://attack.mitre.org/techniques/T1070/003", "https://community.sophos.com/products/intercept/early-access-program/f/live-discover-response-queries/121529/live-discover---powershell-command-audit", + "https://community.sophos.com/products/malware/b/blog/posts/powershell-command-history-forensics", "https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_history?view=powershell-7", - "https://www.us-cert.gov/ncas/alerts/TA18-106A", - "https://community.sophos.com/products/malware/b/blog/posts/powershell-command-history-forensics" + "https://www.us-cert.gov/ncas/alerts/TA18-106A" ] }, "related": [ @@ -7198,11 +7198,11 @@ "mitre-attack:exfiltration" ], "mitre_data_sources": [ - "Network Traffic: Network Traffic Content", + "Command: Command Execution", "File: File Access", "Network Traffic: Network Connection Creation", - "Network Traffic: Network Traffic Flow", - "Command: Command Execution" + "Network Traffic: Network Traffic Content", + "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ "Linux", @@ -7239,8 +7239,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1102/001", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/techniques/T1102/001" ] }, "related": [ @@ -7260,19 +7260,19 @@ "mitre-attack:lateral-movement" ], "mitre_data_sources": [ - "Network Traffic: Network Traffic Flow", - "Process: Process Creation", "Logon Session: Logon Session Creation", - "Network Traffic: Network Connection Creation" + "Network Traffic: Network Connection Creation", + "Network Traffic: Network Traffic Flow", + "Process: Process Creation" ], "mitre_platforms": [ "Windows" ], "refs": [ + "http://blog.crowdstrike.com/adversary-tricks-crowdstrike-treats/", "https://attack.mitre.org/techniques/T1021/001", "https://capec.mitre.org/data/definitions/555.html", - "https://technet.microsoft.com/en-us/windowsserver/ee236407.aspx", - "http://blog.crowdstrike.com/adversary-tricks-crowdstrike-treats/" + "https://technet.microsoft.com/en-us/windowsserver/ee236407.aspx" ] }, "related": [ @@ -7327,14 +7327,14 @@ "Network" ], "refs": [ + "http://2015.zeronights.org/assets/files/05-Nosenko.pdf", "https://attack.mitre.org/techniques/T1601/001", "https://drwho.virtadpt.net/images/killing_the_myth_of_cisco_ios_rootkits.pdf", - "https://www.usenix.org/legacy/event/woot/tech/final_files/Cui.pdf", - "http://2015.zeronights.org/assets/files/05-Nosenko.pdf", - "https://www.recurity-labs.com/research/RecurityLabs_Developments_in_IOS_Forensics.pdf", - "https://www.blackhat.com/presentations/bh-usa-09/NEILSON/BHUSA09-Neilson-NetscreenDead-SLIDES.pdf", + "https://tools.cisco.com/security/center/resources/integrity_assurance.html#13", "https://tools.cisco.com/security/center/resources/integrity_assurance.html#7", - "https://tools.cisco.com/security/center/resources/integrity_assurance.html#13" + "https://www.blackhat.com/presentations/bh-usa-09/NEILSON/BHUSA09-Neilson-NetscreenDead-SLIDES.pdf", + "https://www.recurity-labs.com/research/RecurityLabs_Developments_in_IOS_Forensics.pdf", + "https://www.usenix.org/legacy/event/woot/tech/final_files/Cui.pdf" ] }, "related": [ @@ -7354,10 +7354,10 @@ "mitre-attack:exfiltration" ], "mitre_data_sources": [ - "Drive: Drive Creation", - "Process: Process Creation", "Command: Command Execution", - "File: File Access" + "Drive: Drive Creation", + "File: File Access", + "Process: Process Creation" ], "mitre_platforms": [ "Linux", @@ -7412,21 +7412,21 @@ "mitre-attack:lateral-movement" ], "mitre_data_sources": [ - "Network Traffic: Network Connection Creation", "Command: Command Execution", - "Service: Service Metadata", + "Logon Session: Logon Session Creation", + "Network Traffic: Network Connection Creation", "Process: Process Creation", - "Logon Session: Logon Session Creation" + "Service: Service Metadata" ], "mitre_platforms": [ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1021/006", "http://msdn.microsoft.com/en-us/library/aa384426", - "https://www.slideshare.net/kieranjacobsen/lateral-movement-with-power-shell-2", + "https://attack.mitre.org/techniques/T1021/006", + "https://medium.com/threatpunter/detecting-lateral-movement-using-sysmon-and-splunk-318d3be141bc", "https://msdn.microsoft.com/en-us/library/aa394582.aspx", - "https://medium.com/threatpunter/detecting-lateral-movement-using-sysmon-and-splunk-318d3be141bc" + "https://www.slideshare.net/kieranjacobsen/lateral-movement-with-power-shell-2" ] }, "related": [ @@ -7446,8 +7446,8 @@ "mitre-attack:command-and-control" ], "mitre_data_sources": [ - "Network Traffic: Network Traffic Flow", - "Network Traffic: Network Traffic Content" + "Network Traffic: Network Traffic Content", + "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ "Linux", @@ -7455,8 +7455,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1071/002", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/techniques/T1071/002" ] }, "related": [ @@ -7505,9 +7505,9 @@ ], "mitre_data_sources": [ "Command: Command Execution", - "Windows Registry: Windows Registry Key Modification", "File: File Access", - "File: File Creation" + "File: File Creation", + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Linux", @@ -7549,15 +7549,15 @@ "refs": [ "https://attack.mitre.org/techniques/T1550/001", "https://auth0.com/blog/why-should-use-accesstokens-to-secure-an-api/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html", - "https://docs.microsoft.com/en-us/azure/active-directory/develop/access-tokens", + "https://capec.mitre.org/data/definitions/593.html", "https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials ", "https://cloud.google.com/iam/docs/service-account-monitoring", "https://developer.okta.com/blog/2018/06/20/what-happens-if-your-jwt-is-stolen", + "https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html", + "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html", + "https://docs.microsoft.com/en-us/azure/active-directory/develop/access-tokens", "https://rhinosecuritylabs.com/aws/assume-worst-aws-assume-role-enumeration", - "https://staaldraad.github.io/2017/08/02/o356-phishing-with-oauth/", - "https://capec.mitre.org/data/definitions/593.html" + "https://staaldraad.github.io/2017/08/02/o356-phishing-with-oauth/" ] }, "related": [ @@ -7585,11 +7585,11 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1505/001", + "https://blog.netspi.com/attacking-sql-server-clr-assemblies/", "https://blog.netspi.com/sql-server-persistence-part-1-startup-stored-procedures/", - "https://securelist.com/malicious-tasks-in-ms-sql-server/92167/", - "https://docs.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/xp-cmdshell-transact-sql?view=sql-server-2017", "https://docs.microsoft.com/en-us/sql/relational-databases/clr-integration/common-language-runtime-integration-overview?view=sql-server-2017", - "https://blog.netspi.com/attacking-sql-server-clr-assemblies/" + "https://docs.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/xp-cmdshell-transact-sql?view=sql-server-2017", + "https://securelist.com/malicious-tasks-in-ms-sql-server/92167/" ] }, "related": [ @@ -7609,9 +7609,9 @@ "mitre-attack:collection" ], "mitre_data_sources": [ - "Process: Process Creation", "Command: Command Execution", - "File: File Creation" + "File: File Creation", + "Process: Process Creation" ], "mitre_platforms": [ "Linux", @@ -7620,11 +7620,11 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1560/001", - "https://www.rarlab.com/", - "https://www.winzip.com/win/en/", - "https://www.7-zip.org/", + "https://en.wikipedia.org/wiki/List_of_file_signatures", "https://lolbas-project.github.io/lolbas/Binaries/Diantz/", - "https://en.wikipedia.org/wiki/List_of_file_signatures" + "https://www.7-zip.org/", + "https://www.rarlab.com/", + "https://www.winzip.com/win/en/" ] }, "related": [ @@ -7644,8 +7644,8 @@ "mitre-attack:persistence" ], "mitre_data_sources": [ - "User Account: User Account Modification", - "Active Directory: Active Directory Object Modification" + "Active Directory: Active Directory Object Modification", + "User Account: User Account Modification" ], "mitre_platforms": [ "IaaS", @@ -7654,13 +7654,13 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1098/001", - "https://expel.io/blog/finding-evil-in-aws/", - "https://nedinthecloud.com/2019/07/16/demystifying-azure-ad-service-principals/", "https://cloud.google.com/sdk/gcloud/reference/compute/os-login/ssh-keys/add", - "https://www.youtube.com/watch?v=wQ1CuAPnrLM&feature=youtu.be&t=2815", - "https://speakerdeck.com/tweekfawkes/blue-cloud-of-death-red-teaming-azure-1", + "https://expel.io/blog/behind-the-scenes-expel-soc-alert-aws/", + "https://expel.io/blog/finding-evil-in-aws/", "https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/", - "https://expel.io/blog/behind-the-scenes-expel-soc-alert-aws/" + "https://nedinthecloud.com/2019/07/16/demystifying-azure-ad-service-principals/", + "https://speakerdeck.com/tweekfawkes/blue-cloud-of-death-red-teaming-azure-1", + "https://www.youtube.com/watch?v=wQ1CuAPnrLM&feature=youtu.be&t=2815" ] }, "related": [ @@ -7680,10 +7680,10 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "File: File Metadata", - "Process: Process Creation", + "Command: Command Execution", "File: File Creation", - "Command: Command Execution" + "File: File Metadata", + "Process: Process Creation" ], "mitre_platforms": [ "Linux", @@ -7692,8 +7692,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1027/004", - "https://www.clearskysec.com/wp-content/uploads/2018/11/MuddyWater-Operations-in-Lebanon-and-Oman.pdf", - "https://blog.trendmicro.com/trendlabs-security-intelligence/windows-app-runs-on-mac-downloads-info-stealer-and-adware/" + "https://blog.trendmicro.com/trendlabs-security-intelligence/windows-app-runs-on-mac-downloads-info-stealer-and-adware/", + "https://www.clearskysec.com/wp-content/uploads/2018/11/MuddyWater-Operations-in-Lebanon-and-Oman.pdf" ] }, "related": [ @@ -7714,8 +7714,8 @@ ], "mitre_data_sources": [ "Command: Command Execution", - "File: File Creation", - "File: File Access" + "File: File Access", + "File: File Creation" ], "mitre_platforms": [ "Windows", @@ -7746,9 +7746,9 @@ "mitre-attack:privilege-escalation" ], "mitre_data_sources": [ - "Process: Process Modification", "Process: OS API Execution", - "Process: Process Access" + "Process: Process Access", + "Process: Process Modification" ], "mitre_platforms": [ "Windows" @@ -7776,8 +7776,8 @@ "mitre-attack:lateral-movement" ], "mitre_data_sources": [ - "Logon Session: Logon Session Creation", "Active Directory: Active Directory Credential Request", + "Logon Session: Logon Session Creation", "User Account: User Account Authentication" ], "mitre_platforms": [ @@ -7806,8 +7806,8 @@ "mitre-attack:collection" ], "mitre_data_sources": [ - "Script: Script Execution", - "File: File Creation" + "File: File Creation", + "Script: Script Execution" ], "mitre_platforms": [ "Linux", @@ -7816,10 +7816,10 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1560/002", - "https://pypi.org/project/rarfile/", - "https://libzip.org/", + "https://en.wikipedia.org/wiki/List_of_file_signatures", "https://github.com/madler/zlib", - "https://en.wikipedia.org/wiki/List_of_file_signatures" + "https://libzip.org/", + "https://pypi.org/project/rarfile/" ] }, "related": [ @@ -7840,9 +7840,9 @@ "mitre-attack:credential-access" ], "mitre_data_sources": [ - "Script: Script Execution", + "Command: Command Execution", "Process: Process Creation", - "Command: Command Execution" + "Script: Script Execution" ], "mitre_platforms": [ "macOS", @@ -7851,12 +7851,12 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1056/002", - "https://capec.mitre.org/data/definitions/659.html", "https://baesystemsai.blogspot.com/2015/06/new-mac-os-malware-exploits-mackeeper.html", - "https://logrhythm.com/blog/do-you-trust-your-computer/", - "https://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials/", + "https://capec.mitre.org/data/definitions/659.html", "https://embracethered.com/blog/posts/2021/spoofing-credential-dialogs/", - "https://enigma0x3.net/2015/01/21/phishing-for-credentials-if-you-want-it-just-ask/" + "https://enigma0x3.net/2015/01/21/phishing-for-credentials-if-you-want-it-just-ask/", + "https://logrhythm.com/blog/do-you-trust-your-computer/", + "https://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials/" ] }, "related": [ @@ -7876,10 +7876,10 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "Process: Process Metadata", - "File: File Modification", "Command: Command Execution", - "File: File Metadata" + "File: File Metadata", + "File: File Modification", + "Process: Process Metadata" ], "mitre_platforms": [ "Linux", @@ -7887,10 +7887,10 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1036/003", - "https://lolbas-project.github.io/", "http://pages.endgame.com/rs/627-YBU-612/images/EndgameJournal_The%20Masquerade%20Ball_Pages_R2.pdf", + "https://attack.mitre.org/techniques/T1036/003", "https://blog-assets.f-secure.com/wp-content/uploads/2019/10/15163418/CozyDuke.pdf", + "https://lolbas-project.github.io/", "https://twitter.com/ItsReallyNick/status/1055321652777619457" ] }, @@ -7912,11 +7912,11 @@ "mitre-attack:privilege-escalation" ], "mitre_data_sources": [ - "Process: Process Creation", - "Command: Command Execution", - "File: File Modification", "Active Directory: Active Directory Object Modification", - "File: File Creation" + "Command: Command Execution", + "File: File Creation", + "File: File Modification", + "Process: Process Creation" ], "mitre_platforms": [ "Windows" @@ -7944,9 +7944,9 @@ "mitre-attack:privilege-escalation" ], "mitre_data_sources": [ - "Process: Process Modification", + "Process: OS API Execution", "Process: Process Access", - "Process: OS API Execution" + "Process: Process Modification" ], "mitre_platforms": [ "Windows" @@ -7974,21 +7974,21 @@ "mitre-attack:lateral-movement" ], "mitre_data_sources": [ - "User Account: User Account Authentication", "Active Directory: Active Directory Credential Request", - "Logon Session: Logon Session Creation" + "Logon Session: Logon Session Creation", + "User Account: User Account Authentication" ], "mitre_platforms": [ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1550/003", - "https://capec.mitre.org/data/definitions/645.html", - "https://adsecurity.org/?p=556", "http://blog.gentilkiwi.com/securite/mimikatz/pass-the-ticket-kerberos", "http://defcon.org/images/defcon-22/dc-22-presentations/Campbell/DEFCON-22-Christopher-Campbell-The-Secret-Life-of-Krbtgt.pdf", - "https://stealthbits.com/blog/how-to-detect-overpass-the-hash-attacks/", - "https://cert.europa.eu/static/WhitePapers/UPDATED%20-%20CERT-EU_Security_Whitepaper_2014-007_Kerberos_Golden_Ticket_Protection_v1_4.pdf" + "https://adsecurity.org/?p=556", + "https://attack.mitre.org/techniques/T1550/003", + "https://capec.mitre.org/data/definitions/645.html", + "https://cert.europa.eu/static/WhitePapers/UPDATED%20-%20CERT-EU_Security_Whitepaper_2014-007_Kerberos_Golden_Ticket_Protection_v1_4.pdf", + "https://stealthbits.com/blog/how-to-detect-overpass-the-hash-attacks/" ] }, "related": [ @@ -8041,8 +8041,8 @@ "mitre-attack:privilege-escalation" ], "mitre_data_sources": [ - "File: File Creation", "Container: Container Creation", + "File: File Creation", "Scheduled Job: Scheduled Job Creation" ], "mitre_platforms": [ @@ -8050,8 +8050,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1053/007", - "https://kubernetes.io/docs/concepts/workloads/controllers/job/", "https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/", + "https://kubernetes.io/docs/concepts/workloads/controllers/job/", "https://www.microsoft.com/security/blog/2020/04/02/attack-matrix-kubernetes/" ] }, @@ -8132,9 +8132,9 @@ "macOS" ], "refs": [ + "https://arstechnica.com/security/2016/07/after-hiatus-in-the-wild-mac-backdoors-are-suddenly-back/", "https://attack.mitre.org/techniques/T1036/006", - "https://capec.mitre.org/data/definitions/649.html", - "https://arstechnica.com/security/2016/07/after-hiatus-in-the-wild-mac-backdoors-are-suddenly-back/" + "https://capec.mitre.org/data/definitions/649.html" ] }, "related": [ @@ -8162,8 +8162,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1036/007", - "https://www.pcmag.com/encyclopedia/term/double-extension", "https://socprime.com/blog/rule-of-the-week-possible-malicious-file-double-extension/", + "https://www.pcmag.com/encyclopedia/term/double-extension", "https://www.seqrite.com/blog/how-to-avoid-dual-attack-and-vulnerable-files-with-double-extension/" ] }, @@ -8223,11 +8223,11 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1098/003", - "https://expel.com/blog/incident-report-from-cli-to-console-chasing-an-attacker-in-aws/", - "https://docs.microsoft.com/en-us/office365/admin/add-users/about-admin-roles?view=o365-worldwide", - "https://posts.specterops.io/azure-privilege-escalation-via-service-principal-abuse-210ae2be2a5", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html ", "https://cloud.google.com/iam/docs/policies", + "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html ", + "https://docs.microsoft.com/en-us/office365/admin/add-users/about-admin-roles?view=o365-worldwide", + "https://expel.com/blog/incident-report-from-cli-to-console-chasing-an-attacker-in-aws/", + "https://posts.specterops.io/azure-privilege-escalation-via-service-principal-abuse-210ae2be2a5", "https://support.office.com/en-us/article/add-another-admin-f693489f-9f55-4bd0-a637-a81ce93de22d" ] }, @@ -8249,19 +8249,19 @@ "mitre-attack:privilege-escalation" ], "mitre_data_sources": [ - "Process: Process Modification", "Process: OS API Execution", - "Process: Process Access" + "Process: Process Access", + "Process: Process Modification" ], "mitre_platforms": [ "Windows" ], "refs": [ "https://attack.mitre.org/techniques/T1055/004", - "https://msdn.microsoft.com/library/windows/desktop/ms681951.aspx", - "https://www.cyberbit.com/blog/endpoint-security/new-early-bird-code-injection-technique-discovered/", "https://blog.ensilo.com/atombombing-brand-new-code-injection-for-windows", "https://msdn.microsoft.com/library/windows/desktop/ms649053.aspx", + "https://msdn.microsoft.com/library/windows/desktop/ms681951.aspx", + "https://www.cyberbit.com/blog/endpoint-security/new-early-bird-code-injection-technique-discovered/", "https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process" ] }, @@ -8295,8 +8295,8 @@ "refs": [ "https://attack.mitre.org/techniques/T1550/004", "https://capec.mitre.org/data/definitions/60.html", - "https://wunderwuzzi23.github.io/blog/passthecookie.html", - "https://unit42.paloaltonetworks.com/mac-malware-steals-cryptocurrency-exchanges-cookies/" + "https://unit42.paloaltonetworks.com/mac-malware-steals-cryptocurrency-exchanges-cookies/", + "https://wunderwuzzi23.github.io/blog/passthecookie.html" ] }, "related": [ @@ -8317,28 +8317,28 @@ "mitre-attack:credential-access" ], "mitre_data_sources": [ - "Process: Process Metadata", - "Process: OS API Execution" + "Process: OS API Execution", + "Process: Process Metadata" ], "mitre_platforms": [ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1056/004", - "https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanSpy:Win32/Ursnif.gen!I&threatId=-2147336918", - "https://msdn.microsoft.com/library/windows/desktop/ms644959.aspx", - "https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process", - "https://www.adlice.com/userland-rootkits-part-1-iat-hooks/", - "https://www.mwrinfosecurity.com/our-thinking/dynamic-hooking-techniques-user-mode/", - "https://www.exploit-db.com/docs/17802.pdf", - "https://volatility-labs.blogspot.com/2012/09/movp-31-detecting-malware-hooks-in.html", - "https://github.com/prekageo/winhook", - "https://github.com/jay/gethooks", - "https://zairon.wordpress.com/2006/12/06/any-application-defined-hook-procedure-on-my-machine/", - "https://eyeofrablog.wordpress.com/2017/06/27/windows-keylogger-part-2-defense-against-user-land/", "http://www.gmer.net/", + "https://attack.mitre.org/techniques/T1056/004", + "https://eyeofrablog.wordpress.com/2017/06/27/windows-keylogger-part-2-defense-against-user-land/", + "https://github.com/jay/gethooks", + "https://github.com/prekageo/winhook", + "https://msdn.microsoft.com/library/windows/desktop/ms644959.aspx", "https://msdn.microsoft.com/library/windows/desktop/ms686701.aspx", - "https://security.stackexchange.com/questions/17904/what-are-the-methods-to-find-hooked-functions-and-apis" + "https://security.stackexchange.com/questions/17904/what-are-the-methods-to-find-hooked-functions-and-apis", + "https://volatility-labs.blogspot.com/2012/09/movp-31-detecting-malware-hooks-in.html", + "https://www.adlice.com/userland-rootkits-part-1-iat-hooks/", + "https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process", + "https://www.exploit-db.com/docs/17802.pdf", + "https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanSpy:Win32/Ursnif.gen!I&threatId=-2147336918", + "https://www.mwrinfosecurity.com/our-thinking/dynamic-hooking-techniques-user-mode/", + "https://zairon.wordpress.com/2006/12/06/any-application-defined-hook-procedure-on-my-machine/" ] }, "related": [ @@ -8358,9 +8358,9 @@ "mitre-attack:persistence" ], "mitre_data_sources": [ + "Command: Command Execution", "File: File Modification", - "Process: Process Creation", - "Command: Command Execution" + "Process: Process Creation" ], "mitre_platforms": [ "Linux", @@ -8368,13 +8368,13 @@ "IaaS" ], "refs": [ - "https://attack.mitre.org/techniques/T1098/004", - "https://www.venafi.com/blog/growing-abuse-ssh-keys-commodity-malware-campaigns-now-equipped-ssh-capabilities", "https://about.gitlab.com/blog/2020/02/12/plundering-gcp-escalating-privileges-in-google-cloud-platform/", - "https://www.cybereason.com/blog/new-pervasive-worm-exploiting-linux-exim-server-vulnerability", + "https://attack.mitre.org/techniques/T1098/004", "https://cloud.google.com/sdk/gcloud/reference/compute/instances/add-metadata", "https://docs.microsoft.com/en-us/rest/api/compute/virtual-machines/update", - "https://www.ssh.com/ssh/authorized_keys/" + "https://www.cybereason.com/blog/new-pervasive-worm-exploiting-linux-exim-server-vulnerability", + "https://www.ssh.com/ssh/authorized_keys/", + "https://www.venafi.com/blog/growing-abuse-ssh-keys-commodity-malware-campaigns-now-equipped-ssh-capabilities" ] }, "related": [ @@ -8394,8 +8394,8 @@ "mitre-attack:persistence" ], "mitre_data_sources": [ - "File: File Modification", "Command: Command Execution", + "File: File Modification", "Module: Module Load", "Process: Process Creation", "Windows Registry: Windows Registry Key Modification" @@ -8404,12 +8404,12 @@ "Windows" ], "refs": [ + "http://woshub.com/how-to-allow-multiple-rdp-sessions-in-windows-10/", "https://attack.mitre.org/techniques/T1505/005", - "https://twitter.com/james_inthe_box/status/1150495335812177920", - "https://social.technet.microsoft.com/wiki/contents/articles/12229.windows-system-services-fundamentals.aspx", "https://docs.microsoft.com/windows/win32/termserv/about-terminal-services", "https://github.com/stascorp/rdpwrap", - "http://woshub.com/how-to-allow-multiple-rdp-sessions-in-windows-10/" + "https://social.technet.microsoft.com/wiki/contents/articles/12229.windows-system-services-fundamentals.aspx", + "https://twitter.com/james_inthe_box/status/1150495335812177920" ] }, "related": [ @@ -8430,17 +8430,17 @@ "mitre-attack:privilege-escalation" ], "mitre_data_sources": [ + "Process: OS API Execution", "Process: Process Access", - "Process: Process Modification", - "Process: OS API Execution" + "Process: Process Modification" ], "mitre_platforms": [ "Windows" ], "refs": [ "https://attack.mitre.org/techniques/T1055/005", - "https://www.fireeye.com/blog/threat-research/2017/11/ursnif-variant-malicious-tls-callback-technique.html", - "https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process" + "https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process", + "https://www.fireeye.com/blog/threat-research/2017/11/ursnif-variant-malicious-tls-callback-technique.html" ] }, "related": [ @@ -8461,21 +8461,21 @@ "mitre-attack:privilege-escalation" ], "mitre_data_sources": [ - "Process: Process Modification", "Process: OS API Execution", - "Process: Process Access" + "Process: Process Access", + "Process: Process Modification" ], "mitre_platforms": [ "Linux" ], "refs": [ - "https://attack.mitre.org/techniques/T1055/008", "http://man7.org/linux/man-pages/man2/ptrace.2.html", - "https://medium.com/@jain.sm/code-injection-in-running-process-using-ptrace-d3ea7191a4be", - "https://github.com/gaffe23/linux-inject/blob/master/slides_BHArsenal2015.pdf", - "https://www.gnu.org/software/acct/", + "http://www.chokepoint.net/2014/02/detecting-userland-preload-rootkits.html", "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security_guide/chap-system_auditing", - "http://www.chokepoint.net/2014/02/detecting-userland-preload-rootkits.html" + "https://attack.mitre.org/techniques/T1055/008", + "https://github.com/gaffe23/linux-inject/blob/master/slides_BHArsenal2015.pdf", + "https://medium.com/@jain.sm/code-injection-in-running-process-using-ptrace-d3ea7191a4be", + "https://www.gnu.org/software/acct/" ] }, "related": [ @@ -8527,8 +8527,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1059/008", - "https://tools.cisco.com/security/center/resources/integrity_assurance.html#23", - "https://blogs.cisco.com/security/evolution-of-attacks-on-cisco-ios-devices" + "https://blogs.cisco.com/security/evolution-of-attacks-on-cisco-ios-devices", + "https://tools.cisco.com/security/center/resources/integrity_assurance.html#23" ] }, "related": [ @@ -8548,8 +8548,8 @@ "mitre-attack:collection" ], "mitre_data_sources": [ - "File: File Access", - "Command: Command Execution" + "Command: Command Execution", + "File: File Access" ], "mitre_platforms": [ "Windows" @@ -8577,9 +8577,9 @@ "mitre-attack:collection" ], "mitre_data_sources": [ - "Network Traffic: Network Connection Creation", + "Command: Command Execution", "Logon Session: Logon Session Creation", - "Command: Command Execution" + "Network Traffic: Network Connection Creation" ], "mitre_platforms": [ "Office 365", @@ -8607,9 +8607,9 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "Process: Process Creation", + "Command: Command Execution", "File: File Creation", - "Command: Command Execution" + "Process: Process Creation" ], "mitre_platforms": [ "Windows" @@ -8617,8 +8617,8 @@ "refs": [ "https://attack.mitre.org/techniques/T1218/001", "https://docs.microsoft.com/previous-versions/windows/desktop/htmlhelp/microsoft-html-help-1-4-sdk", - "https://msdn.microsoft.com/windows/desktop/ms644670", "https://msdn.microsoft.com/windows/desktop/ms524405", + "https://msdn.microsoft.com/windows/desktop/ms644670", "https://msitpros.com/?p=3909", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8625" ] @@ -8651,10 +8651,10 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1114/003", - "https://www.us-cert.gov/ncas/alerts/TA18-086A", "https://blog.compass-security.com/2018/09/hidden-inbox-rules-in-microsoft-exchange/", "https://blogs.technet.microsoft.com/timmcmic/2015/06/08/exchange-and-office-365-mail-forwarding-2/", - "https://support.apple.com/guide/mail/reply-to-forward-or-redirect-emails-mlhlp1010/mac" + "https://support.apple.com/guide/mail/reply-to-forward-or-redirect-emails-mlhlp1010/mac", + "https://www.us-cert.gov/ncas/alerts/TA18-086A" ] }, "related": [ @@ -8674,26 +8674,26 @@ "mitre-attack:persistence" ], "mitre_data_sources": [ - "Process: Process Creation", - "Windows Registry: Windows Registry Key Creation", + "Command: Command Execution", "File: File Creation", "File: File Modification", - "Windows Registry: Windows Registry Key Modification", - "Command: Command Execution" + "Process: Process Creation", + "Windows Registry: Windows Registry Key Creation", + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Windows", "Office 365" ], "refs": [ - "https://attack.mitre.org/techniques/T1137/001", - "https://support.office.com/article/Change-the-Normal-template-Normal-dotm-06de294b-d216-47f6-ab77-ccb5166f98ea", - "https://msdn.microsoft.com/en-us/vba/office-shared-vba/articles/getting-started-with-vba-in-office", - "https://enigma0x3.net/2014/01/23/maintaining-access-with-normal-dotm/comment-page-1/", "http://www.hexacorn.com/blog/2017/04/19/beyond-good-ol-run-key-part-62/", - "https://www.221bluestreet.com/post/office-templates-and-globaldotname-a-stealthy-office-persistence-technique", + "https://attack.mitre.org/techniques/T1137/001", + "https://enigma0x3.net/2014/01/23/maintaining-access-with-normal-dotm/comment-page-1/", "https://malware.news/t/using-outlook-forms-for-lateral-movement-and-persistence/13746", - "https://medium.com/@bwtech789/outlook-today-homepage-persistence-33ea9b505943" + "https://medium.com/@bwtech789/outlook-today-homepage-persistence-33ea9b505943", + "https://msdn.microsoft.com/en-us/vba/office-shared-vba/articles/getting-started-with-vba-in-office", + "https://support.office.com/article/Change-the-Normal-template-Normal-dotm-06de294b-d216-47f6-ab77-ccb5166f98ea", + "https://www.221bluestreet.com/post/office-templates-and-globaldotname-a-stealthy-office-persistence-technique" ] }, "related": [ @@ -8713,9 +8713,9 @@ "mitre-attack:discovery" ], "mitre_data_sources": [ + "Command: Command Execution", "Process: OS API Execution", "Process: Process Creation", - "Command: Command Execution", "Windows Registry: Windows Registry Key Access" ], "mitre_platforms": [ @@ -8725,11 +8725,11 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1614/001", - "https://www.welivesecurity.com/2009/01/15/malware-trying-to-avoid-some-countries/", + "https://securelist.com/evolution-of-jsworm-ransomware/102428/", + "https://securelist.com/synack-targeted-ransomware-uses-the-doppelganging-technique/85431/", "https://www.crowdstrike.com/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware/", "https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware", - "https://securelist.com/evolution-of-jsworm-ransomware/102428/", - "https://securelist.com/synack-targeted-ransomware-uses-the-doppelganging-technique/85431/" + "https://www.welivesecurity.com/2009/01/15/malware-trying-to-avoid-some-countries/" ] }, "related": [ @@ -8749,11 +8749,11 @@ "mitre-attack:impact" ], "mitre_data_sources": [ - "Drive: Drive Modification", + "Command: Command Execution", "Drive: Drive Access", + "Drive: Drive Modification", "Driver: Driver Load", - "Process: Process Creation", - "Command: Command Execution" + "Process: Process Creation" ], "mitre_platforms": [ "Linux", @@ -8762,10 +8762,10 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1561/001", - "https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf", + "https://docs.microsoft.com/sysinternals/downloads/sysmon", "https://operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Destructive-Malware-Report.pdf", "https://www.justice.gov/opa/press-release/file/1092091/download", - "https://docs.microsoft.com/sysinternals/downloads/sysmon" + "https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf" ] }, "related": [ @@ -8785,11 +8785,11 @@ "mitre-attack:discovery" ], "mitre_data_sources": [ - "Firewall: Firewall Metadata", - "Process: Process Creation", + "Command: Command Execution", "Firewall: Firewall Enumeration", + "Firewall: Firewall Metadata", "Process: OS API Execution", - "Command: Command Execution" + "Process: Process Creation" ], "mitre_platforms": [ "Windows", @@ -8803,9 +8803,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1518/001", - "https://expel.io/blog/finding-evil-in-aws/", + "https://capec.mitre.org/data/definitions/581.html", "https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html", - "https://capec.mitre.org/data/definitions/581.html" + "https://expel.io/blog/finding-evil-in-aws/" ] }, "related": [ @@ -8851,8 +8851,8 @@ "mitre-attack:credential-access" ], "mitre_data_sources": [ - "File: File Access", - "Command: Command Execution" + "Command: Command Execution", + "File: File Access" ], "mitre_platforms": [ "Windows", @@ -8862,13 +8862,13 @@ "Containers" ], "refs": [ + "http://blogs.technet.com/b/srd/archive/2014/05/13/ms14-025-an-update-for-group-policy-preferences.aspx", + "http://carnal0wnage.attackresearch.com/2014/05/mimikatz-against-virtual-machine-memory.html", "https://attack.mitre.org/techniques/T1552/001", "https://capec.mitre.org/data/definitions/639.html", - "http://carnal0wnage.attackresearch.com/2014/05/mimikatz-against-virtual-machine-memory.html", - "http://blogs.technet.com/b/srd/archive/2014/05/13/ms14-025-an-update-for-group-policy-preferences.aspx", - "https://unit42.paloaltonetworks.com/hildegard-malware-teamtnt/", + "https://posts.specterops.io/head-in-the-clouds-bd038bb69e48", "https://unit42.paloaltonetworks.com/attackers-tactics-and-techniques-in-unsecured-docker-daemons-revealed/", - "https://posts.specterops.io/head-in-the-clouds-bd038bb69e48" + "https://unit42.paloaltonetworks.com/hildegard-malware-teamtnt/" ] }, "related": [ @@ -8888,11 +8888,11 @@ "mitre-attack:impact" ], "mitre_data_sources": [ - "Process: Process Creation", - "Driver: Driver Load", "Command: Command Execution", + "Drive: Drive Access", "Drive: Drive Modification", - "Drive: Drive Access" + "Driver: Driver Load", + "Process: Process Creation" ], "mitre_platforms": [ "Linux", @@ -8900,13 +8900,13 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1561/002", - "https://www.symantec.com/connect/blogs/shamoon-attacks", - "https://www.fireeye.com/blog/threat-research/2016/11/fireeye_respondsto.html", "http://researchcenter.paloaltonetworks.com/2016/11/unit42-shamoon-2-return-disttrack-wiper/", + "https://attack.mitre.org/techniques/T1561/002", + "https://docs.microsoft.com/sysinternals/downloads/sysmon", "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07180722/Report_Shamoon_StoneDrill_final.pdf", "https://unit42.paloaltonetworks.com/shamoon-3-targets-oil-gas-organization/", - "https://docs.microsoft.com/sysinternals/downloads/sysmon" + "https://www.fireeye.com/blog/threat-research/2016/11/fireeye_respondsto.html", + "https://www.symantec.com/connect/blogs/shamoon-attacks" ] }, "related": [ @@ -8927,21 +8927,21 @@ "mitre-attack:privilege-escalation" ], "mitre_data_sources": [ + "Process: OS API Execution", "Process: Process Creation", - "Process: Process Metadata", - "Process: OS API Execution" + "Process: Process Metadata" ], "mitre_platforms": [ "Windows" ], "refs": [ "https://attack.mitre.org/techniques/T1134/004", - "https://blog.didierstevens.com/2009/11/22/quickpost-selectmyparent-or-playing-with-the-windows-process-tree/", - "https://docs.microsoft.com/windows/security/identity-protection/user-account-control/how-user-account-control-works", - "https://www.countercept.com/blog/detecting-parent-pid-spoofing/", "https://blog.christophetd.fr/building-an-office-macro-to-spoof-process-parent-and-command-line/", + "https://blog.didierstevens.com/2009/11/22/quickpost-selectmyparent-or-playing-with-the-windows-process-tree/", "https://blog.xpnsec.com/becoming-system/", "https://docs.microsoft.com/windows/desktop/ProcThread/process-creation-flags", + "https://docs.microsoft.com/windows/security/identity-protection/user-account-control/how-user-account-control-works", + "https://www.countercept.com/blog/detecting-parent-pid-spoofing/", "https://www.securityinbits.com/malware-analysis/parent-pid-spoofing-stage-2-ataware-ransomware-part-3" ] }, @@ -8972,9 +8972,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1137/004", - "https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/", "https://docs.microsoft.com/en-us/office365/securitycompliance/detect-and-remediate-outlook-rules-forms-attack", - "https://github.com/sensepost/notruler" + "https://github.com/sensepost/notruler", + "https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/" ] }, "related": [ @@ -9020,23 +9020,23 @@ "mitre-attack:privilege-escalation" ], "mitre_data_sources": [ - "Active Directory: Active Directory Object Modification", - "Active Directory: Active Directory Object Deletion", "Active Directory: Active Directory Object Creation", + "Active Directory: Active Directory Object Deletion", + "Active Directory: Active Directory Object Modification", "Command: Command Execution" ], "mitre_platforms": [ "Windows" ], "refs": [ + "http://www.harmj0y.net/blog/activedirectory/the-most-dangerous-user-right-you-probably-have-never-heard-of/", + "http://www.harmj0y.net/blog/redteaming/abusing-gpo-permissions/", + "https://adsecurity.org/?p=2716", "https://attack.mitre.org/techniques/T1484/001", "https://blogs.technet.microsoft.com/musings_of_a_technical_tam/2012/02/13/group-policy-basics-part-1-understanding-the-structure-of-a-group-policy-object/", - "https://adsecurity.org/?p=2716", "https://wald0.com/?p=179", - "http://www.harmj0y.net/blog/redteaming/abusing-gpo-permissions/", "https://www.fireeye.com/content/dam/fireeye-www/current-threats/pdfs/rpt-mtrends-2016.pdf", - "https://www.microsoft.com/security/blog/2016/06/01/hacking-team-breach-a-cyber-jurassic-park/", - "http://www.harmj0y.net/blog/activedirectory/the-most-dangerous-user-right-you-probably-have-never-heard-of/" + "https://www.microsoft.com/security/blog/2016/06/01/hacking-team-breach-a-cyber-jurassic-park/" ] }, "related": [ @@ -9061,10 +9061,10 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1564/010", - "https://docs.microsoft.com/en-us/windows/win32/api/winternl/ns-winternl-peb", - "https://blog.xpnsec.com/how-to-argue-like-cobalt-strike/", "https://blog.cobaltstrike.com/2019/01/02/cobalt-strike-3-13-why-do-we-argue/", "https://blog.nviso.eu/2020/02/04/the-return-of-the-spoof-part-2-command-line-spoofing/", + "https://blog.xpnsec.com/how-to-argue-like-cobalt-strike/", + "https://docs.microsoft.com/en-us/windows/win32/api/winternl/ns-winternl-peb", "https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html", "https://www.mandiant.com/resources/staying-hidden-on-the-endpoint-evading-detection-with-shellcode" ] @@ -9087,19 +9087,19 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "File: File Modification", "Command: Command Execution", - "File: File Metadata" + "File: File Metadata", + "File: File Modification" ], "mitre_platforms": [ "Linux", "macOS" ], "refs": [ + "http://man7.org/linux/man-pages/man2/setuid.2.html", "https://attack.mitre.org/techniques/T1548/001", "https://gtfobins.github.io/#+suid", - "https://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials/", - "http://man7.org/linux/man-pages/man2/setuid.2.html" + "https://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials/" ] }, "related": [ @@ -9119,8 +9119,8 @@ "mitre-attack:impact" ], "mitre_data_sources": [ - "Sensor Health: Host Status", - "Network Traffic: Network Traffic Flow" + "Network Traffic: Network Traffic Flow", + "Sensor Health: Host Status" ], "mitre_platforms": [ "Windows", @@ -9134,10 +9134,10 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1498/001", - "https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/netflow/configuration/15-mt/nf-15-mt-book/nf-detct-analy-thrts.pdf", - "https://www.justice.gov/opa/pr/seven-iranians-working-islamic-revolutionary-guard-corps-affiliated-entities-charged", "https://capec.mitre.org/data/definitions/125.html", - "https://capec.mitre.org/data/definitions/486.html" + "https://capec.mitre.org/data/definitions/486.html", + "https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/netflow/configuration/15-mt/nf-15-mt-book/nf-detct-analy-thrts.pdf", + "https://www.justice.gov/opa/pr/seven-iranians-working-islamic-revolutionary-guard-corps-affiliated-entities-charged" ] }, "related": [ @@ -9157,9 +9157,9 @@ "mitre-attack:impact" ], "mitre_data_sources": [ + "Network Traffic: Network Traffic Content", "Network Traffic: Network Traffic Flow", - "Sensor Health: Host Status", - "Network Traffic: Network Traffic Content" + "Sensor Health: Host Status" ], "mitre_platforms": [ "Linux", @@ -9168,12 +9168,12 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1499/001", + "https://capec.mitre.org/data/definitions/469.html", + "https://capec.mitre.org/data/definitions/482.html", + "https://web.archive.org/web/20180320005525/https://pages.arbornetworks.com/rs/082-KNA-087/images/13th_Worldwide_Infrastructure_Security_Report.pdf", "https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/netflow/configuration/15-mt/nf-15-mt-book/nf-detct-analy-thrts.pdf", "https://www.cloudflare.com/learning/ddos/syn-flood-ddos-attack/", - "https://www.corero.com/resources/ddos-attack-types/syn-flood-ack.html", - "https://web.archive.org/web/20180320005525/https://pages.arbornetworks.com/rs/082-KNA-087/images/13th_Worldwide_Infrastructure_Security_Report.pdf", - "https://capec.mitre.org/data/definitions/469.html", - "https://capec.mitre.org/data/definitions/482.html" + "https://www.corero.com/resources/ddos-attack-types/syn-flood-ack.html" ] }, "related": [ @@ -9195,18 +9195,18 @@ "mitre-attack:persistence" ], "mitre_data_sources": [ - "Process: Process Access", + "File: File Modification", "Logon Session: Logon Session Creation", "Process: OS API Execution", - "File: File Modification" + "Process: Process Access" ], "mitre_platforms": [ "Windows" ], "refs": [ "https://attack.mitre.org/techniques/T1556/001", - "https://www.secureworks.com/research/skeleton-key-malware-analysis", - "https://technet.microsoft.com/en-us/library/dn487457.aspx" + "https://technet.microsoft.com/en-us/library/dn487457.aspx", + "https://www.secureworks.com/research/skeleton-key-malware-analysis" ] }, "related": [ @@ -9226,9 +9226,9 @@ "mitre-attack:impact" ], "mitre_data_sources": [ + "File: File Creation", "File: File Deletion", - "File: File Modification", - "File: File Creation" + "File: File Modification" ], "mitre_platforms": [ "Linux", @@ -9237,8 +9237,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1565/001", - "https://www.justice.gov/opa/press-release/file/1092091/download", - "https://content.fireeye.com/apt/rpt-apt38" + "https://content.fireeye.com/apt/rpt-apt38", + "https://www.justice.gov/opa/press-release/file/1092091/download" ] }, "related": [ @@ -9258,16 +9258,16 @@ "mitre-attack:resource-development" ], "mitre_data_sources": [ - "Persona: Social Media", - "Network Traffic: Network Traffic Content" + "Network Traffic: Network Traffic Content", + "Persona: Social Media" ], "mitre_platforms": [ "PRE" ], "refs": [ + "http://media.blackhat.com/bh-us-10/whitepapers/Ryan/BlackHat-USA-2010-Ryan-Getting-In-Bed-With-Robin-Sage-v1.0.pdf", "https://attack.mitre.org/techniques/T1585/001", - "https://www.securityweek.com/iranian-hackers-targeted-us-officials-elaborate-social-media-attack-operation", - "http://media.blackhat.com/bh-us-10/whitepapers/Ryan/BlackHat-USA-2010-Ryan-Getting-In-Bed-With-Robin-Sage-v1.0.pdf" + "https://www.securityweek.com/iranian-hackers-targeted-us-officials-elaborate-social-media-attack-operation" ] }, "related": [ @@ -9315,19 +9315,19 @@ ], "mitre_data_sources": [ "Module: Module Load", - "Script: Script Execution", - "Process: Process Creation" + "Process: Process Creation", + "Script: Script Execution" ], "mitre_platforms": [ "Windows" ], "refs": [ "https://attack.mitre.org/techniques/T1559/001", - "https://www.fireeye.com/blog/threat-research/2019/06/hunting-com-objects.html", - "https://msdn.microsoft.com/library/windows/desktop/ms680573.aspx", - "https://googleprojectzero.blogspot.com/2018/04/windows-exploitation-tricks-exploiting.html", + "https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/", "https://enigma0x3.net/2017/11/16/lateral-movement-using-outlooks-createobject-method-and-dotnettojscript/", - "https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/" + "https://googleprojectzero.blogspot.com/2018/04/windows-exploitation-tricks-exploiting.html", + "https://msdn.microsoft.com/library/windows/desktop/ms680573.aspx", + "https://www.fireeye.com/blog/threat-research/2019/06/hunting-com-objects.html" ] }, "related": [ @@ -9347,17 +9347,17 @@ "mitre-attack:resource-development" ], "mitre_data_sources": [ - "Persona: Social Media", - "Network Traffic: Network Traffic Content" + "Network Traffic: Network Traffic Content", + "Persona: Social Media" ], "mitre_platforms": [ "PRE" ], "refs": [ - "https://attack.mitre.org/techniques/T1586/001", + "http://media.blackhat.com/bh-us-10/whitepapers/Ryan/BlackHat-USA-2010-Ryan-Getting-In-Bed-With-Robin-Sage-v1.0.pdf", "https://arstechnica.com/tech-policy/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack/", - "https://www.securityweek.com/iranian-hackers-targeted-us-officials-elaborate-social-media-attack-operation", - "http://media.blackhat.com/bh-us-10/whitepapers/Ryan/BlackHat-USA-2010-Ryan-Getting-In-Bed-With-Robin-Sage-v1.0.pdf" + "https://attack.mitre.org/techniques/T1586/001", + "https://www.securityweek.com/iranian-hackers-targeted-us-officials-elaborate-social-media-attack-operation" ] }, "related": [ @@ -9434,9 +9434,9 @@ "mitre-attack:credential-access" ], "mitre_data_sources": [ + "Command: Command Execution", "Process: Process Creation", - "Windows Registry: Windows Registry Key Access", - "Command: Command Execution" + "Windows Registry: Windows Registry Key Access" ], "mitre_platforms": [ "Windows" @@ -9465,8 +9465,8 @@ ], "mitre_data_sources": [ "Active Directory: Active Directory Object Creation", - "Command: Command Execution", - "Active Directory: Active Directory Object Modification" + "Active Directory: Active Directory Object Modification", + "Command: Command Execution" ], "mitre_platforms": [ "Windows", @@ -9475,10 +9475,10 @@ "refs": [ "https://attack.mitre.org/techniques/T1484/002", "https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-fed", + "https://docs.microsoft.com/en-us/office365/troubleshoot/active-directory/update-federated-domain-office-365", "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AuditLogs/ADFSDomainTrustMods.yaml", - "https://www.sygnia.co/golden-saml-advisory", "https://us-cert.cisa.gov/ncas/alerts/aa21-008a", - "https://docs.microsoft.com/en-us/office365/troubleshoot/active-directory/update-federated-domain-office-365" + "https://www.sygnia.co/golden-saml-advisory" ] }, "related": [ @@ -9498,10 +9498,10 @@ "mitre-attack:impact" ], "mitre_data_sources": [ - "Sensor Health: Host Status", - "Network Traffic: Network Traffic Flow", + "Application Log: Application Log Content", "Network Traffic: Network Traffic Content", - "Application Log: Application Log Content" + "Network Traffic: Network Traffic Flow", + "Sensor Health: Host Status" ], "mitre_platforms": [ "Windows", @@ -9515,13 +9515,13 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1499/002", - "https://www.netscout.com/blog/asert/ddos-attacks-ssl-something-old-something-new", - "https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/netflow/configuration/15-mt/nf-15-mt-book/nf-detct-analy-thrts.pdf", - "https://www.cloudflare.com/learning/ddos/http-flood-ddos-attack/", - "https://web.archive.org/web/20180320005525/https://pages.arbornetworks.com/rs/082-KNA-087/images/13th_Worldwide_Infrastructure_Security_Report.pdf", "https://capec.mitre.org/data/definitions/488.html", "https://capec.mitre.org/data/definitions/489.html", - "https://capec.mitre.org/data/definitions/528.html" + "https://capec.mitre.org/data/definitions/528.html", + "https://web.archive.org/web/20180320005525/https://pages.arbornetworks.com/rs/082-KNA-087/images/13th_Worldwide_Infrastructure_Security_Report.pdf", + "https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/netflow/configuration/15-mt/nf-15-mt-book/nf-detct-analy-thrts.pdf", + "https://www.cloudflare.com/learning/ddos/http-flood-ddos-attack/", + "https://www.netscout.com/blog/asert/ddos-attacks-ssl-something-old-something-new" ] }, "related": [ @@ -9543,16 +9543,16 @@ "mitre-attack:persistence" ], "mitre_data_sources": [ - "Windows Registry: Windows Registry Key Modification", + "File: File Creation", "Module: Module Load", - "File: File Creation" + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1556/002", "http://carnal0wnage.attackresearch.com/2013/09/stealing-passwords-every-time-they.html", + "https://attack.mitre.org/techniques/T1556/002", "https://clymb3r.wordpress.com/2013/09/15/intercepting-password-changes-with-function-hooking/" ] }, @@ -9573,9 +9573,9 @@ "mitre-attack:impact" ], "mitre_data_sources": [ - "Process: OS API Execution", + "Network Traffic: Network Traffic Content", "Network Traffic: Network Traffic Flow", - "Network Traffic: Network Traffic Content" + "Process: OS API Execution" ], "mitre_platforms": [ "Linux", @@ -9584,8 +9584,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1565/002", - "https://www.justice.gov/opa/press-release/file/1092091/download", - "https://content.fireeye.com/apt/rpt-apt38" + "https://content.fireeye.com/apt/rpt-apt38", + "https://www.justice.gov/opa/press-release/file/1092091/download" ] }, "related": [ @@ -9605,18 +9605,18 @@ "mitre-attack:credential-access" ], "mitre_data_sources": [ - "File: File Access", - "Command: Command Execution" + "Command: Command Execution", + "File: File Access" ], "mitre_platforms": [ "Windows" ], "refs": [ + "https://adsecurity.org/?p=2288", "https://attack.mitre.org/techniques/T1552/006", "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn581922(v%3Dws.11)", "https://msdn.microsoft.com/library/cc422924.aspx", - "https://obscuresecurity.blogspot.co.uk/2012/05/gpp-password-retrieval-with-powershell.html", - "https://adsecurity.org/?p=2288" + "https://obscuresecurity.blogspot.co.uk/2012/05/gpp-password-retrieval-with-powershell.html" ] }, "related": [ @@ -9637,8 +9637,8 @@ "mitre-attack:collection" ], "mitre_data_sources": [ - "Network Traffic: Network Traffic Flow", - "Network Traffic: Network Traffic Content" + "Network Traffic: Network Traffic Content", + "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ "Linux", @@ -9647,8 +9647,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1557/002", - "https://tools.ietf.org/html/rfc826", "https://pen-testing.sans.org/resources/papers/gcih/real-world-arp-spoofing-105411", + "https://tools.ietf.org/html/rfc826", "https://web.archive.org/web/20200302085133/https://www.cylance.com/content/dam/cylance/pages/operation-cleaver/Cylance_Operation_Cleaver_Report.pdf" ] }, @@ -9670,25 +9670,25 @@ ], "mitre_data_sources": [ "Module: Module Load", - "Script: Script Execution", - "Process: Process Creation" + "Process: Process Creation", + "Script: Script Execution" ], "mitre_platforms": [ "Windows" ], "refs": [ "https://attack.mitre.org/techniques/T1559/002", - "https://www.bleepingcomputer.com/news/microsoft/microsoft-disables-dde-feature-in-word-to-prevent-further-malware-attacks/", - "https://portal.msrc.microsoft.com/security-guidance/advisory/ADV170021", - "https://technet.microsoft.com/library/security/4053440", - "https://sensepost.com/blog/2016/powershell-c-sharp-and-dde-the-power-within/", - "https://www.contextis.com/blog/comma-separated-vulnerabilities", - "https://posts.specterops.io/reviving-dde-using-onenote-and-excel-for-code-execution-d7226864caee", - "https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/", - "https://owasp.org/www-community/attacks/CSV_Injection", + "https://blog.nviso.be/2017/10/11/detecting-dde-in-ms-office-documents/", "https://blog.securelayer7.net/how-to-perform-csv-excel-macro-injection/", - "https://www.fireeye.com/blog/threat-research/2019/06/hunting-com-objects.html", - "https://blog.nviso.be/2017/10/11/detecting-dde-in-ms-office-documents/" + "https://owasp.org/www-community/attacks/CSV_Injection", + "https://portal.msrc.microsoft.com/security-guidance/advisory/ADV170021", + "https://posts.specterops.io/reviving-dde-using-onenote-and-excel-for-code-execution-d7226864caee", + "https://sensepost.com/blog/2016/powershell-c-sharp-and-dde-the-power-within/", + "https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/", + "https://technet.microsoft.com/library/security/4053440", + "https://www.bleepingcomputer.com/news/microsoft/microsoft-disables-dde-feature-in-word-to-prevent-further-malware-attacks/", + "https://www.contextis.com/blog/comma-separated-vulnerabilities", + "https://www.fireeye.com/blog/threat-research/2019/06/hunting-com-objects.html" ] }, "related": [ @@ -9708,8 +9708,8 @@ "mitre-attack:command-and-control" ], "mitre_data_sources": [ - "Network Traffic: Network Traffic Flow", - "Network Traffic: Network Connection Creation" + "Network Traffic: Network Connection Creation", + "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ "Linux", @@ -9717,17 +9717,17 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1568/002", + "http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html", + "http://csis.pace.edu/~ctappert/srd2017/2017PDF/d4.pdf", "http://go.cybereason.com/rs/996-YZT-709/images/Cybereason-Lab-Analysis-Dissecting-DGAs-Eight-Real-World-DGA-Variants.pdf", + "https://arxiv.org/pdf/1611.00791.pdf", + "https://attack.mitre.org/techniques/T1568/002", + "https://blogs.akamai.com/2018/01/a-death-match-of-domain-generation-algorithms.html", + "https://datadrivensecurity.info/blog/posts/2014/Oct/dga-part2/", "https://umbrella.cisco.com/blog/2016/10/10/domain-generation-algorithms-effective/", "https://unit42.paloaltonetworks.com/threat-brief-understanding-domain-generation-algorithms-dga/", - "http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html", - "https://blogs.akamai.com/2018/01/a-death-match-of-domain-generation-algorithms.html", "https://www.fireeye.com/blog/threat-research/2017/03/dissecting_one_ofap.html", - "https://www.welivesecurity.com/2017/12/21/sednit-update-fancy-bear-spent-year/", - "https://datadrivensecurity.info/blog/posts/2014/Oct/dga-part2/", - "http://csis.pace.edu/~ctappert/srd2017/2017PDF/d4.pdf", - "https://arxiv.org/pdf/1611.00791.pdf" + "https://www.welivesecurity.com/2017/12/21/sednit-update-fancy-bear-spent-year/" ] }, "related": [ @@ -9755,10 +9755,10 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1562/008", - "https://expel.io/blog/following-cloudtrail-generating-aws-security-signals-sumo-logic/", - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/stop-cloudtrail-from-sending-events-to-cloudwatch-logs.html", "https://cloud.google.com/logging/docs/audit/configure-data-access", - "https://docs.microsoft.com/en-us/cli/azure/monitor/diagnostic-settings?view=azure-cli-latest#az_monitor_diagnostic_settings_delete" + "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/stop-cloudtrail-from-sending-events-to-cloudwatch-logs.html", + "https://docs.microsoft.com/en-us/cli/azure/monitor/diagnostic-settings?view=azure-cli-latest#az_monitor_diagnostic_settings_delete", + "https://expel.io/blog/following-cloudtrail-generating-aws-security-signals-sumo-logic/" ] }, "related": [ @@ -9778,9 +9778,9 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "Windows Registry: Windows Registry Key Creation", - "Process: Process Creation", "Command: Command Execution", + "Process: Process Creation", + "Windows Registry: Windows Registry Key Creation", "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ @@ -9788,13 +9788,13 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1562/009", - "https://support.microsoft.com/en-us/windows/start-your-pc-in-safe-mode-in-windows-10-92c27cff-db89-8644-1ce4-b3e5e56fe234", - "https://news.sophos.com/en-us/2019/12/09/snatch-ransomware-reboots-pcs-into-safe-mode-to-bypass-protection/", "https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/bcdedit", - "https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise", - "https://www.cybereason.com/blog/medusalocker-ransomware", + "https://docs.microsoft.com/windows-server/administration/windows-commands/bootcfg", + "https://news.sophos.com/en-us/2019/12/09/snatch-ransomware-reboots-pcs-into-safe-mode-to-bypass-protection/", + "https://support.microsoft.com/en-us/windows/start-your-pc-in-safe-mode-in-windows-10-92c27cff-db89-8644-1ce4-b3e5e56fe234", "https://www.bleepingcomputer.com/news/security/revil-ransomware-has-a-new-windows-safe-mode-encryption-mode/", - "https://docs.microsoft.com/windows-server/administration/windows-commands/bootcfg" + "https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise", + "https://www.cybereason.com/blog/medusalocker-ransomware" ] }, "related": [ @@ -9822,10 +9822,10 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1578/002", - "https://content.fireeye.com/m-trends/rpt-m-trends-2020", "https://aws.amazon.com/premiumsupport/knowledge-center/cloudtrail-search-api-calls/", - "https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/view-activity-logs", - "https://cloud.google.com/logging/docs/audit#admin-activity" + "https://cloud.google.com/logging/docs/audit#admin-activity", + "https://content.fireeye.com/m-trends/rpt-m-trends-2020", + "https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/view-activity-logs" ] }, "related": [ @@ -9897,8 +9897,8 @@ "mitre-attack:resource-development" ], "mitre_data_sources": [ - "Internet Scan: Response Metadata", - "Internet Scan: Response Content" + "Internet Scan: Response Content", + "Internet Scan: Response Metadata" ], "mitre_platforms": [ "PRE" @@ -9906,9 +9906,9 @@ "refs": [ "https://attack.mitre.org/techniques/T1583/003", "https://documents.trendmicro.com/assets/wp/wp-criminal-hideouts-for-lease.pdf", + "https://michaelkoczwara.medium.com/cobalt-strike-c2-hunting-with-shodan-c448d501a6e2", "https://threatconnect.com/blog/infrastructure-research-hunting/", - "https://www.mandiant.com/resources/scandalous-external-detection-using-network-scan-data-and-automation", - "https://michaelkoczwara.medium.com/cobalt-strike-c2-hunting-with-shodan-c448d501a6e2" + "https://www.mandiant.com/resources/scandalous-external-detection-using-network-scan-data-and-automation" ] }, "related": [ @@ -9939,14 +9939,14 @@ "Windows" ], "refs": [ + "http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-finding-holes-operation-emmental.pdf", "https://attack.mitre.org/techniques/T1553/004", "https://capec.mitre.org/data/definitions/479.html", - "https://en.wikipedia.org/wiki/Root_certificate", - "http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-finding-holes-operation-emmental.pdf", - "https://www.kaspersky.com/blog/lenovo-pc-with-adware-superfish-preinstalled/7712/", - "https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec", - "https://objective-see.com/blog/blog_0x26.html", "https://docs.microsoft.com/sysinternals/downloads/sigcheck", + "https://en.wikipedia.org/wiki/Root_certificate", + "https://objective-see.com/blog/blog_0x26.html", + "https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec", + "https://www.kaspersky.com/blog/lenovo-pc-with-adware-superfish-preinstalled/7712/", "https://www.tripwire.com/state-of-security/off-topic/appunblocker-bypassing-applocker/" ] }, @@ -9976,9 +9976,9 @@ "refs": [ "https://attack.mitre.org/techniques/T1584/003", "https://media.defense.gov/2019/Oct/18/2002197242/-1/-1/0/NSA_CSA_Turla_20191021%20ver%204%20-%20nsa.gov.pdf", + "https://michaelkoczwara.medium.com/cobalt-strike-c2-hunting-with-shodan-c448d501a6e2", "https://threatconnect.com/blog/infrastructure-research-hunting/", - "https://www.mandiant.com/resources/scandalous-external-detection-using-network-scan-data-and-automation", - "https://michaelkoczwara.medium.com/cobalt-strike-c2-hunting-with-shodan-c448d501a6e2" + "https://www.mandiant.com/resources/scandalous-external-detection-using-network-scan-data-and-automation" ] }, "related": [ @@ -9999,9 +9999,9 @@ "mitre-attack:discovery" ], "mitre_data_sources": [ - "Process: Process Creation", "Command: Command Execution", - "Process: OS API Execution" + "Process: OS API Execution", + "Process: Process Creation" ], "mitre_platforms": [ "Linux", @@ -10012,10 +10012,10 @@ "https://attack.mitre.org/techniques/T1497/003", "https://drive.google.com/file/d/1t0jn3xr4ff2fR30oQAUn_RsWSnMpOAQc", "https://news.sophos.com/en-us/2021/07/04/independence-day-revil-uses-supply-chain-exploit-to-attack-hundreds-of-businesses/", - "https://www.netskope.com/blog/nitol-botnet-makes-resurgence-evasive-sandbox-analysis-technique", + "https://www.isaca.org/resources/isaca-journal/issues/2017/volume-6/evasive-malware-tricks-how-malware-evades-detection-by-sandboxes", "https://www.joesecurity.org/blog/3660886847485093803", "https://www.joesecurity.org/blog/498839998833561473", - "https://www.isaca.org/resources/isaca-journal/issues/2017/volume-6/evasive-malware-tricks-how-malware-evades-detection-by-sandboxes" + "https://www.netskope.com/blog/nitol-botnet-makes-resurgence-evasive-sandbox-analysis-technique" ] }, "related": [ @@ -10035,9 +10035,9 @@ "mitre-attack:impact" ], "mitre_data_sources": [ + "Application Log: Application Log Content", "Network Traffic: Network Traffic Content", "Network Traffic: Network Traffic Flow", - "Application Log: Application Log Content", "Sensor Health: Host Status" ], "mitre_platforms": [ @@ -10083,11 +10083,11 @@ "macOS" ], "refs": [ - "https://attack.mitre.org/techniques/T1556/003", - "https://opensource.apple.com/source/dovecot/dovecot-239/dovecot/doc/wiki/PasswordDatabase.PAM.txt", - "https://linux.die.net/man/8/pam_unix", "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/managing_smart_cards/pluggable_authentication_modules", + "https://attack.mitre.org/techniques/T1556/003", "https://github.com/zephrax/linux-pam-backdoor", + "https://linux.die.net/man/8/pam_unix", + "https://opensource.apple.com/source/dovecot/dovecot-239/dovecot/doc/wiki/PasswordDatabase.PAM.txt", "https://x-c3ll.github.io/posts/PAM-backdoor-DNS/" ] }, @@ -10108,11 +10108,11 @@ "mitre-attack:impact" ], "mitre_data_sources": [ - "File: File Metadata", - "File: File Deletion", "File: File Creation", - "Process: OS API Execution", - "File: File Modification" + "File: File Deletion", + "File: File Metadata", + "File: File Modification", + "Process: OS API Execution" ], "mitre_platforms": [ "Linux", @@ -10142,9 +10142,9 @@ "mitre-attack:initial-access" ], "mitre_data_sources": [ - "Network Traffic: Network Traffic Flow", "Application Log: Application Log Content", - "Network Traffic: Network Traffic Content" + "Network Traffic: Network Traffic Content", + "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ "Linux", @@ -10181,10 +10181,10 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1578/003", - "https://content.fireeye.com/m-trends/rpt-m-trends-2020", "https://aws.amazon.com/premiumsupport/knowledge-center/cloudtrail-search-api-calls/", - "https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/view-activity-logs", - "https://cloud.google.com/logging/docs/audit#admin-activity" + "https://cloud.google.com/logging/docs/audit#admin-activity", + "https://content.fireeye.com/m-trends/rpt-m-trends-2020", + "https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/view-activity-logs" ] }, "related": [ @@ -10231,24 +10231,24 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "File: File Modification", - "Process: OS API Execution", + "Command: Command Execution", "File: File Metadata", - "Command: Command Execution" + "File: File Modification", + "Process: OS API Execution" ], "mitre_platforms": [ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1564/004", - "https://posts.specterops.io/host-based-threat-modeling-indicator-design-a9dbbb53d5ea", - "https://blogs.technet.microsoft.com/askcore/2010/08/25/ntfs-file-attributes/", - "http://msdn.microsoft.com/en-us/library/aa364404", - "https://blog.malwarebytes.com/101/2015/07/introduction-to-alternate-data-streams/", - "https://blogs.technet.microsoft.com/askcore/2013/03/24/alternate-data-streams-in-ntfs/", "http://journeyintoir.blogspot.com/2012/12/extracting-zeroaccess-from-ntfs.html", + "http://msdn.microsoft.com/en-us/library/aa364404", + "https://attack.mitre.org/techniques/T1564/004", + "https://blog.malwarebytes.com/101/2015/07/introduction-to-alternate-data-streams/", + "https://blogs.technet.microsoft.com/askcore/2010/08/25/ntfs-file-attributes/", + "https://blogs.technet.microsoft.com/askcore/2013/03/24/alternate-data-streams-in-ntfs/", "https://oddvar.moe/2018/01/14/putting-data-in-alternate-data-streams-and-how-to-execute-it/", "https://oddvar.moe/2018/04/11/putting-data-in-alternate-data-streams-and-how-to-execute-it-part-2/", + "https://posts.specterops.io/host-based-threat-modeling-indicator-design-a9dbbb53d5ea", "https://www.symantec.com/connect/articles/what-you-need-know-about-alternate-data-streams-windows-your-data-secure-can-you-restore" ] }, @@ -10280,8 +10280,8 @@ "refs": [ "https://attack.mitre.org/techniques/T1547/004", "https://blog.cylance.com/windows-registry-persistence-part-2-the-run-keys-and-search-order", - "https://technet.microsoft.com/en-us/sysinternals/bb963902", - "https://capec.mitre.org/data/definitions/579.html" + "https://capec.mitre.org/data/definitions/579.html", + "https://technet.microsoft.com/en-us/sysinternals/bb963902" ] }, "related": [ @@ -10302,21 +10302,21 @@ ], "mitre_data_sources": [ "Command: Command Execution", - "Process: Process Creation", "File: File Access", - "Process: OS API Execution" + "Process: OS API Execution", + "Process: Process Creation" ], "mitre_platforms": [ "Windows" ], "refs": [ "https://attack.mitre.org/techniques/T1555/004", - "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh994565(v=ws.11)#credential-manager-store", - "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-8.1-and-8/jj554668(v=ws.11)?redirectedfrom=MSDN", - "https://www.passcape.com/windows_password_recovery_vault_explorer", "https://blog.malwarebytes.com/101/2016/01/the-windows-vaults/ ", + "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-8.1-and-8/jj554668(v=ws.11)?redirectedfrom=MSDN", + "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh994565(v=ws.11)#credential-manager-store", "https://docs.microsoft.com/en-us/windows/win32/api/wincred/nf-wincred-credenumeratea", - "https://github.com/gentilkiwi/mimikatz/wiki/howto-~-credential-manager-saved-credentials" + "https://github.com/gentilkiwi/mimikatz/wiki/howto-~-credential-manager-saved-credentials", + "https://www.passcape.com/windows_password_recovery_vault_explorer" ] }, "related": [ @@ -10345,9 +10345,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1556/004", - "https://www.mandiant.com/resources/synful-knock-acis", + "https://tools.cisco.com/security/center/resources/integrity_assurance.html#13", "https://tools.cisco.com/security/center/resources/integrity_assurance.html#7", - "https://tools.cisco.com/security/center/resources/integrity_assurance.html#13" + "https://www.mandiant.com/resources/synful-knock-acis" ] }, "related": [ @@ -10367,9 +10367,9 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ + "File: File Modification", "Firmware: Firmware Modification", - "Windows Registry: Windows Registry Key Modification", - "File: File Modification" + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Linux", @@ -10378,10 +10378,10 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1564/005", - "https://www.malwaretech.com/2014/11/virtual-file-systems-for-beginners.html", + "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08064459/Equation_group_questions_and_answers.pdf", "https://www.fireeye.com/blog/threat-research/2015/12/fin1-targets-boot-record.html", - "https://www.welivesecurity.com/wp-content/uploads/2020/05/ESET_Turla_ComRAT.pdf", - "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08064459/Equation_group_questions_and_answers.pdf" + "https://www.malwaretech.com/2014/11/virtual-file-systems-for-beginners.html", + "https://www.welivesecurity.com/wp-content/uploads/2020/05/ESET_Turla_ComRAT.pdf" ] }, "related": [ @@ -10402,16 +10402,16 @@ "mitre-attack:privilege-escalation" ], "mitre_data_sources": [ - "Windows Registry: Windows Registry Key Modification", "Command: Command Execution", - "Module: Module Load" + "Module: Module Load", + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1547/005", "http://docplayer.net/20839173-Analysis-of-malicious-security-support-provider-dlls.html", + "https://attack.mitre.org/techniques/T1547/005", "https://technet.microsoft.com/en-us/library/dn408187.aspx" ] }, @@ -10435,9 +10435,9 @@ "Command: Command Execution", "File: File Creation", "Image: Image Metadata", - "Windows Registry: Windows Registry Key Modification", + "Process: Process Creation", "Service: Service Creation", - "Process: Process Creation" + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Linux", @@ -10446,9 +10446,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1564/006", - "https://www.mci.gov.sg/-/media/mcicorp/doc/report-of-the-coi-into-the-cyber-attack-on-singhealth-10-jan-2019.ashx", + "https://embracethered.com/blog/posts/2020/shadowbunny-virtual-machine-red-teaming-technique/", "https://news.sophos.com/en-us/2020/05/21/ragnar-locker-ransomware-deploys-virtual-machine-to-dodge-security/", - "https://embracethered.com/blog/posts/2020/shadowbunny-virtual-machine-red-teaming-technique/" + "https://www.mci.gov.sg/-/media/mcicorp/doc/report-of-the-coi-into-the-cyber-attack-on-singhealth-10-jan-2019.ashx" ] }, "related": [ @@ -10469,19 +10469,19 @@ "mitre-attack:persistence" ], "mitre_data_sources": [ + "Command: Command Execution", "Module: Module Load", "Process: Process Creation", - "Windows Registry: Windows Registry Key Modification", - "Command: Command Execution" + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Windows" ], "refs": [ "https://attack.mitre.org/techniques/T1546/007", + "https://github.com/outflankbv/NetshHelperBeacon", "https://htmlpreview.github.io/?https://github.com/MatthewDemaske/blogbackup/blob/master/netshell.html", - "https://technet.microsoft.com/library/bb490939.aspx", - "https://github.com/outflankbv/NetshHelperBeacon" + "https://technet.microsoft.com/library/bb490939.aspx" ] }, "related": [ @@ -10503,31 +10503,31 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "File: File Modification", - "File: File Creation", - "Process: Process Creation", "Command: Command Execution", - "Module: Module Load" + "File: File Creation", + "File: File Modification", + "Module: Module Load", + "Process: Process Creation" ], "mitre_platforms": [ "Linux", "macOS" ], "refs": [ - "https://attack.mitre.org/techniques/T1574/006", - "https://capec.mitre.org/data/definitions/13.html", - "https://capec.mitre.org/data/definitions/640.html", - "https://www.man7.org/linux/man-pages/man8/ld.so.8.html", - "https://www.tldp.org/HOWTO/Program-Library-HOWTO/shared-libraries.html", - "https://developer.apple.com/library/archive/documentation/DeveloperTools/Conceptual/DynamicLibraries/100-Articles/OverviewOfDynamicLibraries.html", - "https://www.baeldung.com/linux/ld_preload-trick-what-is", - "https://www.datawire.io/code-injection-on-linux-and-macos/", "http://hick.org/code/skape/papers/needle.txt", "http://phrack.org/issues/51/8.html", "http://www.nth-dimension.org.uk/pub/BTL.pdf", - "https://theevilbit.github.io/posts/dyld_insert_libraries_dylib_injection_in_macos_osx_deep_dive/", + "https://attack.mitre.org/techniques/T1574/006", "https://blog.timac.org/2012/1218-simple-code-injection-using-dyld_insert_libraries/", - "https://jon-gabilondo-angulo-7635.medium.com/how-to-inject-code-into-mach-o-apps-part-ii-ddb13ebc8191" + "https://capec.mitre.org/data/definitions/13.html", + "https://capec.mitre.org/data/definitions/640.html", + "https://developer.apple.com/library/archive/documentation/DeveloperTools/Conceptual/DynamicLibraries/100-Articles/OverviewOfDynamicLibraries.html", + "https://jon-gabilondo-angulo-7635.medium.com/how-to-inject-code-into-mach-o-apps-part-ii-ddb13ebc8191", + "https://theevilbit.github.io/posts/dyld_insert_libraries_dylib_injection_in_macos_osx_deep_dive/", + "https://www.baeldung.com/linux/ld_preload-trick-what-is", + "https://www.datawire.io/code-injection-on-linux-and-macos/", + "https://www.man7.org/linux/man-pages/man8/ld.so.8.html", + "https://www.tldp.org/HOWTO/Program-Library-HOWTO/shared-libraries.html" ] }, "related": [ @@ -10547,9 +10547,9 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ + "Application Log: Application Log Content", "Command: Command Execution", - "File: File Modification", - "Application Log: Application Log Content" + "File: File Modification" ], "mitre_platforms": [ "Windows", @@ -10560,12 +10560,12 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1564/008", - "https://support.apple.com/guide/mail/use-rules-to-manage-emails-you-receive-mlhlp1017/mac", - "https://www.microsoft.com/security/blog/2021/06/14/behind-the-scenes-of-business-email-compromise-using-cross-domain-threat-data-to-disrupt-a-large-bec-infrastructure/", - "https://support.microsoft.com/en-us/office/manage-email-messages-by-using-rules-c24f5dea-9465-4df4-ad17-a50704d66c59", "https://docs.microsoft.com/en-us/powershell/module/exchange/new-inboxrule?view=exchange-ps", "https://docs.microsoft.com/en-us/powershell/module/exchange/set-inboxrule?view=exchange-ps", - "https://techcommunity.microsoft.com/t5/security-compliance-and-identity/rule-your-inbox-with-microsoft-cloud-app-security/ba-p/299154" + "https://support.apple.com/guide/mail/use-rules-to-manage-emails-you-receive-mlhlp1017/mac", + "https://support.microsoft.com/en-us/office/manage-email-messages-by-using-rules-c24f5dea-9465-4df4-ad17-a50704d66c59", + "https://techcommunity.microsoft.com/t5/security-compliance-and-identity/rule-your-inbox-with-microsoft-cloud-app-security/ba-p/299154", + "https://www.microsoft.com/security/blog/2021/06/14/behind-the-scenes-of-business-email-compromise-using-cross-domain-threat-data-to-disrupt-a-large-bec-infrastructure/" ] }, "related": [ @@ -10586,8 +10586,8 @@ ], "mitre_data_sources": [ "Instance: Instance Metadata", - "Instance: Instance Start", "Instance: Instance Modification", + "Instance: Instance Start", "Instance: Instance Stop" ], "mitre_platforms": [ @@ -10595,8 +10595,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1578/004", - "https://www.techrepublic.com/blog/the-enterprise-cloud/backing-up-and-restoring-snapshots-on-amazon-ec2-machines/", - "https://cloud.google.com/compute/docs/disks/restore-and-delete-snapshots" + "https://cloud.google.com/compute/docs/disks/restore-and-delete-snapshots", + "https://www.techrepublic.com/blog/the-enterprise-cloud/backing-up-and-restoring-snapshots-on-amazon-ec2-machines/" ] }, "related": [ @@ -10617,10 +10617,10 @@ "mitre-attack:privilege-escalation" ], "mitre_data_sources": [ - "File: File Modification", - "Process: Process Creation", "Command: Command Execution", - "File: File Creation" + "File: File Creation", + "File: File Modification", + "Process: Process Creation" ], "mitre_platforms": [ "Linux" @@ -10663,14 +10663,14 @@ ], "mitre_data_sources": [ "Active Directory: Active Directory Object Access", + "Command: Command Execution", + "File: File Access", "Network Traffic: Network Traffic Content", "Network Traffic: Network Traffic Flow", - "File: File Access", - "Command: Command Execution", - "Process: Process Creation", - "Windows Registry: Windows Registry Key Access", "Process: OS API Execution", - "Process: Process Access" + "Process: Process Access", + "Process: Process Creation", + "Windows Registry: Windows Registry Key Access" ], "mitre_platforms": [ "Linux", @@ -10697,11 +10697,11 @@ "iOS" ], "refs": [ - "https://attack.mitre.org/techniques/T1408", - "https://pages.nist.gov/mobile-threat-catalogue/emm-threats/EMM-5.html", - "https://media.blackhat.com/eu-13/briefings/Brodie/bh-eu-13-lacoon-attacks-mdm-brodie-wp.pdf", + "http://pages.cs.wisc.edu/~vrastogi/static/papers/rcj13b.pdf", "http://www.blackhat.com/us-16/briefings.html#bad-for-enterprise-attacking-byod-enterprise-mobile-security-solutions", - "http://pages.cs.wisc.edu/~vrastogi/static/papers/rcj13b.pdf" + "https://attack.mitre.org/techniques/T1408", + "https://media.blackhat.com/eu-13/briefings/Brodie/bh-eu-13-lacoon-attacks-mdm-brodie-wp.pdf", + "https://pages.nist.gov/mobile-threat-catalogue/emm-threats/EMM-5.html" ] }, "uuid": "b332a960-3c04-495a-827f-f17a5daed3a6", @@ -10800,8 +10800,8 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "Instance: Instance Metadata", - "Instance: Instance Creation" + "Instance: Instance Creation", + "Instance: Instance Metadata" ], "mitre_platforms": [ "IaaS" @@ -10844,9 +10844,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1396", - "https://krebsonsecurity.com/2017/01/who-is-anna-senpai-the-mirai-worm-author/", "https://krebsonsecurity.com/2016/10/are-the-days-of-booter-services-numbered/", - "https://krebsonsecurity.com/2016/10/hackforums-shutters-booter-service-bazaar/" + "https://krebsonsecurity.com/2016/10/hackforums-shutters-booter-service-bazaar/", + "https://krebsonsecurity.com/2017/01/who-is-anna-senpai-the-mirai-worm-author/" ] }, "uuid": "3d1488a6-59e6-455a-8b80-78b53edc33fe", @@ -10861,8 +10861,8 @@ ], "mitre_data_sources": [ "Command: Command Execution", - "Process: Process Creation", - "Process: OS API Execution" + "Process: OS API Execution", + "Process: Process Creation" ], "mitre_platforms": [ "macOS", @@ -10885,15 +10885,15 @@ "mitre-attack:credential-access" ], "mitre_data_sources": [ - "Process: Process Creation", - "Process: OS API Execution", - "Network Traffic: Network Traffic Flow", - "Network Traffic: Network Traffic Content", - "File: File Access", + "Active Directory: Active Directory Object Access", "Command: Command Execution", - "Windows Registry: Windows Registry Key Access", + "File: File Access", + "Network Traffic: Network Traffic Content", + "Network Traffic: Network Traffic Flow", + "Process: OS API Execution", "Process: Process Access", - "Active Directory: Active Directory Object Access" + "Process: Process Creation", + "Windows Registry: Windows Registry Key Access" ], "mitre_platforms": [ "Windows", @@ -10901,16 +10901,16 @@ "macOS" ], "refs": [ - "https://attack.mitre.org/techniques/T1003", - "https://medium.com/threatpunter/detecting-attempts-to-steal-passwords-from-memory-558f16dce4ea", - "https://github.com/mattifestation/PowerSploit", - "https://msdn.microsoft.com/library/cc228086.aspx", - "https://msdn.microsoft.com/library/dd207691.aspx", - "https://wiki.samba.org/index.php/DRSUAPI", "http://www.harmj0y.net/blog/redteaming/mimikatz-and-dcsync-and-extrasids-oh-my/", + "https://adsecurity.org/?p=1729", + "https://attack.mitre.org/techniques/T1003", + "https://github.com/mattifestation/PowerSploit", + "https://medium.com/threatpunter/detecting-attempts-to-steal-passwords-from-memory-558f16dce4ea", + "https://msdn.microsoft.com/library/cc228086.aspx", "https://msdn.microsoft.com/library/cc237008.aspx", "https://msdn.microsoft.com/library/cc245496.aspx", - "https://adsecurity.org/?p=1729" + "https://msdn.microsoft.com/library/dd207691.aspx", + "https://wiki.samba.org/index.php/DRSUAPI" ] }, "uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", @@ -10929,8 +10929,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1004", - "https://capec.mitre.org/data/definitions/579.html", "https://blog.cylance.com/windows-registry-persistence-part-2-the-run-keys-and-search-order", + "https://capec.mitre.org/data/definitions/579.html", "https://technet.microsoft.com/en-us/sysinternals/bb963902" ] }, @@ -10984,8 +10984,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1500", - "https://www.clearskysec.com/wp-content/uploads/2018/11/MuddyWater-Operations-in-Lebanon-and-Oman.pdf", - "https://blog.trendmicro.com/trendlabs-security-intelligence/windows-app-runs-on-mac-downloads-info-stealer-and-adware/" + "https://blog.trendmicro.com/trendlabs-security-intelligence/windows-app-runs-on-mac-downloads-info-stealer-and-adware/", + "https://www.clearskysec.com/wp-content/uploads/2018/11/MuddyWater-Operations-in-Lebanon-and-Oman.pdf" ] }, "related": [ @@ -11008,15 +11008,15 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "Drive: Drive Access", - "Command: Command Execution" + "Command: Command Execution", + "Drive: Drive Access" ], "mitre_platforms": [ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1006", "http://www.codeproject.com/Articles/32169/FDump-Dumping-File-Sectors-Directly-from-Disk-usin", + "https://attack.mitre.org/techniques/T1006", "https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-NinjaCopy.ps1" ] }, @@ -11031,8 +11031,8 @@ "mitre-attack:discovery" ], "mitre_data_sources": [ - "Process: Process Creation", - "Command: Command Execution" + "Command: Command Execution", + "Process: Process Creation" ], "mitre_platforms": [ "Windows", @@ -11055,9 +11055,9 @@ "mitre-attack:lateral-movement" ], "mitre_data_sources": [ - "Network Share: Network Share Access", "File: File Creation", "File: File Modification", + "Network Share: Network Share Access", "Process: Process Creation" ], "mitre_platforms": [ @@ -11088,8 +11088,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1101", "http://docplayer.net/20839173-Analysis-of-malicious-security-support-provider-dlls.html", + "https://attack.mitre.org/techniques/T1101", "https://technet.microsoft.com/en-us/library/dn408187.aspx" ] }, @@ -11113,9 +11113,9 @@ "mitre-attack:discovery" ], "mitre_data_sources": [ - "Process: Process Creation", + "Command: Command Execution", "Process: OS API Execution", - "Command: Command Execution" + "Process: Process Creation" ], "mitre_platforms": [ "Windows", @@ -11154,8 +11154,8 @@ "refs": [ "https://attack.mitre.org/techniques/T1201", "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccountPasswordPolicy.html", - "https://www.jamf.com/jamf-nation/discussions/18574/user-password-policies-on-non-ad-machines", "https://superuser.com/questions/150675/how-to-display-password-policy-information-for-a-user-ubuntu", + "https://www.jamf.com/jamf-nation/discussions/18574/user-password-policies-on-non-ad-machines", "https://www.us-cert.gov/ncas/alerts/TA18-106A" ] }, @@ -11190,14 +11190,14 @@ "macOS" ], "refs": [ + "http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-finding-holes-operation-emmental.pdf", "https://attack.mitre.org/techniques/T1130", "https://capec.mitre.org/data/definitions/479.html", - "https://en.wikipedia.org/wiki/Root_certificate", - "http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-finding-holes-operation-emmental.pdf", - "https://www.kaspersky.com/blog/lenovo-pc-with-adware-superfish-preinstalled/7712/", - "https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec", - "https://objective-see.com/blog/blog_0x26.html", "https://docs.microsoft.com/sysinternals/downloads/sigcheck", + "https://en.wikipedia.org/wiki/Root_certificate", + "https://objective-see.com/blog/blog_0x26.html", + "https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec", + "https://www.kaspersky.com/blog/lenovo-pc-with-adware-superfish-preinstalled/7712/", "https://www.tripwire.com/state-of-security/off-topic/appunblocker-bypassing-applocker/" ] }, @@ -11227,9 +11227,9 @@ "refs": [ "https://attack.mitre.org/techniques/T1031", "https://capec.mitre.org/data/definitions/551.html", - "https://twitter.com/r0wdy_/status/936365549553991680", "https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753662(v=ws.11)", - "https://technet.microsoft.com/en-us/sysinternals/bb963902" + "https://technet.microsoft.com/en-us/sysinternals/bb963902", + "https://twitter.com/r0wdy_/status/936365549553991680" ] }, "related": [ @@ -11256,8 +11256,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1401", - "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-22.html", - "https://developer.android.com/reference/android/app/admin/DeviceAdminInfo" + "https://developer.android.com/reference/android/app/admin/DeviceAdminInfo", + "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-22.html" ] }, "uuid": "82f04b1e-5371-4a6f-be06-411f0f43b483", @@ -11282,8 +11282,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1105", "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/techniques/T1105", "https://lolbas-project.github.io/#t1105 ", "https://www.ptsecurity.com/upload/corporate/ww-en/analytics/Cobalt-Snatch-eng.pdf" ] @@ -11327,8 +11327,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1601", - "https://tools.cisco.com/security/center/resources/integrity_assurance.html#7", - "https://tools.cisco.com/security/center/resources/integrity_assurance.html#13" + "https://tools.cisco.com/security/center/resources/integrity_assurance.html#13", + "https://tools.cisco.com/security/center/resources/integrity_assurance.html#7" ] }, "uuid": "ae7f3575-0a5e-427e-991b-fe03ad44c754", @@ -11381,8 +11381,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1071", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/techniques/T1071" ] }, "uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", @@ -11403,10 +11403,10 @@ "macOS" ], "refs": [ + "http://blogs.technet.com/b/srd/archive/2014/05/13/ms14-025-an-update-for-group-policy-preferences.aspx", + "http://carnal0wnage.attackresearch.com/2014/05/mimikatz-against-virtual-machine-memory.html", "https://attack.mitre.org/techniques/T1081", "https://capec.mitre.org/data/definitions/639.html", - "http://carnal0wnage.attackresearch.com/2014/05/mimikatz-against-virtual-machine-memory.html", - "http://blogs.technet.com/b/srd/archive/2014/05/13/ms14-025-an-update-for-group-policy-preferences.aspx", "https://posts.specterops.io/head-in-the-clouds-bd038bb69e48" ] }, @@ -11430,10 +11430,10 @@ "mitre-attack:discovery" ], "mitre_data_sources": [ - "Process: Process Creation", - "Network Traffic: Network Connection Creation", + "Command: Command Execution", "File: File Access", - "Command: Command Execution" + "Network Traffic: Network Connection Creation", + "Process: Process Creation" ], "mitre_platforms": [ "Linux", @@ -11443,10 +11443,10 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1018", + "https://capec.mitre.org/data/definitions/292.html", "https://us-cert.cisa.gov/ncas/analysis-reports/ar21-126a", "https://www.elastic.co/blog/embracing-offensive-tooling-building-detections-against-koadic-using-eql", - "https://www.us-cert.gov/ncas/alerts/TA18-106A", - "https://capec.mitre.org/data/definitions/292.html" + "https://www.us-cert.gov/ncas/alerts/TA18-106A" ] }, "uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", @@ -11468,9 +11468,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1202", - "https://twitter.com/vector_sec/status/896049052642533376", + "https://community.rsa.com/community/products/netwitness/blog/2017/08/14/are-you-looking-out-for-forfilesexe-if-you-are-watching-for-cmdexe", "https://twitter.com/Evi1cg/status/935027922397573120", - "https://community.rsa.com/community/products/netwitness/blog/2017/08/14/are-you-looking-out-for-forfilesexe-if-you-are-watching-for-cmdexe" + "https://twitter.com/vector_sec/status/896049052642533376" ] }, "uuid": "3b0e52ce-517a-4614-a523-1bd5deef6c5e", @@ -11493,12 +11493,12 @@ "refs": [ "https://attack.mitre.org/techniques/T1220", "https://docs.microsoft.com/dotnet/standard/data/xml/xslt-stylesheet-scripting-using-msxsl-script", - "https://www.microsoft.com/download/details.aspx?id=21714", + "https://lolbas-project.github.io/lolbas/Binaries/Wmic/", + "https://medium.com/@threathuntingteam/msxsl-exe-and-wmic-exe-a-way-to-proxy-code-execution-8d524f642b75", "https://pentestlab.blog/2017/07/06/applocker-bypass-msxsl/", "https://reaqta.com/2018/03/spear-phishing-campaign-leveraging-msxsl/", - "https://medium.com/@threathuntingteam/msxsl-exe-and-wmic-exe-a-way-to-proxy-code-execution-8d524f642b75", - "https://lolbas-project.github.io/lolbas/Binaries/Wmic/", - "https://twitter.com/dez_/status/986614411711442944" + "https://twitter.com/dez_/status/986614411711442944", + "https://www.microsoft.com/download/details.aspx?id=21714" ] }, "uuid": "ebbe170d-aa74-4946-8511-9921243415a3", @@ -11518,11 +11518,11 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1032", "http://www.sans.org/reading-room/whitepapers/analyst/finding-hidden-threats-decrypting-ssl-34840", + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/techniques/T1032", "https://insights.sei.cmu.edu/cert/2015/03/the-risks-of-ssl-inspection.html", - "https://www.fidelissecurity.com/sites/default/files/FTA_1018_looking_at_the_sky_for_a_dark_comet.pdf", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://www.fidelissecurity.com/sites/default/files/FTA_1018_looking_at_the_sky_for_a_dark_comet.pdf" ] }, "related": [ @@ -11565,10 +11565,10 @@ "Windows" ], "refs": [ + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", "https://attack.mitre.org/techniques/T1024", "https://blog.f-secure.com/wp-content/uploads/2019/10/CosmicDuke.pdf", - "https://www.fidelissecurity.com/sites/default/files/FTA_1018_looking_at_the_sky_for_a_dark_comet.pdf", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://www.fidelissecurity.com/sites/default/files/FTA_1018_looking_at_the_sky_for_a_dark_comet.pdf" ] }, "related": [ @@ -11596,8 +11596,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1520", - "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/", - "https://datadrivensecurity.info/blog/posts/2014/Oct/dga-part2/" + "https://datadrivensecurity.info/blog/posts/2014/Oct/dga-part2/", + "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/" ] }, "uuid": "60623164-ccd8-4508-a141-b5a34820b3de", @@ -11617,12 +11617,12 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1502", - "https://blog.didierstevens.com/2009/11/22/quickpost-selectmyparent-or-playing-with-the-windows-process-tree/", - "https://docs.microsoft.com/windows/security/identity-protection/user-account-control/how-user-account-control-works", - "https://www.countercept.com/blog/detecting-parent-pid-spoofing/", "https://blog.christophetd.fr/building-an-office-macro-to-spoof-process-parent-and-command-line/", + "https://blog.didierstevens.com/2009/11/22/quickpost-selectmyparent-or-playing-with-the-windows-process-tree/", "https://blog.xpnsec.com/becoming-system/", "https://docs.microsoft.com/windows/desktop/ProcThread/process-creation-flags", + "https://docs.microsoft.com/windows/security/identity-protection/user-account-control/how-user-account-control-works", + "https://www.countercept.com/blog/detecting-parent-pid-spoofing/", "https://www.securityinbits.com/malware-analysis/parent-pid-spoofing-stage-2-ataware-ransomware-part-3" ] }, @@ -11656,15 +11656,15 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1620", "https://0x00sec.org/t/super-stealthy-droppers/3715", - "https://www.sentinelone.com/blog/building-a-custom-tool-for-shellcode-analysis/", - "https://www.mandiant.com/resources/bring-your-own-land-novel-red-teaming-technique", - "https://www.sentinelone.com/blog/teaching-an-old-rat-new-tricks/", - "https://www.mdsec.co.uk/2020/06/detecting-and-advancing-in-memory-net-tradecraft/", - "https://www.intezer.com/blog/research/acbackdoor-analysis-of-a-new-multiplatform-backdoor/", + "https://attack.mitre.org/techniques/T1620", "https://magisterquis.github.io/2018/03/31/in-memory-only-elf-execution.html", - "https://thewover.github.io/Introducing-Donut/" + "https://thewover.github.io/Introducing-Donut/", + "https://www.intezer.com/blog/research/acbackdoor-analysis-of-a-new-multiplatform-backdoor/", + "https://www.mandiant.com/resources/bring-your-own-land-novel-red-teaming-technique", + "https://www.mdsec.co.uk/2020/06/detecting-and-advancing-in-memory-net-tradecraft/", + "https://www.sentinelone.com/blog/building-a-custom-tool-for-shellcode-analysis/", + "https://www.sentinelone.com/blog/teaching-an-old-rat-new-tricks/" ] }, "uuid": "4933e63b-9b77-476e-ab29-761bc5b7d15a", @@ -11678,21 +11678,21 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "Active Directory: Active Directory Object Modification", - "User Account: User Account Authentication", "Active Directory: Active Directory Object Creation", - "Network Traffic: Network Traffic Content" + "Active Directory: Active Directory Object Modification", + "Network Traffic: Network Traffic Content", + "User Account: User Account Authentication" ], "mitre_platforms": [ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1207", - "https://www.dcshadow.com/", + "https://adds-security.blogspot.fr/2018/02/detecter-dcshadow-impossible.html", "https://adsecurity.org/?page_id=1821", + "https://attack.mitre.org/techniques/T1207", "https://github.com/shellster/DCSYNCMonitor", "https://msdn.microsoft.com/en-us/library/ms677626.aspx", - "https://adds-security.blogspot.fr/2018/02/detecter-dcshadow-impossible.html" + "https://www.dcshadow.com/" ] }, "uuid": "564998d8-ab3e-4123-93fb-eccaa6b9714a", @@ -11731,9 +11731,9 @@ "mitre-attack:discovery" ], "mitre_data_sources": [ - "Process: OS API Execution", - "Instance: Instance Metadata", "Command: Command Execution", + "Instance: Instance Metadata", + "Process: OS API Execution", "Process: Process Creation" ], "mitre_platforms": [ @@ -11745,13 +11745,13 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1082", - "https://docs.aws.amazon.com/cli/latest/reference/ssm/describe-instance-information.html", + "https://capec.mitre.org/data/definitions/312.html", "https://cloud.google.com/compute/docs/reference/rest/v1/instances", + "https://docs.aws.amazon.com/cli/latest/reference/ssm/describe-instance-information.html", "https://docs.microsoft.com/en-us/rest/api/compute/virtualmachines/get", "https://labs.sentinelone.com/20-common-tools-techniques-used-by-macos-threat-actors-malware/", "https://www.sentinelone.com/blog/trail-osx-fairytale-adware-playing-malware/", - "https://www.us-cert.gov/ncas/alerts/TA18-106A", - "https://capec.mitre.org/data/definitions/312.html" + "https://www.us-cert.gov/ncas/alerts/TA18-106A" ] }, "uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", @@ -11770,11 +11770,11 @@ "Windows" ], "refs": [ + "http://msdn.microsoft.com/en-us/library/aa384426", "https://attack.mitre.org/techniques/T1028", "https://capec.mitre.org/data/definitions/555.html", - "http://msdn.microsoft.com/en-us/library/aa384426", - "https://www.slideshare.net/kieranjacobsen/lateral-movement-with-power-shell-2", - "https://medium.com/threatpunter/detecting-lateral-movement-using-sysmon-and-splunk-318d3be141bc" + "https://medium.com/threatpunter/detecting-lateral-movement-using-sysmon-and-splunk-318d3be141bc", + "https://www.slideshare.net/kieranjacobsen/lateral-movement-with-power-shell-2" ] }, "related": [ @@ -11803,8 +11803,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1043", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/techniques/T1043" ] }, "uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", @@ -11897,12 +11897,12 @@ "Android" ], "refs": [ + "http://bits-please.blogspot.co.il/2016/05/war-of-worlds-hijacking-linux-kernel.html", "https://attack.mitre.org/techniques/T1405", - "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-27.html", - "https://usmile.at/symposium/program/2015/thomas-holmes", "https://bits-please.blogspot.in/2016/06/extracting-qualcomms-keymaster-keys.html", + "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-27.html", "https://usmile.at/symposium/program/2015/ekberg", - "http://bits-please.blogspot.co.il/2016/05/war-of-worlds-hijacking-linux-kernel.html" + "https://usmile.at/symposium/program/2015/thomas-holmes" ] }, "uuid": "ef771e03-e080-43b4-a619-ac6f84899884", @@ -11916,9 +11916,9 @@ "mitre-attack:discovery" ], "mitre_data_sources": [ - "Network Traffic: Network Traffic Flow", + "Cloud Service: Cloud Service Enumeration", "Command: Command Execution", - "Cloud Service: Cloud Service Enumeration" + "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ "Windows", @@ -11930,10 +11930,10 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1046", + "https://capec.mitre.org/data/definitions/300.html", "https://developer.apple.com/library/archive/documentation/Cocoa/Conceptual/NetServices/Introduction.html", - "https://us-cert.cisa.gov/ncas/analysis-reports/ar21-126a", "https://themittenmac.com/what-does-apt-activity-look-like-on-macos/", - "https://capec.mitre.org/data/definitions/300.html" + "https://us-cert.cisa.gov/ncas/analysis-reports/ar21-126a" ] }, "uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", @@ -11965,8 +11965,8 @@ "mitre-attack:execution" ], "mitre_data_sources": [ - "Network Traffic: Network Connection Creation", "Command: Command Execution", + "Network Traffic: Network Connection Creation", "Process: Process Creation" ], "mitre_platforms": [ @@ -11974,9 +11974,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1047", + "https://msdn.microsoft.com/en-us/library/aa394582.aspx", "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-windows-management-instrumentation.pdf", - "https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/sans-dfir-2015.pdf", - "https://msdn.microsoft.com/en-us/library/aa394582.aspx" + "https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/sans-dfir-2015.pdf" ] }, "uuid": "01a5a209-b94c-450b-b7f9-946497d91055", @@ -11990,10 +11990,10 @@ "mitre-attack:impact" ], "mitre_data_sources": [ - "Process: Process Creation", - "File: File Deletion", - "Service: Service Metadata", "Command: Command Execution", + "File: File Deletion", + "Process: Process Creation", + "Service: Service Metadata", "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ @@ -12003,8 +12003,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1490", - "https://www.fireeye.com/blog/threat-research/2017/05/wannacry-malware-profile.html", - "https://blog.talosintelligence.com/2018/02/olympic-destroyer.html" + "https://blog.talosintelligence.com/2018/02/olympic-destroyer.html", + "https://www.fireeye.com/blog/threat-research/2017/05/wannacry-malware-profile.html" ] }, "uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", @@ -12018,11 +12018,11 @@ "mitre-attack:persistence" ], "mitre_data_sources": [ - "File: File Creation", - "Network Traffic: Network Traffic Flow", - "Network Traffic: Network Traffic Content", "Application Log: Application Log Content", + "File: File Creation", "File: File Modification", + "Network Traffic: Network Traffic Content", + "Network Traffic: Network Traffic Flow", "Process: Process Creation" ], "mitre_platforms": [ @@ -12046,10 +12046,10 @@ "mitre-attack:collection" ], "mitre_data_sources": [ - "File: File Creation", "Command: Command Execution", - "Script: Script Execution", - "Process: Process Creation" + "File: File Creation", + "Process: Process Creation", + "Script: Script Execution" ], "mitre_platforms": [ "Linux", @@ -12079,8 +12079,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1506", - "https://wunderwuzzi23.github.io/blog/passthecookie.html", - "https://unit42.paloaltonetworks.com/mac-malware-steals-cryptocurrency-exchanges-cookies/" + "https://unit42.paloaltonetworks.com/mac-malware-steals-cryptocurrency-exchanges-cookies/", + "https://wunderwuzzi23.github.io/blog/passthecookie.html" ] }, "related": [ @@ -12109,8 +12109,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1065", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/techniques/T1065" ] }, "related": [ @@ -12154,9 +12154,9 @@ "Windows" ], "refs": [ + "https://apps.nsa.gov/iaarchive/library/reports/spotting-the-adversary-with-windows-event-log-monitoring.cfm", "https://attack.mitre.org/techniques/T1075", - "https://capec.mitre.org/data/definitions/644.html", - "https://apps.nsa.gov/iaarchive/library/reports/spotting-the-adversary-with-windows-event-log-monitoring.cfm" + "https://capec.mitre.org/data/definitions/644.html" ] }, "related": [ @@ -12179,14 +12179,14 @@ "mitre-attack:lateral-movement" ], "mitre_data_sources": [ - "Network Traffic: Network Traffic Flow", - "Named Pipe: Named Pipe Metadata", - "Process: Process Creation", - "Network Share: Network Share Access", - "File: File Creation", "Command: Command Execution", + "File: File Creation", "File: File Metadata", - "Network Traffic: Network Traffic Content" + "Named Pipe: Named Pipe Metadata", + "Network Share: Network Share Access", + "Network Traffic: Network Traffic Content", + "Network Traffic: Network Traffic Flow", + "Process: Process Creation" ], "mitre_platforms": [ "Linux", @@ -12213,9 +12213,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1508", - "https://www.welivesecurity.com/2018/12/11/android-trojan-steals-money-paypal-accounts-2fa/", + "https://www.cyber.nj.gov/threat-profiles/android-malware-variants/bankbot-spybanker", "https://www.welivesecurity.com/2017/02/22/sunny-chance-stolen-credentials-malicious-weather-app-found-google-play/", - "https://www.cyber.nj.gov/threat-profiles/android-malware-variants/bankbot-spybanker" + "https://www.welivesecurity.com/2018/12/11/android-trojan-steals-money-paypal-accounts-2fa/" ] }, "uuid": "fd658820-cbba-4c95-8ac9-0fac6b1099e2", @@ -12229,30 +12229,30 @@ "mitre-attack:discovery" ], "mitre_data_sources": [ - "Volume: Volume Enumeration", - "Instance: Instance Metadata", - "Instance: Instance Enumeration", - "Snapshot: Snapshot Metadata", - "Cloud Storage: Cloud Storage Metadata", "Cloud Storage: Cloud Storage Enumeration", - "Volume: Volume Metadata", - "Snapshot: Snapshot Enumeration" + "Cloud Storage: Cloud Storage Metadata", + "Instance: Instance Enumeration", + "Instance: Instance Metadata", + "Snapshot: Snapshot Enumeration", + "Snapshot: Snapshot Metadata", + "Volume: Volume Enumeration", + "Volume: Volume Metadata" ], "mitre_platforms": [ "IaaS" ], "refs": [ "https://attack.mitre.org/techniques/T1580", - "https://expel.io/blog/finding-evil-in-aws/", - "https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html", - "https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html", - "https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBInstances.html", - "https://docs.aws.amazon.com/cli/latest/reference/ssm/describe-instance-information.html", - "https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html", + "https://blog.malwarebytes.com/researchers-corner/2019/09/hacking-with-aws-incorporating-leaky-buckets-osint-workflow/", "https://cloud.google.com/sdk/gcloud/reference/compute/instances/list", "https://content.fireeye.com/m-trends/rpt-m-trends-2020", + "https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html", + "https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBInstances.html", + "https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html", + "https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html", + "https://docs.aws.amazon.com/cli/latest/reference/ssm/describe-instance-information.html", "https://docs.microsoft.com/en-us/cli/azure/ad/user?view=azure-cli-latest", - "https://blog.malwarebytes.com/researchers-corner/2019/09/hacking-with-aws-incorporating-leaky-buckets-osint-workflow/" + "https://expel.io/blog/finding-evil-in-aws/" ] }, "uuid": "57a3d31a-d04f-4663-b2da-7df8ec3f8c9d", @@ -12284,9 +12284,9 @@ "mitre-attack:credential-access" ], "mitre_data_sources": [ - "Web Credential: Web Credential Usage", + "Logon Session: Logon Session Creation", "Web Credential: Web Credential Creation", - "Logon Session: Logon Session Creation" + "Web Credential: Web Credential Usage" ], "mitre_platforms": [ "SaaS", @@ -12301,9 +12301,9 @@ "refs": [ "https://attack.mitre.org/techniques/T1606", "https://github.com/damianh/aws-adfs-credential-generator", - "https://wunderwuzzi23.github.io/blog/passthecookie.html", + "https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/", "https://unit42.paloaltonetworks.com/mac-malware-steals-cryptocurrency-exchanges-cookies/", - "https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/" + "https://wunderwuzzi23.github.io/blog/passthecookie.html" ] }, "uuid": "94cb00a4-b295-4d06-aa2b-5653b9c1be9c", @@ -12321,13 +12321,13 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1076", - "https://capec.mitre.org/data/definitions/555.html", - "https://technet.microsoft.com/en-us/windowsserver/ee236407.aspx", "http://blog.crowdstrike.com/adversary-tricks-crowdstrike-treats/", "http://www.korznikov.com/2017/03/0-day-or-feature-privilege-escalation.html", + "https://attack.mitre.org/techniques/T1076", + "https://capec.mitre.org/data/definitions/555.html", + "https://github.com/nccgroup/redsnarf", "https://medium.com/@networksecurity/rdp-hijacking-how-to-hijack-rds-and-remoteapp-sessions-transparently-to-move-through-an-da2a1e73a5f6", - "https://github.com/nccgroup/redsnarf" + "https://technet.microsoft.com/en-us/windowsserver/ee236407.aspx" ] }, "related": [ @@ -12350,8 +12350,8 @@ "mitre-attack:execution" ], "mitre_data_sources": [ - "Process: Process Creation", - "Command: Command Execution" + "Command: Command Execution", + "Process: Process Creation" ], "mitre_platforms": [ "Containers" @@ -12359,10 +12359,10 @@ "refs": [ "https://attack.mitre.org/techniques/T1609", "https://docs.docker.com/engine/reference/commandline/dockerd/", + "https://docs.docker.com/engine/reference/commandline/exec/", + "https://docs.docker.com/engine/reference/run/#entrypoint-default-command-to-execute-at-runtime", "https://kubernetes.io/docs/concepts/overview/kubernetes-api/", "https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/", - "https://docs.docker.com/engine/reference/run/#entrypoint-default-command-to-execute-at-runtime", - "https://docs.docker.com/engine/reference/commandline/exec/", "https://kubernetes.io/docs/tasks/debug-application-cluster/get-shell-running-container/" ] }, @@ -12381,15 +12381,15 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1096", - "https://posts.specterops.io/host-based-threat-modeling-indicator-design-a9dbbb53d5ea", - "https://blogs.technet.microsoft.com/askcore/2010/08/25/ntfs-file-attributes/", - "http://msdn.microsoft.com/en-us/library/aa364404", - "https://blog.malwarebytes.com/101/2015/07/introduction-to-alternate-data-streams/", - "https://blogs.technet.microsoft.com/askcore/2013/03/24/alternate-data-streams-in-ntfs/", "http://journeyintoir.blogspot.com/2012/12/extracting-zeroaccess-from-ntfs.html", + "http://msdn.microsoft.com/en-us/library/aa364404", + "https://attack.mitre.org/techniques/T1096", + "https://blog.malwarebytes.com/101/2015/07/introduction-to-alternate-data-streams/", + "https://blogs.technet.microsoft.com/askcore/2010/08/25/ntfs-file-attributes/", + "https://blogs.technet.microsoft.com/askcore/2013/03/24/alternate-data-streams-in-ntfs/", "https://oddvar.moe/2018/01/14/putting-data-in-alternate-data-streams-and-how-to-execute-it/", "https://oddvar.moe/2018/04/11/putting-data-in-alternate-data-streams-and-how-to-execute-it-part-2/", + "https://posts.specterops.io/host-based-threat-modeling-indicator-design-a9dbbb53d5ea", "https://www.symantec.com/connect/articles/what-you-need-know-about-alternate-data-streams-windows-your-data-secure-can-you-restore" ] }, @@ -12413,12 +12413,12 @@ "mitre-attack:discovery" ], "mitre_data_sources": [ + "Application Log: Application Log Content", + "Command: Command Execution", "Group: Group Enumeration", "Group: Group Metadata", - "Application Log: Application Log Content", - "Process: Process Creation", "Pod: Pod Metadata", - "Command: Command Execution" + "Process: Process Creation" ], "mitre_platforms": [ "Windows", @@ -12452,15 +12452,15 @@ "Windows" ], "refs": [ + "http://support.microsoft.com/kb/314984", "https://attack.mitre.org/techniques/T1077", "https://capec.mitre.org/data/definitions/561.html", - "https://en.wikipedia.org/wiki/Server_Message_Block", - "https://technet.microsoft.com/en-us/library/cc787851.aspx", - "http://support.microsoft.com/kb/314984", - "https://technet.microsoft.com/bb490717.aspx", - "https://docs.microsoft.com/en-us/archive/blogs/jepayne/tracking-lateral-movement-part-one-special-groups-and-specific-service-accounts", "https://docs.microsoft.com/en-us/archive/blogs/jepayne/monitoring-what-matters-windows-event-forwarding-for-everyone-even-if-you-already-have-a-siem", - "https://medium.com/threatpunter/detecting-lateral-movement-using-sysmon-and-splunk-318d3be141bc" + "https://docs.microsoft.com/en-us/archive/blogs/jepayne/tracking-lateral-movement-part-one-special-groups-and-specific-service-accounts", + "https://en.wikipedia.org/wiki/Server_Message_Block", + "https://medium.com/threatpunter/detecting-lateral-movement-using-sysmon-and-splunk-318d3be141bc", + "https://technet.microsoft.com/bb490717.aspx", + "https://technet.microsoft.com/en-us/library/cc787851.aspx" ] }, "related": [ @@ -12487,11 +12487,11 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1097", - "https://capec.mitre.org/data/definitions/645.html", - "https://adsecurity.org/?p=556", "http://blog.gentilkiwi.com/securite/mimikatz/pass-the-ticket-kerberos", "http://defcon.org/images/defcon-22/dc-22-presentations/Campbell/DEFCON-22-Christopher-Campbell-The-Secret-Life-of-Krbtgt.pdf", + "https://adsecurity.org/?p=556", + "https://attack.mitre.org/techniques/T1097", + "https://capec.mitre.org/data/definitions/645.html", "https://cert.europa.eu/static/WhitePapers/UPDATED%20-%20CERT-EU_Security_Whitepaper_2014-007_Kerberos_Golden_Ticket_Protection_v1_4.pdf" ] }, @@ -12551,9 +12551,9 @@ "macOS" ], "refs": [ + "https://arstechnica.com/security/2016/07/after-hiatus-in-the-wild-mac-backdoors-are-suddenly-back/", "https://attack.mitre.org/techniques/T1151", - "https://capec.mitre.org/data/definitions/649.html", - "https://arstechnica.com/security/2016/07/after-hiatus-in-the-wild-mac-backdoors-are-suddenly-back/" + "https://capec.mitre.org/data/definitions/649.html" ] }, "related": [ @@ -12576,10 +12576,10 @@ "mitre-attack:privilege-escalation" ], "mitre_data_sources": [ - "Volume: Volume Modification", "Container: Container Creation", + "Process: OS API Execution", "Process: Process Creation", - "Process: OS API Execution" + "Volume: Volume Modification" ], "mitre_platforms": [ "Windows", @@ -12590,9 +12590,9 @@ "https://attack.mitre.org/techniques/T1611", "https://docs.docker.com/get-started/overview/", "https://docs.docker.com/storage/bind-mounts/", - "https://www.trendmicro.com/en_us/research/19/l/why-running-a-privileged-container-in-docker-is-a-bad-idea.html", + "https://unit42.paloaltonetworks.com/windows-server-containers-vulnerabilities/", "https://www.intezer.com/blog/cloud-security/watch-your-containers-doki-infecting-docker-servers-in-the-cloud/", - "https://unit42.paloaltonetworks.com/windows-server-containers-vulnerabilities/" + "https://www.trendmicro.com/en_us/research/19/l/why-running-a-privileged-container-in-docker-is-a-bad-idea.html" ] }, "uuid": "4a5b7ade-8bb5-4853-84ed-23f262002665", @@ -12667,20 +12667,20 @@ "mitre-attack:discovery" ], "mitre_data_sources": [ - "Process: Process Creation", + "Command: Command Execution", "Process: OS API Execution", - "Command: Command Execution" + "Process: Process Creation" ], "mitre_platforms": [ "Windows" ], "refs": [ + "https://any.run/cybersecurity-blog/time-bombs-malware-with-delayed-execution/", "https://attack.mitre.org/techniques/T1124", "https://capec.mitre.org/data/definitions/295.html", "https://msdn.microsoft.com/ms724961.aspx", "https://technet.microsoft.com/windows-server-docs/identity/ad-ds/get-started/windows-time-service/windows-time-service-tools-and-settings", - "https://www.rsaconference.com/writable/presentations/file_upload/ht-209_rivner_schwartz.pdf", - "https://any.run/cybersecurity-blog/time-bombs-malware-with-delayed-execution/" + "https://www.rsaconference.com/writable/presentations/file_upload/ht-209_rivner_schwartz.pdf" ] }, "uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", @@ -12755,9 +12755,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1128", - "https://technet.microsoft.com/library/bb490939.aspx", + "https://github.com/outflankbv/NetshHelperBeacon", "https://htmlpreview.github.io/?https://github.com/MatthewDemaske/blogbackup/blob/master/netshell.html", - "https://github.com/outflankbv/NetshHelperBeacon" + "https://technet.microsoft.com/library/bb490939.aspx" ] }, "related": [ @@ -12780,10 +12780,10 @@ "mitre-attack:command-and-control" ], "mitre_data_sources": [ - "Network Traffic: Network Traffic Content", "Network Traffic: Network Connection Creation", - "Process: Process Creation", - "Network Traffic: Network Traffic Flow" + "Network Traffic: Network Traffic Content", + "Network Traffic: Network Traffic Flow", + "Process: Process Creation" ], "mitre_platforms": [ "Linux", @@ -12792,8 +12792,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1219", - "https://go.crowdstrike.com/rs/281-OBQ-266/images/15GlobalThreatReport.pdf", "https://blog.crysys.hu/2013/03/teamspy/", + "https://go.crowdstrike.com/rs/281-OBQ-266/images/15GlobalThreatReport.pdf", "https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/istr-living-off-the-land-and-fileless-attack-techniques-en.pdf" ] }, @@ -12809,9 +12809,9 @@ "mitre-attack:initial-access" ], "mitre_data_sources": [ - "Network Traffic: Network Traffic Flow", + "Application Log: Application Log Content", "Logon Session: Logon Session Metadata", - "Application Log: Application Log Content" + "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ "Windows", @@ -12823,9 +12823,9 @@ "https://attack.mitre.org/techniques/T1133", "https://capec.mitre.org/data/definitions/555.html", "https://support.apple.com/guide/remote-desktop/set-up-a-computer-running-vnc-software-apdbed09830/mac", - "https://www.volexity.com/blog/2015/10/07/virtual-private-keylogging-cisco-web-vpns-leveraged-for-access-and-persistence/", + "https://unit42.paloaltonetworks.com/hildegard-malware-teamtnt/", "https://www.trendmicro.com/en_us/research/20/f/xorddos-kaiji-botnet-malware-variants-target-exposed-docker-servers.html", - "https://unit42.paloaltonetworks.com/hildegard-malware-teamtnt/" + "https://www.volexity.com/blog/2015/10/07/virtual-private-keylogging-cisco-web-vpns-leveraged-for-access-and-persistence/" ] }, "uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", @@ -12856,9 +12856,9 @@ "mitre_data_sources": [ "Active Directory: Active Directory Object Modification", "Command: Command Execution", + "Process: OS API Execution", "Process: Process Creation", "Process: Process Metadata", - "Process: OS API Execution", "User Account: User Account Metadata" ], "mitre_platforms": [ @@ -12867,11 +12867,11 @@ "refs": [ "https://attack.mitre.org/techniques/T1134", "https://capec.mitre.org/data/definitions/633.html", + "https://msdn.microsoft.com/en-us/library/windows/desktop/aa378184(v=vs.85).aspx", + "https://msdn.microsoft.com/en-us/library/windows/desktop/aa378612(v=vs.85).aspx", + "https://msdn.microsoft.com/en-us/library/windows/desktop/aa446617(v=vs.85).aspx", "https://pentestlab.blog/2017/04/03/token-manipulation/", "https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-ds/manage/component-updates/command-line-process-auditing", - "https://msdn.microsoft.com/en-us/library/windows/desktop/aa378184(v=vs.85).aspx", - "https://msdn.microsoft.com/en-us/library/windows/desktop/aa446617(v=vs.85).aspx", - "https://msdn.microsoft.com/en-us/library/windows/desktop/aa378612(v=vs.85).aspx", "https://www.blackhat.com/docs/eu-17/materials/eu-17-Atkinson-A-Process-Is-No-One-Hunting-For-Token-Manipulation.pdf" ] }, @@ -12886,9 +12886,9 @@ "mitre-attack:impact" ], "mitre_data_sources": [ - "User Account: User Account Modification", "Active Directory: Active Directory Object Modification", - "User Account: User Account Deletion" + "User Account: User Account Deletion", + "User Account: User Account Modification" ], "mitre_platforms": [ "Linux", @@ -12899,8 +12899,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1531", - "https://www.carbonblack.com/2019/03/22/tau-threat-intelligence-notification-lockergoga-ransomware/", - "https://unit42.paloaltonetworks.com/born-this-way-origins-of-lockergoga/" + "https://unit42.paloaltonetworks.com/born-this-way-origins-of-lockergoga/", + "https://www.carbonblack.com/2019/03/22/tau-threat-intelligence-notification-lockergoga-ransomware/" ] }, "uuid": "b24e2a20-3b3d-4bf0-823b-1ed765398fb0", @@ -12941,14 +12941,14 @@ "mitre-attack:persistence" ], "mitre_data_sources": [ - "Windows Registry: Windows Registry Key Creation", "Application Log: Application Log Content", - "Module: Module Load", - "Process: Process Creation", "Command: Command Execution", "File: File Creation", - "Windows Registry: Windows Registry Key Modification", - "File: File Modification" + "File: File Modification", + "Module: Module Load", + "Process: Process Creation", + "Windows Registry: Windows Registry Key Creation", + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Windows", @@ -12956,12 +12956,12 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1137", - "https://github.com/sensepost/ruler", "https://blogs.technet.microsoft.com/office365security/defending-against-rules-and-forms-injection/", - "https://malware.news/t/using-outlook-forms-for-lateral-movement-and-persistence/13746", - "https://medium.com/@bwtech789/outlook-today-homepage-persistence-33ea9b505943", "https://docs.microsoft.com/en-us/office365/securitycompliance/detect-and-remediate-outlook-rules-forms-attack", - "https://github.com/sensepost/notruler" + "https://github.com/sensepost/notruler", + "https://github.com/sensepost/ruler", + "https://malware.news/t/using-outlook-forms-for-lateral-movement-and-persistence/13746", + "https://medium.com/@bwtech789/outlook-today-homepage-persistence-33ea9b505943" ] }, "uuid": "2c4d4e92-0ccf-4a97-b54c-86d662988a53", @@ -12980,14 +12980,14 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1173", - "https://www.bleepingcomputer.com/news/microsoft/microsoft-disables-dde-feature-in-word-to-prevent-further-malware-attacks/", + "https://blog.nviso.be/2017/10/11/detecting-dde-in-ms-office-documents/", "https://portal.msrc.microsoft.com/security-guidance/advisory/ADV170021", - "https://technet.microsoft.com/library/security/4053440", - "https://sensepost.com/blog/2016/powershell-c-sharp-and-dde-the-power-within/", - "https://www.contextis.com/blog/comma-separated-vulnerabilities", "https://posts.specterops.io/reviving-dde-using-onenote-and-excel-for-code-execution-d7226864caee", + "https://sensepost.com/blog/2016/powershell-c-sharp-and-dde-the-power-within/", "https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/", - "https://blog.nviso.be/2017/10/11/detecting-dde-in-ms-office-documents/" + "https://technet.microsoft.com/library/security/4053440", + "https://www.bleepingcomputer.com/news/microsoft/microsoft-disables-dde-feature-in-word-to-prevent-further-malware-attacks/", + "https://www.contextis.com/blog/comma-separated-vulnerabilities" ] }, "related": [ @@ -13029,11 +13029,11 @@ "iOS" ], "refs": [ - "https://attack.mitre.org/techniques/T1414", - "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-35.html", "http://saschafahl.de/static/paper/pwmanagers2013.pdf", + "https://attack.mitre.org/techniques/T1414", + "https://developer.android.com/about/versions/10/privacy/changes#clipboard-data", "https://github.com/grepx/android-clipboard-security", - "https://developer.android.com/about/versions/10/privacy/changes#clipboard-data" + "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-35.html" ] }, "uuid": "c4b96c0b-cb58-497a-a1c2-bb447d79d692", @@ -13051,15 +13051,15 @@ "iOS" ], "refs": [ - "https://attack.mitre.org/techniques/T1451", - "https://pages.nist.gov/mobile-threat-catalogue/stack-threats/STA-22.html", - "http://www.dos.ny.gov/consumerprotection/scams/att-sim.html", - "https://motherboard.vice.com/en_us/article/3ky5a5/criminals-recruit-telecom-employees-sim-swapping-port-out-scam", "http://betanews.com/2016/02/12/everything-you-need-to-know-about-sim-swap-scams/", - "https://www.theguardian.com/money/2016/apr/16/sim-swap-fraud-mobile-banking-fraudsters", - "https://motherboard.vice.com/en_us/article/vbqax3/hackers-sim-swapping-steal-phone-numbers-instagram-bitcoin", + "http://www.dos.ny.gov/consumerprotection/scams/att-sim.html", + "https://attack.mitre.org/techniques/T1451", "https://krebsonsecurity.com/2018/05/t-mobile-employee-made-unauthorized-sim-swap-to-steal-instagram-account/", - "https://techcrunch.com/2017/08/23/i-was-hacked/" + "https://motherboard.vice.com/en_us/article/3ky5a5/criminals-recruit-telecom-employees-sim-swapping-port-out-scam", + "https://motherboard.vice.com/en_us/article/vbqax3/hackers-sim-swapping-steal-phone-numbers-instagram-bitcoin", + "https://pages.nist.gov/mobile-threat-catalogue/stack-threats/STA-22.html", + "https://techcrunch.com/2017/08/23/i-was-hacked/", + "https://www.theguardian.com/money/2016/apr/16/sim-swap-fraud-mobile-banking-fraudsters" ] }, "uuid": "a64a820a-cb21-471f-920c-506a2ff04fa5", @@ -13070,11 +13070,11 @@ "meta": { "external_id": "AUT-10", "refs": [ + "http://www.dhanjani.com/blog/2010/11/insecure-handling-of-url-schemes-in-apples-ios.html", "https://attack.mitre.org/techniques/T1415", "https://pages.nist.gov/mobile-threat-catalogue/authentication-threats/AUT-10.html", - "https://www.fireeye.com/blog/threat-research/2015/02/ios_masque_attackre.html", - "http://www.dhanjani.com/blog/2010/11/insecure-handling-of-url-schemes-in-apples-ios.html", "https://tools.ietf.org/html/rfc7636", + "https://www.fireeye.com/blog/threat-research/2015/02/ios_masque_attackre.html", "https://www.mobileiron.com/en/smartwork-blog/ios-url-scheme-hijacking-xara-attack-analysis-and-countermeasures" ] }, @@ -13119,9 +13119,9 @@ ], "mitre_data_sources": [ "Command: Command Execution", - "Process: Process Creation", + "Instance: Instance Metadata", "Process: OS API Execution", - "Instance: Instance Metadata" + "Process: Process Creation" ], "mitre_platforms": [ "Windows", @@ -13130,13 +13130,13 @@ "IaaS" ], "refs": [ - "https://attack.mitre.org/techniques/T1614", "https://assets.documentcloud.org/documents/20413525/fbi-flash-indicators-of-compromise-ragnar-locker-ransomware-11192020-bc.pdf", - "https://news.sophos.com/en-us/2016/05/03/location-based-ransomware-threat-research/", - "https://www.bleepingcomputer.com/news/security/new-rat-malware-gets-commands-via-discord-has-ransomware-feature/", + "https://attack.mitre.org/techniques/T1614", "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html", "https://docs.microsoft.com/en-us/azure/virtual-machines/windows/instance-metadata-service?tabs=windows", - "https://securelist.com/transparent-tribe-part-1/98127/" + "https://news.sophos.com/en-us/2016/05/03/location-based-ransomware-threat-research/", + "https://securelist.com/transparent-tribe-part-1/98127/", + "https://www.bleepingcomputer.com/news/security/new-rat-malware-gets-commands-via-discord-has-ransomware-feature/" ] }, "uuid": "c877e33f-1df6-40d6-b1e7-ce70f16f4979", @@ -13154,8 +13154,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1174", "http://carnal0wnage.attackresearch.com/2013/09/stealing-passwords-every-time-they.html", + "https://attack.mitre.org/techniques/T1174", "https://clymb3r.wordpress.com/2013/09/15/intercepting-password-changes-with-function-hooking/" ] }, @@ -13223,18 +13223,18 @@ ], "mitre_data_sources": [ "Active Directory: Active Directory Object Access", - "Process: Process Creation", + "Command: Command Execution", "Network Traffic: Network Traffic Content", - "Script: Script Execution", - "Command: Command Execution" + "Process: Process Creation", + "Script: Script Execution" ], "mitre_platforms": [ "Windows" ], "refs": [ + "https://adsecurity.org/?p=2716", "https://attack.mitre.org/techniques/T1615", "https://blogs.technet.microsoft.com/musings_of_a_technical_tam/2012/02/13/group-policy-basics-part-1-understanding-the-structure-of-a-group-policy-object/", - "https://adsecurity.org/?p=2716", "https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/gpresult", "https://github.com/EmpireProject/Empire" ] @@ -13279,9 +13279,9 @@ "mitre-attack:collection" ], "mitre_data_sources": [ - "Process: Process Modification", "Logon Session: Logon Session Creation", - "Process: Process Access" + "Process: Process Access", + "Process: Process Modification" ], "mitre_platforms": [ "Windows" @@ -13289,9 +13289,9 @@ "refs": [ "https://attack.mitre.org/techniques/T1185", "https://en.wikipedia.org/wiki/Man-in-the-browser", + "https://web.archive.org/web/20210825130434/https://cobaltstrike.com/downloads/csmanual38.pdf", "https://www.cobaltstrike.com/help-browser-pivoting", - "https://www.icebrg.io/blog/malicious-chrome-extensions-enable-criminals-to-impact-over-half-a-million-users-and-global-businesses", - "https://web.archive.org/web/20210825130434/https://cobaltstrike.com/downloads/csmanual38.pdf" + "https://www.icebrg.io/blog/malicious-chrome-extensions-enable-criminals-to-impact-over-half-a-million-users-and-global-businesses" ] }, "uuid": "544b0346-29ad-41e1-a808-501bb4193f47", @@ -13313,15 +13313,15 @@ "refs": [ "https://attack.mitre.org/techniques/T1195", "https://blog.avast.com/new-investigations-in-ccleaner-incident-point-to-a-possible-third-stage-that-had-keylogger-capacities", - "https://www.commandfive.com/papers/C5_APT_SKHack.pdf", - "https://www-01.ibm.com/support/docview.wss?uid=ssg1S1010146&myns=s028&mynp=OCSTHGUJ&mynp=OCSTLM5A&mynp=OCSTLM6B&mynp=OCHW206&mync=E&cm_sp=s028-_-OCSTHGUJ-OCSTLM5A-OCSTLM6B-OCHW206-_-E", - "https://web.archive.org/web/20190717233006/http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-elderwood-project.pdf", - "https://www.se.com/ww/en/download/document/SESN-2018-236-01/", - "https://www.trendmicro.com/vinfo/dk/security/news/cybercrime-and-digital-threats/hacker-infects-node-js-package-to-steal-from-bitcoin-wallets", - "https://cloudblogs.microsoft.com/microsoftsecure/2018/03/07/behavior-monitoring-combined-with-machine-learning-spoils-a-massive-dofoil-coin-mining-campaign/", "https://capec.mitre.org/data/definitions/437.html", "https://capec.mitre.org/data/definitions/438.html", - "https://capec.mitre.org/data/definitions/439.html" + "https://capec.mitre.org/data/definitions/439.html", + "https://cloudblogs.microsoft.com/microsoftsecure/2018/03/07/behavior-monitoring-combined-with-machine-learning-spoils-a-massive-dofoil-coin-mining-campaign/", + "https://web.archive.org/web/20190717233006/http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-elderwood-project.pdf", + "https://www-01.ibm.com/support/docview.wss?uid=ssg1S1010146&myns=s028&mynp=OCSTHGUJ&mynp=OCSTLM5A&mynp=OCSTLM6B&mynp=OCHW206&mync=E&cm_sp=s028-_-OCSTHGUJ-OCSTLM5A-OCSTLM6B-OCHW206-_-E", + "https://www.commandfive.com/papers/C5_APT_SKHack.pdf", + "https://www.se.com/ww/en/download/document/SESN-2018-236-01/", + "https://www.trendmicro.com/vinfo/dk/security/news/cybercrime-and-digital-threats/hacker-infects-node-js-package-to-steal-from-bitcoin-wallets" ] }, "uuid": "3f18edba-28f4-4bb9-82c3-8aa60dcac5f7", @@ -13341,8 +13341,8 @@ "macOS" ], "refs": [ - "https://attack.mitre.org/techniques/T1166", "http://man7.org/linux/man-pages/man2/setuid.2.html", + "https://attack.mitre.org/techniques/T1166", "https://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials/" ] }, @@ -13372,13 +13372,13 @@ "macOS" ], "refs": [ - "https://attack.mitre.org/techniques/T1168", - "https://linux.die.net/man/5/crontab", - "https://linux.die.net/man/1/at", - "https://developer.apple.com/library/content/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/ScheduledJobs.html", "http://www.thesafemac.com/new-signed-malware-called-janicab/", - "https://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-Wardle.pdf", - "https://blog.avast.com/2015/01/06/linux-ddos-trojan-hiding-itself-with-an-embedded-rootkit/" + "https://attack.mitre.org/techniques/T1168", + "https://blog.avast.com/2015/01/06/linux-ddos-trojan-hiding-itself-with-an-embedded-rootkit/", + "https://developer.apple.com/library/content/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/ScheduledJobs.html", + "https://linux.die.net/man/1/at", + "https://linux.die.net/man/5/crontab", + "https://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-Wardle.pdf" ] }, "related": [ @@ -13407,10 +13407,10 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1196", - "https://msdn.microsoft.com/library/windows/desktop/cc144185.aspx", - "https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-cpl-malware.pdf", "https://blog.trendmicro.com/trendlabs-security-intelligence/control-panel-files-used-as-malicious-attachments/", - "https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties-to-sunorcal-discovered/" + "https://msdn.microsoft.com/library/windows/desktop/cc144185.aspx", + "https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties-to-sunorcal-discovered/", + "https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-cpl-malware.pdf" ] }, "related": [ @@ -13454,8 +13454,8 @@ "refs": [ "https://attack.mitre.org/techniques/T1223", "https://docs.microsoft.com/previous-versions/windows/desktop/htmlhelp/microsoft-html-help-1-4-sdk", - "https://msdn.microsoft.com/windows/desktop/ms644670", "https://msdn.microsoft.com/windows/desktop/ms524405", + "https://msdn.microsoft.com/windows/desktop/ms644670", "https://msitpros.com/?p=3909", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8625" ] @@ -13643,13 +13643,13 @@ "iOS" ], "refs": [ + "http://researchcenter.paloaltonetworks.com/2016/02/pirated-ios-app-stores-client-successfully-evaded-apple-ios-code-review/", "https://attack.mitre.org/techniques/T1523", "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html", - "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html", - "http://researchcenter.paloaltonetworks.com/2016/02/pirated-ios-app-stores-client-successfully-evaded-apple-ios-code-review/", - "https://www.cyberscoop.com/android-malware-motion-detection-trend-micro/", "https://github.com/strazzere/anti-emulator", - "https://news.sophos.com/en-us/2017/04/13/android-malware-anti-emulation-techniques/" + "https://news.sophos.com/en-us/2017/04/13/android-malware-anti-emulation-techniques/", + "https://www.cyberscoop.com/android-malware-motion-detection-trend-micro/", + "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html" ] }, "uuid": "786f488c-cb1f-4602-89c5-86d982ee326b", @@ -13797,9 +13797,9 @@ "iOS" ], "refs": [ + "http://stackoverflow.com/questions/7848766/how-can-we-programmatically-detect-which-ios-version-is-device-running-on", "https://attack.mitre.org/techniques/T1426", - "https://developer.android.com/reference/android/os/Build", - "http://stackoverflow.com/questions/7848766/how-can-we-programmatically-detect-which-ios-version-is-device-running-on" + "https://developer.android.com/reference/android/os/Build" ] }, "uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", @@ -13843,21 +13843,21 @@ "mitre-attack:discovery" ], "mitre_data_sources": [ - "Process: OS API Execution", - "Script: Script Execution", "Command: Command Execution", - "Process: Process Creation" + "Process: OS API Execution", + "Process: Process Creation", + "Script: Script Execution" ], "mitre_platforms": [ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1482", - "https://www.microsoft.com/security/blog/2017/05/04/windows-defender-atp-thwarts-operation-wilysupply-software-supply-chain-cyberattack/", "https://adsecurity.org/?p=1588", - "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc759554(v=ws.10)", + "https://attack.mitre.org/techniques/T1482", "https://docs.microsoft.com/en-us/dotnet/api/system.directoryservices.activedirectory.domain.getalltrustrelationships?redirectedfrom=MSDN&view=netframework-4.7.2#System_DirectoryServices_ActiveDirectory_Domain_GetAllTrustRelationships", - "https://posts.specterops.io/a-guide-to-attacking-domain-trusts-971e52cb2944" + "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc759554(v=ws.10)", + "https://posts.specterops.io/a-guide-to-attacking-domain-trusts-971e52cb2944", + "https://www.microsoft.com/security/blog/2017/05/04/windows-defender-atp-thwarts-operation-wilysupply-software-supply-chain-cyberattack/" ] }, "uuid": "767dbf9e-df3f-45cb-8998-4903ab5f80c0", @@ -13895,14 +13895,14 @@ }, "related": [ { - "dest-uuid": "af358cad-eb71-4e91-a752-236edc237dae", + "dest-uuid": "a757670d-d600-48d9-8ae9-601d42c184a5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "related-to" }, { - "dest-uuid": "a757670d-d600-48d9-8ae9-601d42c184a5", + "dest-uuid": "af358cad-eb71-4e91-a752-236edc237dae", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -13951,9 +13951,9 @@ "mitre-attack:persistence" ], "mitre_data_sources": [ - "Image: Image Modification", "Image: Image Creation", - "Image: Image Metadata" + "Image: Image Metadata", + "Image: Image Modification" ], "mitre_platforms": [ "IaaS", @@ -13961,8 +13961,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1525", - "https://rhinosecuritylabs.com/aws/cloud-container-attack-tool/", - "https://github.com/RhinoSecurityLabs/ccat" + "https://github.com/RhinoSecurityLabs/ccat", + "https://rhinosecuritylabs.com/aws/cloud-container-attack-tool/" ] }, "uuid": "4fd8a28b-4b3a-4cd6-a8cf-85ba5f824a7f", @@ -13988,8 +13988,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1526", - "https://docs.microsoft.com/en-us/rest/api/resources/", "https://docs.microsoft.com/en-us/previous-versions/azure/ad/graph/howto/azure-ad-graph-api-operations-overview", + "https://docs.microsoft.com/en-us/rest/api/resources/", "https://github.com/Azure/Stormspotter", "https://github.com/RhinoSecurityLabs/pacu" ] @@ -14087,14 +14087,14 @@ }, "related": [ { - "dest-uuid": "78e41091-d10d-4001-b202-89612892b6ff", + "dest-uuid": "59369f72-3005-4e54-9095-3d00efcece73", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "related-to" }, { - "dest-uuid": "59369f72-3005-4e54-9095-3d00efcece73", + "dest-uuid": "78e41091-d10d-4001-b202-89612892b6ff", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -14117,14 +14117,14 @@ }, "related": [ { - "dest-uuid": "a757670d-d600-48d9-8ae9-601d42c184a5", + "dest-uuid": "74a3288e-eee9-4f8e-973a-fbc128e033f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "related-to" }, { - "dest-uuid": "74a3288e-eee9-4f8e-973a-fbc128e033f1", + "dest-uuid": "a757670d-d600-48d9-8ae9-601d42c184a5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -14175,14 +14175,14 @@ }, "related": [ { - "dest-uuid": "af358cad-eb71-4e91-a752-236edc237dae", + "dest-uuid": "74a3288e-eee9-4f8e-973a-fbc128e033f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "related-to" }, { - "dest-uuid": "74a3288e-eee9-4f8e-973a-fbc128e033f1", + "dest-uuid": "af358cad-eb71-4e91-a752-236edc237dae", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -14261,8 +14261,8 @@ "refs": [ "https://attack.mitre.org/techniques/T1453", "https://www.skycure.com/blog/accessibility-clickjacking/", - "https://www.welivesecurity.com/2018/12/11/android-trojan-steals-money-paypal-accounts-2fa/", - "https://www.welivesecurity.com/2018/10/24/banking-trojans-continue-surface-google-play/" + "https://www.welivesecurity.com/2018/10/24/banking-trojans-continue-surface-google-play/", + "https://www.welivesecurity.com/2018/12/11/android-trojan-steals-money-paypal-accounts-2fa/" ] }, "uuid": "2204c371-6100-4ae0-82f3-25c07c29772a", @@ -14354,17 +14354,17 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1483", + "http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html", + "http://csis.pace.edu/~ctappert/srd2017/2017PDF/d4.pdf", "http://go.cybereason.com/rs/996-YZT-709/images/Cybereason-Lab-Analysis-Dissecting-DGAs-Eight-Real-World-DGA-Variants.pdf", + "https://arxiv.org/pdf/1611.00791.pdf", + "https://attack.mitre.org/techniques/T1483", + "https://blogs.akamai.com/2018/01/a-death-match-of-domain-generation-algorithms.html", + "https://datadrivensecurity.info/blog/posts/2014/Oct/dga-part2/", "https://umbrella.cisco.com/blog/2016/10/10/domain-generation-algorithms-effective/", "https://unit42.paloaltonetworks.com/threat-brief-understanding-domain-generation-algorithms-dga/", - "http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html", - "https://blogs.akamai.com/2018/01/a-death-match-of-domain-generation-algorithms.html", "https://www.fireeye.com/blog/threat-research/2017/03/dissecting_one_ofap.html", - "https://www.welivesecurity.com/2017/12/21/sednit-update-fancy-bear-spent-year/", - "https://datadrivensecurity.info/blog/posts/2014/Oct/dga-part2/", - "http://csis.pace.edu/~ctappert/srd2017/2017PDF/d4.pdf", - "https://arxiv.org/pdf/1611.00791.pdf" + "https://www.welivesecurity.com/2017/12/21/sednit-update-fancy-bear-spent-year/" ] }, "related": [ @@ -14438,13 +14438,13 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "File: File Modification", - "Windows Registry: Windows Registry Key Creation", "Command: Command Execution", - "Windows Registry: Windows Registry Key Modification", + "File: File Metadata", + "File: File Modification", "Module: Module Load", "Process: Process Creation", - "File: File Metadata" + "Windows Registry: Windows Registry Key Creation", + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Windows", @@ -14452,11 +14452,11 @@ "Linux" ], "refs": [ - "https://attack.mitre.org/techniques/T1553", - "https://specterops.io/assets/resources/SpecterOps_Subverting_Trust_in_Windows.pdf", - "https://securelist.com/why-you-shouldnt-completely-trust-files-signed-with-digital-certificates/68593/", "http://www.symantec.com/connect/blogs/how-attackers-steal-private-keys-digital-certificates", - "https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec" + "https://attack.mitre.org/techniques/T1553", + "https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec", + "https://securelist.com/why-you-shouldnt-completely-trust-files-signed-with-digital-certificates/68593/", + "https://specterops.io/assets/resources/SpecterOps_Subverting_Trust_in_Windows.pdf" ] }, "uuid": "b83e166d-13d7-4b52-8677-dff90c548fd7", @@ -14475,8 +14475,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1536", - "https://www.techrepublic.com/blog/the-enterprise-cloud/backing-up-and-restoring-snapshots-on-amazon-ec2-machines/", - "https://cloud.google.com/compute/docs/disks/restore-and-delete-snapshots" + "https://cloud.google.com/compute/docs/disks/restore-and-delete-snapshots", + "https://www.techrepublic.com/blog/the-enterprise-cloud/backing-up-and-restoring-snapshots-on-amazon-ec2-machines/" ] }, "related": [ @@ -14513,8 +14513,8 @@ "mitre-attack:discovery" ], "mitre_data_sources": [ - "User Account: User Account Authentication", - "Logon Session: Logon Session Creation" + "Logon Session: Logon Session Creation", + "User Account: User Account Authentication" ], "mitre_platforms": [ "Azure AD", @@ -14603,8 +14603,8 @@ "refs": [ "https://attack.mitre.org/techniques/T1474", "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-6.html", - "https://www.nowsecure.com/blog/2015/06/15/a-pattern-for-remote-code-execution-using-arbitrary-file-writes-and-multidex-applications/", - "https://www.csc2.ncsu.edu/faculty/xjiang4/pubs/WISEC12_ADRISK.pdf" + "https://www.csc2.ncsu.edu/faculty/xjiang4/pubs/WISEC12_ADRISK.pdf", + "https://www.nowsecure.com/blog/2015/06/15/a-pattern-for-remote-code-execution-using-arbitrary-file-writes-and-multidex-applications/" ] }, "uuid": "0d95940f-9583-4e0f-824c-a42c1be47fad", @@ -14659,24 +14659,24 @@ "mitre_data_sources": [ "Active Directory: Active Directory Object Creation", "Active Directory: Active Directory Object Deletion", - "Command: Command Execution", - "Active Directory: Active Directory Object Modification" + "Active Directory: Active Directory Object Modification", + "Command: Command Execution" ], "mitre_platforms": [ "Windows", "Azure AD" ], "refs": [ - "https://attack.mitre.org/techniques/T1484", - "https://adsecurity.org/?p=2716", - "https://wald0.com/?p=179", "http://www.harmj0y.net/blog/redteaming/abusing-gpo-permissions/", - "https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/", + "https://adsecurity.org/?p=2716", + "https://attack.mitre.org/techniques/T1484", + "https://docs.microsoft.com/en-us/office365/troubleshoot/active-directory/update-federated-domain-office-365", "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AuditLogs/ADFSDomainTrustMods.yaml", - "https://www.microsoft.com/security/blog/2020/12/28/using-microsoft-365-defender-to-coordinate-protection-against-solorigate/", - "https://www.sygnia.co/golden-saml-advisory", + "https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/", "https://us-cert.cisa.gov/ncas/alerts/aa21-008a", - "https://docs.microsoft.com/en-us/office365/troubleshoot/active-directory/update-federated-domain-office-365" + "https://wald0.com/?p=179", + "https://www.microsoft.com/security/blog/2020/12/28/using-microsoft-365-defender-to-coordinate-protection-against-solorigate/", + "https://www.sygnia.co/golden-saml-advisory" ] }, "uuid": "ebb42bbe-62d7-47d7-a55f-3b08b61d792d", @@ -14742,14 +14742,14 @@ "mitre-attack:persistence" ], "mitre_data_sources": [ - "File: File Modification", "Command: Command Execution", - "Module: Module Load", - "WMI: WMI Creation", "File: File Creation", + "File: File Metadata", + "File: File Modification", + "Module: Module Load", "Process: Process Creation", - "Windows Registry: Windows Registry Key Modification", - "File: File Metadata" + "WMI: WMI Creation", + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Linux", @@ -14758,9 +14758,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1546", + "https://researchcenter.paloaltonetworks.com/2017/04/unit42-new-iotlinux-malware-targets-dvrs-forms-botnet/", "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-windows-management-instrumentation.pdf", - "https://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-Wardle.pdf", - "https://researchcenter.paloaltonetworks.com/2017/04/unit42-new-iotlinux-malware-targets-dvrs-forms-botnet/" + "https://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-Wardle.pdf" ] }, "uuid": "b6301b64-ef57-4cce-bb0b-77026f14a8db", @@ -14797,12 +14797,12 @@ ], "mitre_data_sources": [ "Command: Command Execution", - "Windows Registry: Windows Registry Key Modification", "File: File Creation", "File: File Modification", - "Process: Process Creation", "Module: Module Load", - "Service: Service Metadata" + "Process: Process Creation", + "Service: Service Metadata", + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Linux", @@ -14825,9 +14825,9 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ + "Command: Command Execution", "File: File Modification", "Process: Process Creation", - "Command: Command Execution", "Service: Service Creation" ], "mitre_platforms": [ @@ -14835,9 +14835,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1647", - "https://www.welivesecurity.com/wp-content/uploads/200x/white-papers/osx_flashback.pdf", "https://fileinfo.com/extension/plist", - "https://taomm.org/PDFs/vol1/CH%200x02%20Persistence.pdf" + "https://taomm.org/PDFs/vol1/CH%200x02%20Persistence.pdf", + "https://www.welivesecurity.com/wp-content/uploads/200x/white-papers/osx_flashback.pdf" ] }, "uuid": "7d20fff9-8751-404e-badd-ccd71bda0236", @@ -14857,12 +14857,12 @@ "Linux" ], "refs": [ - "https://attack.mitre.org/techniques/T1487", - "https://www.symantec.com/connect/blogs/shamoon-attacks", - "https://www.fireeye.com/blog/threat-research/2016/11/fireeye_respondsto.html", "http://researchcenter.paloaltonetworks.com/2016/11/unit42-shamoon-2-return-disttrack-wiper/", + "https://attack.mitre.org/techniques/T1487", "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07180722/Report_Shamoon_StoneDrill_final.pdf", - "https://unit42.paloaltonetworks.com/shamoon-3-targets-oil-gas-organization/" + "https://unit42.paloaltonetworks.com/shamoon-3-targets-oil-gas-organization/", + "https://www.fireeye.com/blog/threat-research/2016/11/fireeye_respondsto.html", + "https://www.symantec.com/connect/blogs/shamoon-attacks" ] }, "related": [ @@ -14892,9 +14892,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1488", - "https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf", "https://operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Destructive-Malware-Report.pdf", - "https://www.justice.gov/opa/press-release/file/1092091/download" + "https://www.justice.gov/opa/press-release/file/1092091/download", + "https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf" ] }, "related": [ @@ -14919,13 +14919,13 @@ "mitre-attack:persistence" ], "mitre_data_sources": [ - "Process: OS API Execution", - "Process: Process Access", - "Windows Registry: Windows Registry Key Modification", + "File: File Creation", "File: File Modification", "Logon Session: Logon Session Creation", "Module: Module Load", - "File: File Creation" + "Process: OS API Execution", + "Process: Process Access", + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Windows", @@ -14934,12 +14934,12 @@ "Network" ], "refs": [ + "https://adsecurity.org/?p=2053", "https://attack.mitre.org/techniques/T1556", "https://clymb3r.wordpress.com/2013/09/15/intercepting-password-changes-with-function-hooking/", - "https://www.secureworks.com/research/skeleton-key-malware-analysis", - "https://xorrior.com/persistent-credential-theft/", "https://technet.microsoft.com/en-us/library/dn487457.aspx", - "https://adsecurity.org/?p=2053" + "https://www.secureworks.com/research/skeleton-key-malware-analysis", + "https://xorrior.com/persistent-credential-theft/" ] }, "uuid": "f4c1826f-a322-41cd-9557-562100848c84", @@ -14975,8 +14975,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1577", - "https://www.guardsquare.com/en/blog/new-android-vulnerability-allows-attackers-modify-apps-without-affecting-their-signatures", - "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/" + "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/", + "https://www.guardsquare.com/en/blog/new-android-vulnerability-allows-attackers-modify-apps-without-affecting-their-signatures" ] }, "uuid": "d3bc5020-f6a2-41c0-8ccb-5e563101b60c", @@ -15010,8 +15010,8 @@ "mitre-attack:reconnaissance" ], "mitre_data_sources": [ - "Network Traffic: Network Traffic Content", "Application Log: Application Log Content", + "Network Traffic: Network Traffic Content", "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ @@ -15019,13 +15019,13 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1598", - "https://threatpost.com/facebook-launching-pad-phishing-attacks/160351/", - "https://www.trendmicro.com/en_us/research/20/i/tricky-forms-of-phishing.html", - "https://www.pcmag.com/news/hackers-try-to-phish-united-nations-staffers-with-fake-login-pages", - "https://nakedsecurity.sophos.com/2020/10/02/serious-security-phishing-without-links-when-phishers-bring-along-their-own-web-pages/", - "https://github.com/ryhanson/phishery", "https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-spoofing-protection?view=o365-worldwide", - "https://www.cyber.gov.au/sites/default/files/2019-03/spoof_email_sender_policy_framework.pdf" + "https://github.com/ryhanson/phishery", + "https://nakedsecurity.sophos.com/2020/10/02/serious-security-phishing-without-links-when-phishers-bring-along-their-own-web-pages/", + "https://threatpost.com/facebook-launching-pad-phishing-attacks/160351/", + "https://www.cyber.gov.au/sites/default/files/2019-03/spoof_email_sender_policy_framework.pdf", + "https://www.pcmag.com/news/hackers-try-to-phish-united-nations-staffers-with-fake-login-pages", + "https://www.trendmicro.com/en_us/research/20/i/tricky-forms-of-phishing.html" ] }, "uuid": "cca0ccb6-a068-4574-a722-b1556f86833a", @@ -15063,8 +15063,8 @@ "mitre-attack:privilege-escalation" ], "mitre_data_sources": [ - "Process: Process Creation", "Command: Command Execution", + "Process: Process Creation", "Scheduled Job: Scheduled Job Creation" ], "mitre_platforms": [ @@ -15072,9 +15072,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1053/001", - "https://www.linkedin.com/pulse/getting-attacker-ip-address-from-malicious-linux-job-craig-rowland/", "https://gtfobins.github.io/gtfobins/at/", - "https://kifarunix.com/scheduling-tasks-using-at-command-in-linux/" + "https://kifarunix.com/scheduling-tasks-using-at-command-in-linux/", + "https://www.linkedin.com/pulse/getting-attacker-ip-address-from-malicious-linux-job-craig-rowland/" ] }, "related": [ @@ -15097,19 +15097,19 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "File: File Metadata", - "File: File Creation" + "File: File Creation", + "File: File Metadata" ], "mitre_platforms": [ "Windows" ], "refs": [ "https://attack.mitre.org/techniques/T1553/005", + "https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-fscc/6e3f7352-d11c-4d76-8c39-2516a9df36e8", + "https://gist.github.com/wdormann/fca29e0dcda8b5c0472e73e10c78c3e7", "https://medium.com/swlh/investigating-the-use-of-vhd-files-by-cybercriminals-3f1f08304316", "https://outflank.nl/blog/2020/03/30/mark-of-the-web-from-a-red-teams-perspective/", - "https://www.intezer.com/blog/research/russian-apt-uses-covid-19-lures-to-deliver-zebrocy/", - "https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-fscc/6e3f7352-d11c-4d76-8c39-2516a9df36e8", - "https://gist.github.com/wdormann/fca29e0dcda8b5c0472e73e10c78c3e7" + "https://www.intezer.com/blog/research/russian-apt-uses-covid-19-lures-to-deliver-zebrocy/" ] }, "related": [ @@ -15138,8 +15138,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1036/002", - "https://resources.infosecinstitute.com/spoof-using-right-to-left-override-rtlo-technique-2/", "https://blog.trendmicro.com/trendlabs-security-intelligence/plead-targeted-attacks-against-taiwanese-government-agencies-2/", + "https://resources.infosecinstitute.com/spoof-using-right-to-left-override-rtlo-technique-2/", "https://securelist.com/zero-day-vulnerability-in-telegram/83800/" ] }, @@ -15202,8 +15202,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1102/003", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/techniques/T1102/003" ] }, "related": [ @@ -15229,10 +15229,10 @@ "PRE" ], "refs": [ - "https://attack.mitre.org/techniques/T1608/004", - "https://www.fireeye.com/blog/threat-research/2012/12/council-foreign-relations-water-hole-attack-details.html", "http://arstechnica.com/security/2015/08/newly-discovered-chinese-hacking-group-hacked-100-websites-to-use-as-watering-holes/", - "https://cybersecurity.att.com/blogs/labs-research/scanbox-a-reconnaissance-framework-used-on-watering-hole-attacks" + "https://attack.mitre.org/techniques/T1608/004", + "https://cybersecurity.att.com/blogs/labs-research/scanbox-a-reconnaissance-framework-used-on-watering-hole-attacks", + "https://www.fireeye.com/blog/threat-research/2012/12/council-foreign-relations-water-hole-attack-details.html" ] }, "related": [ @@ -15260,10 +15260,10 @@ "Windows" ], "refs": [ + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", "https://attack.mitre.org/techniques/T1132/002", "https://en.wikipedia.org/wiki/Binary-to-text_encoding", - "https://en.wikipedia.org/wiki/Character_encoding", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://en.wikipedia.org/wiki/Character_encoding" ] }, "related": [ @@ -15284,21 +15284,21 @@ "mitre-attack:privilege-escalation" ], "mitre_data_sources": [ - "User Account: User Account Metadata", "Active Directory: Active Directory Object Modification", - "Process: OS API Execution" + "Process: OS API Execution", + "User Account: User Account Metadata" ], "mitre_platforms": [ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1134/005", - "https://msdn.microsoft.com/library/windows/desktop/aa379571.aspx", - "https://msdn.microsoft.com/library/ms679833.aspx", - "https://support.microsoft.com/help/243330/well-known-security-identifiers-in-windows-operating-systems", - "https://technet.microsoft.com/library/ee617241.aspx", "https://adsecurity.org/?p=1772", - "https://msdn.microsoft.com/library/ms677982.aspx" + "https://attack.mitre.org/techniques/T1134/005", + "https://msdn.microsoft.com/library/ms677982.aspx", + "https://msdn.microsoft.com/library/ms679833.aspx", + "https://msdn.microsoft.com/library/windows/desktop/aa379571.aspx", + "https://support.microsoft.com/help/243330/well-known-security-identifiers-in-windows-operating-systems", + "https://technet.microsoft.com/library/ee617241.aspx" ] }, "related": [ @@ -15320,10 +15320,10 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "Process: Process Creation", - "Module: Module Load", "File: File Creation", - "File: File Modification" + "File: File Modification", + "Module: Module Load", + "Process: Process Creation" ], "mitre_platforms": [ "Windows" @@ -15357,14 +15357,14 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1558/004", "http://www.harmj0y.net/blog/activedirectory/roasting-as-reps/", - "https://social.technet.microsoft.com/wiki/contents/articles/23559.kerberos-pre-authentication-why-it-should-not-be-disabled.aspx", - "https://blog.stealthbits.com/cracking-active-directory-passwords-with-as-rep-roasting/", - "https://redsiege.com/kerberoast-slides", "https://adsecurity.org/?p=2293", + "https://attack.mitre.org/techniques/T1558/004", + "https://blog.stealthbits.com/cracking-active-directory-passwords-with-as-rep-roasting/", "https://blogs.technet.microsoft.com/motiba/2018/02/23/detecting-kerberoasting-activity-using-azure-security-center/", - "https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4768" + "https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4768", + "https://redsiege.com/kerberoast-slides", + "https://social.technet.microsoft.com/wiki/contents/articles/23559.kerberos-pre-authentication-why-it-should-not-be-disabled.aspx" ] }, "related": [ @@ -15394,8 +15394,8 @@ "refs": [ "https://attack.mitre.org/techniques/T1547/007", "https://support.apple.com/en-us/HT204005", - "https://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-Wardle.pdf", - "https://taomm.org/PDFs/vol1/CH%200x02%20Persistence.pdf" + "https://taomm.org/PDFs/vol1/CH%200x02%20Persistence.pdf", + "https://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-Wardle.pdf" ] }, "related": [ @@ -15429,8 +15429,8 @@ "mitre-attack:command-and-control" ], "mitre_data_sources": [ - "Network Traffic: Network Traffic Flow", - "Network Traffic: Network Connection Creation" + "Network Traffic: Network Connection Creation", + "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ "Linux", @@ -15529,8 +15529,8 @@ ], "mitre_data_sources": [ "Network Traffic: Network Connection Creation", - "Network Traffic: Network Traffic Flow", - "Network Traffic: Network Traffic Content" + "Network Traffic: Network Traffic Content", + "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ "Linux", @@ -15538,10 +15538,10 @@ "Windows" ], "refs": [ + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", "https://attack.mitre.org/techniques/T1571", - "https://www.symantec.com/blogs/threat-intelligence/elfin-apt33-espionage", "https://www.fortinet.com/blog/threat-research/analysis-of-new-agent-tesla-spyware-variant.html", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://www.symantec.com/blogs/threat-intelligence/elfin-apt33-espionage" ] }, "uuid": "b18eae87-b469-4e14-b454-b171b416bc18", @@ -15559,13 +15559,13 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1178", - "https://msdn.microsoft.com/library/windows/desktop/aa379571.aspx", - "https://msdn.microsoft.com/library/ms679833.aspx", - "https://support.microsoft.com/help/243330/well-known-security-identifiers-in-windows-operating-systems", - "https://technet.microsoft.com/library/ee617241.aspx", "https://adsecurity.org/?p=1772", - "https://msdn.microsoft.com/library/ms677982.aspx" + "https://attack.mitre.org/techniques/T1178", + "https://msdn.microsoft.com/library/ms677982.aspx", + "https://msdn.microsoft.com/library/ms679833.aspx", + "https://msdn.microsoft.com/library/windows/desktop/aa379571.aspx", + "https://support.microsoft.com/help/243330/well-known-security-identifiers-in-windows-operating-systems", + "https://technet.microsoft.com/library/ee617241.aspx" ] }, "related": [ @@ -15617,11 +15617,11 @@ "mitre-attack:initial-access" ], "mitre_data_sources": [ - "Process: Process Creation", "Application Log: Application Log Content", "File: File Creation", + "Network Traffic: Network Connection Creation", "Network Traffic: Network Traffic Content", - "Network Traffic: Network Connection Creation" + "Process: Process Creation" ], "mitre_platforms": [ "Windows", @@ -15630,8 +15630,8 @@ "SaaS" ], "refs": [ - "https://attack.mitre.org/techniques/T1189", "http://blog.shadowserver.org/2012/05/15/cyber-espionage-strategic-web-compromises-trusted-websites-serving-dangerous-results/", + "https://attack.mitre.org/techniques/T1189", "https://www.volexity.com/blog/2017/11/06/oceanlotus-blossoms-mass-digital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society/" ] }, @@ -15647,12 +15647,12 @@ "mitre-attack:persistence" ], "mitre_data_sources": [ - "Driver: Driver Metadata", - "Process: OS API Execution", + "Command: Command Execution", "Drive: Drive Modification", + "Driver: Driver Metadata", "Firmware: Firmware Modification", "Network Traffic: Network Connection Creation", - "Command: Command Execution" + "Process: OS API Execution" ], "mitre_platforms": [ "Linux", @@ -15662,8 +15662,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1542", - "https://www.itworld.com/article/2853992/3-tools-to-check-your-hard-drives-health-and-make-sure-its-not-already-dying-on-you.html", - "https://en.wikipedia.org/wiki/Booting" + "https://en.wikipedia.org/wiki/Booting", + "https://www.itworld.com/article/2853992/3-tools-to-check-your-hard-drives-health-and-make-sure-its-not-already-dying-on-you.html" ] }, "uuid": "7f0ca133-88c4-40c6-a62f-b3083a7fbc2e", @@ -15682,8 +15682,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1456", - "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-22.html", - "https://blog.zimperium.com/experts-found-a-unicorn-in-the-heart-of-android/" + "https://blog.zimperium.com/experts-found-a-unicorn-in-the-heart-of-android/", + "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-22.html" ] }, "uuid": "fd339382-bfec-4bf0-8d47-1caedc9e7e57", @@ -15697,10 +15697,10 @@ "mitre-attack:execution" ], "mitre_data_sources": [ - "Process: Process Creation", "Module: Module Load", - "Script: Script Execution", - "Process: Process Access" + "Process: Process Access", + "Process: Process Creation", + "Script: Script Execution" ], "mitre_platforms": [ "Windows", @@ -15709,8 +15709,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1559", - "https://www.geeksforgeeks.org/inter-process-communication-ipc/#:~:text=Inter%2Dprocess%20communication%20(IPC),of%20co%2Doperation%20between%20them.", - "https://www.fireeye.com/blog/threat-research/2019/06/hunting-com-objects.html" + "https://www.fireeye.com/blog/threat-research/2019/06/hunting-com-objects.html", + "https://www.geeksforgeeks.org/inter-process-communication-ipc/#:~:text=Inter%2Dprocess%20communication%20(IPC),of%20co%2Doperation%20between%20them." ] }, "uuid": "acd0ba37-7ba9-4cc5-ac61-796586cd856d", @@ -15787,8 +15787,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1001/001", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/techniques/T1001/001" ] }, "related": [ @@ -15808,19 +15808,19 @@ "mitre-attack:exfiltration" ], "mitre_data_sources": [ - "Network Traffic: Network Traffic Flow", - "Network Traffic: Network Connection Creation" + "Network Traffic: Network Connection Creation", + "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ "Network" ], "refs": [ "https://attack.mitre.org/techniques/T1020/001", + "https://capec.mitre.org/data/definitions/117.html", + "https://community.cisco.com/t5/security-blogs/attackers-continue-to-target-legacy-devices/ba-p/4169954", "https://www.cisco.com/c/en/us/td/docs/routers/crs/software/crs_r5-1/interfaces/configuration/guide/hc51xcrsbook/hc51span.html", "https://www.juniper.net/documentation/en_US/junos/topics/concept/port-mirroring-ex-series.html", - "https://community.cisco.com/t5/security-blogs/attackers-continue-to-target-legacy-devices/ba-p/4169954", - "https://www.us-cert.gov/ncas/alerts/TA18-106A", - "https://capec.mitre.org/data/definitions/117.html" + "https://www.us-cert.gov/ncas/alerts/TA18-106A" ] }, "related": [ @@ -15840,22 +15840,22 @@ "mitre-attack:credential-access" ], "mitre_data_sources": [ + "Command: Command Execution", "Process: OS API Execution", "Process: Process Access", - "Process: Process Creation", - "Command: Command Execution" + "Process: Process Creation" ], "mitre_platforms": [ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1003/001", - "https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/", - "https://symantec.broadcom.com/hubfs/Attacks-Against-Government-Sector.pdf", "http://docplayer.net/20839173-Analysis-of-malicious-security-support-provider-dlls.html", + "https://attack.mitre.org/techniques/T1003/001", "https://blogs.technet.microsoft.com/askpfeplat/2016/04/18/the-importance-of-kb2871997-and-kb2928120-for-credential-protection/", + "https://github.com/mattifestation/PowerSploit", "https://medium.com/threatpunter/detecting-attempts-to-steal-passwords-from-memory-558f16dce4ea", - "https://github.com/mattifestation/PowerSploit" + "https://symantec.broadcom.com/hubfs/Attacks-Against-Government-Sector.pdf", + "https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/" ] }, "related": [ @@ -15883,8 +15883,8 @@ "macOS" ], "refs": [ - "https://attack.mitre.org/techniques/T1001/003", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/techniques/T1001/003" ] }, "related": [ @@ -15914,9 +15914,9 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1090/001", "http://blog.trendmicro.com/trendlabs-security-intelligence/in-depth-look-apt-attack-tools-of-the-trade/", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/techniques/T1090/001" ] }, "related": [ @@ -15936,9 +15936,9 @@ "mitre-attack:command-and-control" ], "mitre_data_sources": [ - "Network Traffic: Network Traffic Flow", + "Network Traffic: Network Connection Creation", "Network Traffic: Network Traffic Content", - "Network Traffic: Network Connection Creation" + "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ "Linux", @@ -15946,9 +15946,9 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1090/002", "http://blog.trendmicro.com/trendlabs-security-intelligence/in-depth-look-apt-attack-tools-of-the-trade/", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/techniques/T1090/002" ] }, "related": [ @@ -15968,19 +15968,19 @@ "mitre-attack:credential-access" ], "mitre_data_sources": [ - "Windows Registry: Windows Registry Key Access", - "Command: Command Execution" + "Command: Command Execution", + "Windows Registry: Windows Registry Key Access" ], "mitre_platforms": [ "Windows" ], "refs": [ "https://attack.mitre.org/techniques/T1003/004", - "https://www.passcape.com/index.php?section=docsys&cmd=details&id=23", "https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material?redirectedfrom=MSDN", - "https://www.first.org/resources/papers/conf2017/Windows-Credentials-Attacks-and-Mitigation-Techniques.pdf", + "https://github.com/mattifestation/PowerSploit", "https://ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsa-secrets", - "https://github.com/mattifestation/PowerSploit" + "https://www.first.org/resources/papers/conf2017/Windows-Credentials-Attacks-and-Mitigation-Techniques.pdf", + "https://www.passcape.com/index.php?section=docsys&cmd=details&id=23" ] }, "related": [ @@ -16066,9 +16066,9 @@ "Windows" ], "refs": [ + "http://www.icir.org/vern/papers/meek-PETS-2015.pdf", "https://attack.mitre.org/techniques/T1090/004", - "https://capec.mitre.org/data/definitions/481.html", - "http://www.icir.org/vern/papers/meek-PETS-2015.pdf" + "https://capec.mitre.org/data/definitions/481.html" ] }, "related": [ @@ -16105,10 +16105,10 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1110/001", - "https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/emotet-now-spreads-via-wi-fi", + "https://capec.mitre.org/data/definitions/49.html", "https://web.archive.org/web/20200302085133/https://www.cylance.com/content/dam/cylance/pages/operation-cleaver/Cylance_Operation_Cleaver_Report.pdf", - "https://www.us-cert.gov/ncas/alerts/TA18-086A", - "https://capec.mitre.org/data/definitions/49.html" + "https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/emotet-now-spreads-via-wi-fi", + "https://www.us-cert.gov/ncas/alerts/TA18-086A" ] }, "related": [ @@ -16128,8 +16128,8 @@ "mitre-attack:credential-access" ], "mitre_data_sources": [ - "User Account: User Account Authentication", - "Application Log: Application Log Content" + "Application Log: Application Log Content", + "User Account: User Account Authentication" ], "mitre_platforms": [ "Linux", @@ -16141,9 +16141,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1110/002", - "https://www.us-cert.gov/ncas/alerts/TA18-106A", + "https://capec.mitre.org/data/definitions/55.html", "https://en.wikipedia.org/wiki/Password_cracking", - "https://capec.mitre.org/data/definitions/55.html" + "https://www.us-cert.gov/ncas/alerts/TA18-106A" ] }, "related": [ @@ -16178,11 +16178,11 @@ "Containers" ], "refs": [ + "http://www.blackhillsinfosec.com/?p=4645", "https://attack.mitre.org/techniques/T1110/003", "https://capec.mitre.org/data/definitions/565.html", - "http://www.blackhillsinfosec.com/?p=4645", - "https://www.us-cert.gov/ncas/alerts/TA18-086A", - "https://www.trimarcsecurity.com/single-post/2018/05/06/Trimarc-Research-Detecting-Password-Spraying-with-Security-Event-Auditing" + "https://www.trimarcsecurity.com/single-post/2018/05/06/Trimarc-Research-Detecting-Password-Spraying-with-Security-Event-Auditing", + "https://www.us-cert.gov/ncas/alerts/TA18-086A" ] }, "related": [ @@ -16248,8 +16248,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1071/001", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/techniques/T1071/001" ] }, "related": [ @@ -16279,8 +16279,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1102/002", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/techniques/T1102/002" ] }, "related": [ @@ -16300,9 +16300,9 @@ "mitre-attack:execution" ], "mitre_data_sources": [ - "Network Traffic: Network Traffic Content", "File: File Creation", - "Network Traffic: Network Connection Creation" + "Network Traffic: Network Connection Creation", + "Network Traffic: Network Traffic Content" ], "mitre_platforms": [ "Linux", @@ -16332,8 +16332,8 @@ "mitre-attack:command-and-control" ], "mitre_data_sources": [ - "Network Traffic: Network Traffic Flow", - "Network Traffic: Network Connection Creation" + "Network Traffic: Network Connection Creation", + "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ "Linux", @@ -16374,9 +16374,9 @@ "https://attack.mitre.org/techniques/T1027/001", "https://capec.mitre.org/data/definitions/572.html", "https://capec.mitre.org/data/definitions/655.html", - "https://www.welivesecurity.com/2018/03/13/oceanlotus-ships-new-backdoor/", "https://securelist.com/old-malware-tricks-to-bypass-detection-in-the-age-of-big-data/78010/", - "https://www.virustotal.com/en/faq/" + "https://www.virustotal.com/en/faq/", + "https://www.welivesecurity.com/2018/03/13/oceanlotus-ships-new-backdoor/" ] }, "related": [ @@ -16405,8 +16405,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1071/003", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/techniques/T1071/003" ] }, "related": [ @@ -16426,8 +16426,8 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "Process: Process Creation", - "Command: Command Execution" + "Command: Command Execution", + "Process: Process Creation" ], "mitre_platforms": [ "Linux", @@ -16436,13 +16436,13 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1480/001", - "https://www.schneier.com/academic/paperfiles/paper-clueless-agents.pdf", + "https://github.com/Genetic-Malware/Ebowla/blob/master/Eko_2016_Morrow_Pitts_Master.pdf", + "https://github.com/nccgroup/demiguise/blob/master/examples/virginkey.js", "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/20134940/kaspersky-lab-gauss.pdf", - "https://www.proofpoint.com/us/threat-insight/post/home-routers-under-attack-malvertising-windows-android-devices", "https://pdfs.semanticscholar.org/2721/3d206bc3c1e8c229fb4820b6af09e7f975da.pdf", "https://research.nccgroup.com/2017/08/08/smuggling-hta-files-in-internet-explorer-edge/", - "https://github.com/Genetic-Malware/Ebowla/blob/master/Eko_2016_Morrow_Pitts_Master.pdf", - "https://github.com/nccgroup/demiguise/blob/master/examples/virginkey.js" + "https://www.proofpoint.com/us/threat-insight/post/home-routers-under-attack-malvertising-windows-android-devices", + "https://www.schneier.com/academic/paperfiles/paper-clueless-agents.pdf" ] }, "related": [ @@ -16467,9 +16467,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1590/001", - "https://www.whois.net/", "https://dnsdumpster.com/", - "https://www.circl.lu/services/passive-dns/" + "https://www.circl.lu/services/passive-dns/", + "https://www.whois.net/" ] }, "related": [ @@ -16490,8 +16490,8 @@ ], "mitre_data_sources": [ "Logon Session: Logon Session Creation", - "Web Credential: Web Credential Usage", - "Web Credential: Web Credential Creation" + "Web Credential: Web Credential Creation", + "Web Credential: Web Credential Usage" ], "mitre_platforms": [ "Linux", @@ -16502,9 +16502,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1606/001", + "https://unit42.paloaltonetworks.com/mac-malware-steals-cryptocurrency-exchanges-cookies/", "https://wunderwuzzi23.github.io/blog/passthecookie.html", - "https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/", - "https://unit42.paloaltonetworks.com/mac-malware-steals-cryptocurrency-exchanges-cookies/" + "https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/" ] }, "related": [ @@ -16583,8 +16583,8 @@ "mitre-attack:initial-access" ], "mitre_data_sources": [ - "User Account: User Account Authentication", - "Logon Session: Logon Session Creation" + "Logon Session: Logon Session Creation", + "User Account: User Account Authentication" ], "mitre_platforms": [ "Windows", @@ -16600,10 +16600,10 @@ "refs": [ "https://attack.mitre.org/techniques/T1078/001", "https://capec.mitre.org/data/definitions/70.html", - "https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/local-accounts", "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html", - "https://www.microsoft.com/security/blog/2020/04/02/attack-matrix-kubernetes/", - "https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/ssh" + "https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/local-accounts", + "https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/ssh", + "https://www.microsoft.com/security/blog/2020/04/02/attack-matrix-kubernetes/" ] }, "related": [ @@ -16623,9 +16623,9 @@ "mitre-attack:discovery" ], "mitre_data_sources": [ + "Command: Command Execution", "File: File Access", "Process: OS API Execution", - "Command: Command Execution", "Process: Process Creation" ], "mitre_platforms": [ @@ -16664,8 +16664,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1204/002", - " https://www.bleepingcomputer.com/news/security/psa-dont-open-spam-containing-password-protected-word-docs/" + " https://www.bleepingcomputer.com/news/security/psa-dont-open-spam-containing-password-protected-word-docs/", + "https://attack.mitre.org/techniques/T1204/002" ] }, "related": [ @@ -16694,9 +16694,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1027/002", + "https://capec.mitre.org/data/definitions/570.html", "https://github.com/dhondta/awesome-executable-packing", - "https://www.welivesecurity.com/wp-content/uploads/2018/01/WP-FinFisher.pdf", - "https://capec.mitre.org/data/definitions/570.html" + "https://www.welivesecurity.com/wp-content/uploads/2018/01/WP-FinFisher.pdf" ] }, "related": [ @@ -16717,11 +16717,11 @@ ], "mitre_data_sources": [ "Application Log: Application Log Content", + "Command: Command Execution", + "Container: Container Creation", + "Container: Container Start", "Image: Image Creation", "Instance: Instance Creation", - "Container: Container Start", - "Container: Container Creation", - "Command: Command Execution", "Instance: Instance Start" ], "mitre_platforms": [ @@ -16730,8 +16730,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1204/003", - "https://summitroute.com/blog/2018/09/24/investigating_malicious_amis/", - "https://info.aquasec.com/hubfs/Threat%20reports/AquaSecurity_Cloud_Native_Threat_Report_2021.pdf?utm_campaign=WP%20-%20Jun2021%20Nautilus%202021%20Threat%20Research%20Report&utm_medium=email&_hsmi=132931006&_hsenc=p2ANqtz-_8oopT5Uhqab8B7kE0l3iFo1koirxtyfTehxF7N-EdGYrwk30gfiwp5SiNlW3G0TNKZxUcDkYOtwQ9S6nNVNyEO-Dgrw&utm_content=132931006&utm_source=hs_automation" + "https://info.aquasec.com/hubfs/Threat%20reports/AquaSecurity_Cloud_Native_Threat_Report_2021.pdf?utm_campaign=WP%20-%20Jun2021%20Nautilus%202021%20Threat%20Research%20Report&utm_medium=email&_hsmi=132931006&_hsenc=p2ANqtz-_8oopT5Uhqab8B7kE0l3iFo1koirxtyfTehxF7N-EdGYrwk30gfiwp5SiNlW3G0TNKZxUcDkYOtwQ9S6nNVNyEO-Dgrw&utm_content=132931006&utm_source=hs_automation", + "https://summitroute.com/blog/2018/09/24/investigating_malicious_amis/" ] }, "related": [ @@ -16753,17 +16753,17 @@ ], "mitre_data_sources": [ "Command: Command Execution", - "Process: Process Creation", + "File: File Creation", "File: File Modification", - "File: File Creation" + "Process: Process Creation" ], "mitre_platforms": [ "macOS" ], "refs": [ "https://attack.mitre.org/techniques/T1037/002", - "https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CustomLogin.html", "https://developer.apple.com/documentation/devicemanagement/loginwindowscripts", + "https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CustomLogin.html", "https://taomm.org/PDFs/vol1/CH%200x02%20Persistence.pdf", "https://www.sentinelone.com/blog/how-malware-persists-on-macos/" ] @@ -16815,11 +16815,11 @@ "mitre-attack:credential-access" ], "mitre_data_sources": [ - "User Account: User Account Authentication", "Logon Session: Logon Session Creation", "Logon Session: Logon Session Metadata", - "Web Credential: Web Credential Usage", - "Web Credential: Web Credential Creation" + "User Account: User Account Authentication", + "Web Credential: Web Credential Creation", + "Web Credential: Web Credential Usage" ], "mitre_platforms": [ "Azure AD", @@ -16833,8 +16833,8 @@ "https://attack.mitre.org/techniques/T1606/002", "https://blogs.microsoft.com/on-the-issues/2020/12/13/customers-protect-nation-state-cyberattacks/", "https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes", - "https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps", "https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/", + "https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps", "https://www.sygnia.co/golden-saml-advisory" ] }, @@ -16864,10 +16864,10 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1027/006", - "https://www.menlosecurity.com/blog/new-attack-alert-duri", "https://outflank.nl/blog/2018/08/14/html-smuggling-explained/", - "https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/", - "https://research.nccgroup.com/2017/08/08/smuggling-hta-files-in-internet-explorer-edge/" + "https://research.nccgroup.com/2017/08/08/smuggling-hta-files-in-internet-explorer-edge/", + "https://www.menlosecurity.com/blog/new-attack-alert-duri", + "https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/" ] }, "related": [ @@ -16946,9 +16946,9 @@ "mitre-attack:initial-access" ], "mitre_data_sources": [ - "User Account: User Account Authentication", + "Logon Session: Logon Session Creation", "Logon Session: Logon Session Metadata", - "Logon Session: Logon Session Creation" + "User Account: User Account Authentication" ], "mitre_platforms": [ "Linux", @@ -16957,11 +16957,11 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1078/002", - "https://technet.microsoft.com/en-us/library/dn535501.aspx", - "https://technet.microsoft.com/en-us/library/dn487457.aspx", + "https://capec.mitre.org/data/definitions/560.html", "https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/active-directory-accounts", - "https://ubuntu.com/server/docs/service-sssd", - "https://capec.mitre.org/data/definitions/560.html" + "https://technet.microsoft.com/en-us/library/dn487457.aspx", + "https://technet.microsoft.com/en-us/library/dn535501.aspx", + "https://ubuntu.com/server/docs/service-sssd" ] }, "related": [ @@ -16981,8 +16981,8 @@ "mitre-attack:discovery" ], "mitre_data_sources": [ - "Process: OS API Execution", "Command: Command Execution", + "Process: OS API Execution", "Process: Process Creation" ], "mitre_platforms": [ @@ -17013,24 +17013,24 @@ "mitre-attack:privilege-escalation" ], "mitre_data_sources": [ - "File: File Creation", "Command: Command Execution", - "Process: Process Creation", - "File: File Modification" + "File: File Creation", + "File: File Modification", + "Process: Process Creation" ], "mitre_platforms": [ "macOS", "Linux" ], "refs": [ + "http://manpages.ubuntu.com/manpages/bionic/man8/systemd-rc-local-generator.8.html", "https://attack.mitre.org/techniques/T1037/004", + "https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLaunchdJobs.html", + "https://developer.apple.com/library/content/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/StartupItems.html", "https://iranthreats.github.io/resources/attribution-flying-rocket-kitten/", "https://www.intezer.com/blog-hiddenwasp-malware-targeting-linux-systems/", "https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/", - "https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLaunchdJobs.html", - "https://developer.apple.com/library/content/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/StartupItems.html", - "https://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-Wardle.pdf", - "http://manpages.ubuntu.com/manpages/bionic/man8/systemd-rc-local-generator.8.html" + "https://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-Wardle.pdf" ] }, "related": [ @@ -17052,22 +17052,22 @@ "mitre-attack:privilege-escalation" ], "mitre_data_sources": [ - "Scheduled Job: Scheduled Job Creation", - "Process: Process Creation", "Command: Command Execution", - "File: File Modification" + "File: File Modification", + "Process: Process Creation", + "Scheduled Job: Scheduled Job Creation" ], "mitre_platforms": [ "Windows" ], "refs": [ "https://attack.mitre.org/techniques/T1053/005", - "https://www.proofpoint.com/us/blog/threat-insight/serpent-no-swiping-new-backdoor-targets-french-entities-unique-attack-chain", - "https://twitter.com/leoloobeek/status/939248813465853953", "https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/audit-other-object-access-events", - "https://technet.microsoft.com/library/dd315590.aspx", + "https://social.technet.microsoft.com/Forums/en-US/e5bca729-52e7-4fcb-ba12-3225c564674c/scheduled-tasks-history-retention-settings?forum=winserver8gen", "https://technet.microsoft.com/en-us/sysinternals/bb963902", - "https://social.technet.microsoft.com/Forums/en-US/e5bca729-52e7-4fcb-ba12-3225c564674c/scheduled-tasks-history-retention-settings?forum=winserver8gen" + "https://technet.microsoft.com/library/dd315590.aspx", + "https://twitter.com/leoloobeek/status/939248813465853953", + "https://www.proofpoint.com/us/blog/threat-insight/serpent-no-swiping-new-backdoor-targets-french-entities-unique-attack-chain" ] }, "related": [ @@ -17087,12 +17087,12 @@ "mitre-attack:persistence" ], "mitre_data_sources": [ - "File: File Modification", - "Process: Process Creation", - "Network Traffic: Network Traffic Flow", "Application Log: Application Log Content", "File: File Creation", - "Network Traffic: Network Traffic Content" + "File: File Modification", + "Network Traffic: Network Traffic Content", + "Network Traffic: Network Traffic Flow", + "Process: Process Creation" ], "mitre_platforms": [ "Linux", @@ -17102,8 +17102,8 @@ "refs": [ "https://attack.mitre.org/techniques/T1505/003", "https://capec.mitre.org/data/definitions/650.html", - "https://www.fireeye.com/blog/threat-research/2013/08/breaking-down-the-china-chopper-web-shell-part-i.html", "https://github.com/nsacyber/Mitigating-Web-Shells", + "https://www.fireeye.com/blog/threat-research/2013/08/breaking-down-the-china-chopper-web-shell-part-i.html", "https://www.us-cert.gov/ncas/alerts/TA15-314A" ] }, @@ -17128,20 +17128,20 @@ "mitre_data_sources": [ "Command: Command Execution", "File: File Modification", - "Scheduled Job: Scheduled Job Creation", - "Process: Process Creation" + "Process: Process Creation", + "Scheduled Job: Scheduled Job Creation" ], "mitre_platforms": [ "Linux" ], "refs": [ - "https://attack.mitre.org/techniques/T1053/006", - "https://wiki.archlinux.org/index.php/Systemd/Timers", - "https://www.tecmint.com/control-systemd-services-on-remote-linux-server/", "http://man7.org/linux/man-pages/man1/systemd.1.html", - "https://www.bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository/", + "https://attack.mitre.org/techniques/T1053/006", "https://gist.github.com/campuscodi/74d0d2e35d8fd9499c76333ce027345a", - "https://lists.archlinux.org/pipermail/aur-general/2018-July/034153.html" + "https://lists.archlinux.org/pipermail/aur-general/2018-July/034153.html", + "https://wiki.archlinux.org/index.php/Systemd/Timers", + "https://www.bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository/", + "https://www.tecmint.com/control-systemd-services-on-remote-linux-server/" ] }, "related": [ @@ -17163,9 +17163,9 @@ ], "mitre_data_sources": [ "Command: Command Execution", + "File: File Creation", "File: File Modification", - "Process: Process Creation", - "File: File Creation" + "Process: Process Creation" ], "mitre_platforms": [ "macOS" @@ -17194,9 +17194,9 @@ ], "mitre_data_sources": [ "Application Log: Application Log Content", - "Group: Group Metadata", - "Group: Group Enumeration", "Command: Command Execution", + "Group: Group Enumeration", + "Group: Group Metadata", "Process: Process Creation" ], "mitre_platforms": [ @@ -17208,12 +17208,12 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1069/003", - "https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAcl.html", - "https://www.blackhillsinfosec.com/red-teaming-microsoft-part-1-active-directory-leaks-via-azure/", "https://cloud.google.com/identity/docs/reference/rest", + "https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAcl.html", "https://docs.microsoft.com/en-us/cli/azure/ad/user?view=azure-cli-latest", "https://docs.microsoft.com/en-us/powershell/module/msonline/get-msolrole?view=azureadps-1.0", - "https://github.com/True-Demon/raindance" + "https://github.com/True-Demon/raindance", + "https://www.blackhillsinfosec.com/red-teaming-microsoft-part-1-active-directory-leaks-via-azure/" ] }, "related": [ @@ -17234,8 +17234,8 @@ ], "mitre_data_sources": [ "Command: Command Execution", - "User Account: User Account Metadata", - "Process: Process Creation" + "Process: Process Creation", + "User Account: User Account Metadata" ], "mitre_platforms": [ "Windows", @@ -17246,8 +17246,8 @@ "https://attack.mitre.org/techniques/T1087/003", "https://docs.microsoft.com/en-us/exchange/email-addresses-and-address-books/address-lists/address-lists?view=exchserver-2019", "https://docs.microsoft.com/en-us/powershell/module/exchange/email-addresses-and-address-books/get-globaladdresslist", - "https://www.blackhillsinfosec.com/attacking-exchange-with-mailsniper/", - "https://support.google.com/a/answer/166870?hl=en" + "https://support.google.com/a/answer/166870?hl=en", + "https://www.blackhillsinfosec.com/attacking-exchange-with-mailsniper/" ] }, "related": [ @@ -17270,8 +17270,8 @@ "mitre-attack:initial-access" ], "mitre_data_sources": [ - "Logon Session: Logon Session Metadata", "Logon Session: Logon Session Creation", + "Logon Session: Logon Session Metadata", "User Account: User Account Authentication" ], "mitre_platforms": [ @@ -17302,24 +17302,24 @@ ], "mitre_data_sources": [ "Command: Command Execution", - "File: File Modification", - "File: File Creation" + "File: File Creation", + "File: File Modification" ], "mitre_platforms": [ "Windows" ], "refs": [ "https://attack.mitre.org/techniques/T1505/004", - "https://docs.microsoft.com/en-us/previous-versions/iis/6.0-sdk/ms525172(v=vs.90)", - "https://docs.microsoft.com/en-us/previous-versions/iis/6.0-sdk/ms524610(v=vs.90)", - "https://web.archive.org/web/20170106175935/http:/esec-lab.sogeti.com/posts/2011/02/02/iis-backdoor.html", - "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/the-curious-case-of-the-malicious-iis-module/", - "https://docs.microsoft.com/en-us/previous-versions/iis/6.0-sdk/ms525696(v=vs.90)", - "https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage", - "https://web.archive.org/web/20140804175025/http:/blogs.technet.com/b/mmpc/archive/2012/10/03/malware-signed-with-the-adobe-code-signing-certificate.aspx", "https://docs.microsoft.com/en-us/iis/get-started/introduction-to-iis/iis-modules-overview", + "https://docs.microsoft.com/en-us/previous-versions/iis/6.0-sdk/ms524610(v=vs.90)", + "https://docs.microsoft.com/en-us/previous-versions/iis/6.0-sdk/ms525172(v=vs.90)", + "https://docs.microsoft.com/en-us/previous-versions/iis/6.0-sdk/ms525696(v=vs.90)", "https://i.blackhat.com/USA21/Wednesday-Handouts/us-21-Anatomy-Of-Native-Iis-Malware-wp.pdf", - "https://researchcenter.paloaltonetworks.com/2018/01/unit42-oilrig-uses-rgdoor-iis-backdoor-targets-middle-east/" + "https://researchcenter.paloaltonetworks.com/2018/01/unit42-oilrig-uses-rgdoor-iis-backdoor-targets-middle-east/", + "https://web.archive.org/web/20140804175025/http:/blogs.technet.com/b/mmpc/archive/2012/10/03/malware-signed-with-the-adobe-code-signing-certificate.aspx", + "https://web.archive.org/web/20170106175935/http:/esec-lab.sogeti.com/posts/2011/02/02/iis-backdoor.html", + "https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage", + "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/the-curious-case-of-the-malicious-iis-module/" ] }, "related": [ @@ -17397,9 +17397,9 @@ "mitre-attack:initial-access" ], "mitre_data_sources": [ - "User Account: User Account Authentication", + "Logon Session: Logon Session Creation", "Logon Session: Logon Session Metadata", - "Logon Session: Logon Session Creation" + "User Account: User Account Authentication" ], "mitre_platforms": [ "Azure AD", @@ -17444,13 +17444,13 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1087/004", - "https://docs.microsoft.com/en-us/powershell/module/msonline/get-msolrolemember?view=azureadps-1.0", - "https://github.com/True-Demon/raindance", - "https://docs.microsoft.com/en-us/cli/azure/ad/user?view=azure-cli-latest", - "https://www.blackhillsinfosec.com/red-teaming-microsoft-part-1-active-directory-leaks-via-azure/", + "https://cloud.google.com/sdk/gcloud/reference/iam/service-accounts/list", "https://docs.aws.amazon.com/cli/latest/reference/iam/list-roles.html", "https://docs.aws.amazon.com/cli/latest/reference/iam/list-users.html", - "https://cloud.google.com/sdk/gcloud/reference/iam/service-accounts/list" + "https://docs.microsoft.com/en-us/cli/azure/ad/user?view=azure-cli-latest", + "https://docs.microsoft.com/en-us/powershell/module/msonline/get-msolrolemember?view=azureadps-1.0", + "https://github.com/True-Demon/raindance", + "https://www.blackhillsinfosec.com/red-teaming-microsoft-part-1-active-directory-leaks-via-azure/" ] }, "related": [ @@ -17475,9 +17475,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1590/005", - "https://www.whois.net/", "https://dnsdumpster.com/", - "https://www.circl.lu/services/passive-dns/" + "https://www.circl.lu/services/passive-dns/", + "https://www.whois.net/" ] }, "related": [ @@ -17497,10 +17497,10 @@ "mitre-attack:execution" ], "mitre_data_sources": [ - "Script: Script Execution", "Command: Command Execution", "Module: Module Load", - "Process: Process Creation" + "Process: Process Creation", + "Script: Script Execution" ], "mitre_platforms": [ "Windows", @@ -17512,8 +17512,8 @@ "https://devblogs.microsoft.com/vbteam/visual-basic-support-planned-for-net-5-0/", "https://docs.microsoft.com/dotnet/visual-basic/", "https://docs.microsoft.com/office/vba/api/overview/", - "https://en.wikipedia.org/wiki/Visual_Basic_for_Applications", "https://docs.microsoft.com/previous-versions//1kw29xwf(v=vs.85)", + "https://en.wikipedia.org/wiki/Visual_Basic_for_Applications", "https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805" ] }, @@ -17541,10 +17541,10 @@ "Linux" ], "refs": [ - "https://attack.mitre.org/techniques/T1055/009", "http://hick.org/code/skape/papers/needle.txt", - "https://blog.gdssecurity.com/labs/2017/9/5/linux-based-inter-process-code-injection-without-ptrace2.html", - "http://man7.org/linux/man-pages/man1/dd.1.html" + "http://man7.org/linux/man-pages/man1/dd.1.html", + "https://attack.mitre.org/techniques/T1055/009", + "https://blog.gdssecurity.com/labs/2017/9/5/linux-based-inter-process-code-injection-without-ptrace2.html" ] }, "related": [ @@ -17592,9 +17592,9 @@ "mitre-attack:persistence" ], "mitre_data_sources": [ - "User Account: User Account Modification", "Active Directory: Active Directory Object Creation", - "Application Log: Application Log Content" + "Application Log: Application Log Content", + "User Account: User Account Modification" ], "mitre_platforms": [ "Azure AD", @@ -17603,10 +17603,10 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1098/005", - "https://www.cisa.gov/uscert/ncas/alerts/aa22-074a", - "https://o365blog.com/post/mdm", "https://o365blog.com/post/bprt/", "https://o365blog.com/post/devices/", + "https://o365blog.com/post/mdm", + "https://www.cisa.gov/uscert/ncas/alerts/aa22-074a", "https://www.darkreading.com/threat-intelligence/fireeye-s-mandia-severity-zero-alert-led-to-discovery-of-solarwinds-attack", "https://www.microsoft.com/security/blog/2022/01/26/evolved-phishing-device-registration-trick-adds-to-phishers-toolbox-for-victims-without-mfa", "https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/" @@ -17637,10 +17637,10 @@ "Windows" ], "refs": [ + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", "https://attack.mitre.org/techniques/T1132/001", "https://en.wikipedia.org/wiki/Binary-to-text_encoding", - "https://en.wikipedia.org/wiki/Character_encoding", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://en.wikipedia.org/wiki/Character_encoding" ] }, "related": [ @@ -17660,9 +17660,9 @@ "mitre-attack:persistence" ], "mitre_data_sources": [ - "User Account: User Account Creation", + "Command: Command Execution", "Process: Process Creation", - "Command: Command Execution" + "User Account: User Account Creation" ], "mitre_platforms": [ "Linux", @@ -17693,8 +17693,8 @@ "mitre_data_sources": [ "Application Log: Application Log Content", "File: File Creation", - "Network Traffic: Network Traffic Content", - "File: File Modification" + "File: File Modification", + "Network Traffic: Network Traffic Content" ], "mitre_platforms": [ "Linux", @@ -17703,8 +17703,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1491/001", - "https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf", - "https://operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Destructive-Malware-Report.pdf" + "https://operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Destructive-Malware-Report.pdf", + "https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf" ] }, "related": [ @@ -17724,22 +17724,22 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "Process: OS API Execution", - "Windows Registry: Windows Registry Key Modification", - "File: File Creation", "Command: Command Execution", + "File: File Creation", "Module: Module Load", - "Process: Process Creation" + "Process: OS API Execution", + "Process: Process Creation", + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Windows" ], "refs": [ "https://attack.mitre.org/techniques/T1218/002", - "https://msdn.microsoft.com/library/windows/desktop/cc144185.aspx", - "https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-cpl-malware.pdf", "https://blog.trendmicro.com/trendlabs-security-intelligence/control-panel-files-used-as-malicious-attachments/", + "https://msdn.microsoft.com/library/windows/desktop/cc144185.aspx", "https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties-to-sunorcal-discovered/", + "https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-cpl-malware.pdf", "https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" ] }, @@ -17760,16 +17760,16 @@ "mitre-attack:collection" ], "mitre_data_sources": [ - "Logon Session: Logon Session Creation", - "Application Log: Application Log Content" + "Application Log: Application Log Content", + "Logon Session: Logon Session Creation" ], "mitre_platforms": [ "SaaS" ], "refs": [ "https://attack.mitre.org/techniques/T1213/003", - "https://www.wired.com/story/uber-paid-off-hackers-to-hide-a-57-million-user-data-breach/", - "https://krebsonsecurity.com/2013/10/adobe-to-announce-source-code-customer-data-breach/" + "https://krebsonsecurity.com/2013/10/adobe-to-announce-source-code-customer-data-breach/", + "https://www.wired.com/story/uber-paid-off-hackers-to-hide-a-57-million-user-data-breach/" ] }, "related": [ @@ -17789,9 +17789,9 @@ "mitre-attack:persistence" ], "mitre_data_sources": [ - "User Account: User Account Creation", + "Command: Command Execution", "Process: Process Creation", - "Command: Command Execution" + "User Account: User Account Creation" ], "mitre_platforms": [ "Windows", @@ -17820,21 +17820,21 @@ "mitre-attack:persistence" ], "mitre_data_sources": [ - "Process: Process Creation", "Command: Command Execution", - "Module: Module Load", - "File: File Modification", - "Windows Registry: Windows Registry Key Modification", "File: File Creation", - "Windows Registry: Windows Registry Key Creation" + "File: File Modification", + "Module: Module Load", + "Process: Process Creation", + "Windows Registry: Windows Registry Key Creation", + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Windows", "Office 365" ], "refs": [ - "https://attack.mitre.org/techniques/T1137/002", "http://www.hexacorn.com/blog/2014/04/16/beyond-good-ol-run-key-part-10/", + "https://attack.mitre.org/techniques/T1137/002", "https://researchcenter.paloaltonetworks.com/2016/07/unit42-technical-walkthrough-office-test-persistence-method-used-in-recent-sofacy-attacks/" ] }, @@ -17862,16 +17862,16 @@ "Windows" ], "refs": [ + "http://www.intelsecurity.com/advanced-threat-research/content/data/HT-UEFI-rootkit.html", + "http://www.mitre.org/capabilities/cybersecurity/overview/cybersecurity-blog/copernicus-question-your-assumptions-about", + "http://www.mitre.org/publications/project-stories/going-deep-into-the-bios-with-mitre-firmware-security-research", + "http://www.uefi.org/about", "https://attack.mitre.org/techniques/T1542/001", "https://capec.mitre.org/data/definitions/532.html", "https://en.wikipedia.org/wiki/BIOS", "https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface", - "http://www.uefi.org/about", - "http://www.mitre.org/publications/project-stories/going-deep-into-the-bios-with-mitre-firmware-security-research", - "http://www.mitre.org/capabilities/cybersecurity/overview/cybersecurity-blog/copernicus-question-your-assumptions-about", - "https://securingtomorrow.mcafee.com/business/chipsec-support-vault-7-disclosure-scanning/", "https://github.com/chipsec/chipsec", - "http://www.intelsecurity.com/advanced-threat-research/content/data/HT-UEFI-rootkit.html" + "https://securingtomorrow.mcafee.com/business/chipsec-support-vault-7-disclosure-scanning/" ] }, "related": [ @@ -17892,8 +17892,8 @@ ], "mitre_data_sources": [ "Application Log: Application Log Content", - "File: File Modification", "File: File Creation", + "File: File Modification", "Network Traffic: Network Traffic Content" ], "mitre_platforms": [ @@ -17904,10 +17904,10 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1491/002", - "https://www.fireeye.com/content/dam/fireeye-www/current-threats/pdfs/ib-entertainment.pdf", - "https://www.intelligence.senate.gov/sites/default/files/documents/os-kmandia-033017.pdf", + "https://documents.trendmicro.com/assets/white_papers/wp-a-deep-dive-into-defacement.pdf", "https://torrentfreak.com/anonymous-hackers-deface-russian-govt-site-to-protest-web-blocking-nsfw-180512/", - "https://documents.trendmicro.com/assets/white_papers/wp-a-deep-dive-into-defacement.pdf" + "https://www.fireeye.com/content/dam/fireeye-www/current-threats/pdfs/ib-entertainment.pdf", + "https://www.intelligence.senate.gov/sites/default/files/documents/os-kmandia-033017.pdf" ] }, "related": [ @@ -17928,18 +17928,18 @@ "mitre-attack:privilege-escalation" ], "mitre_data_sources": [ - "Process: Process Modification", "Process: OS API Execution", - "Process: Process Access" + "Process: Process Access", + "Process: Process Modification" ], "mitre_platforms": [ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1055/012", "http://www.autosectools.com/process-hollowing.pdf", - "https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process", + "https://attack.mitre.org/techniques/T1055/012", "https://blog.nviso.eu/2020/02/04/the-return-of-the-spoof-part-2-command-line-spoofing/", + "https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process", "https://www.mandiant.com/resources/staying-hidden-on-the-endpoint-evading-detection-with-shellcode" ] }, @@ -17960,9 +17960,9 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ + "Command: Command Execution", "Process: Process Creation", - "Process: Process Metadata", - "Command: Command Execution" + "Process: Process Metadata" ], "mitre_platforms": [ "Windows", @@ -17971,9 +17971,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1562/010", - "https://www.crowdstrike.com/blog/how-falcon-complete-stopped-a-big-game-hunting-ransomware-attack/", "https://nsfocusglobal.com/attack-and-defense-around-powershell-event-logging/", "https://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/", + "https://www.crowdstrike.com/blog/how-falcon-complete-stopped-a-big-game-hunting-ransomware-attack/", "https://www.mandiant.com/resources/bring-your-own-land-novel-red-teaming-technique", "https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/" ] @@ -18031,10 +18031,10 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1136/003", - "https://docs.microsoft.com/en-us/office365/admin/add-users/about-admin-roles?view=o365-worldwide", "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html", - "https://support.google.com/cloudidentity/answer/7332836?hl=en&ref_topic=7558554", "https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-users-azure-active-directory", + "https://docs.microsoft.com/en-us/office365/admin/add-users/about-admin-roles?view=o365-worldwide", + "https://support.google.com/cloudidentity/answer/7332836?hl=en&ref_topic=7558554", "https://support.office.com/en-us/article/add-another-admin-f693489f-9f55-4bd0-a637-a81ce93de22d" ] }, @@ -18055,9 +18055,9 @@ "mitre-attack:persistence" ], "mitre_data_sources": [ - "Process: Process Creation", + "Application Log: Application Log Content", "Command: Command Execution", - "Application Log: Application Log Content" + "Process: Process Creation" ], "mitre_platforms": [ "Windows", @@ -18065,9 +18065,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1137/003", - "https://sensepost.com/blog/2017/outlook-forms-and-shells/", "https://docs.microsoft.com/en-us/office365/securitycompliance/detect-and-remediate-outlook-rules-forms-attack", - "https://github.com/sensepost/notruler" + "https://github.com/sensepost/notruler", + "https://sensepost.com/blog/2017/outlook-forms-and-shells/" ] }, "related": [ @@ -18088,25 +18088,25 @@ "mitre-attack:privilege-escalation" ], "mitre_data_sources": [ - "Service: Service Creation", - "Service: Service Modification", + "Command: Command Execution", "File: File Creation", "File: File Modification", - "Command: Command Execution" + "Service: Service Creation", + "Service: Service Modification" ], "mitre_platforms": [ "macOS" ], "refs": [ "https://attack.mitre.org/techniques/T1543/001", + "https://blog.malwarebytes.com/threat-analysis/2017/01/new-mac-backdoor-using-antiquated-code/", + "https://blog.malwarebytes.com/threat-analysis/2017/04/new-osx-dok-malware-intercepts-web-traffic/", "https://developer.apple.com/library/content/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLaunchdJobs.html", "https://researchcenter.paloaltonetworks.com/2016/09/unit42-sofacys-komplex-os-x-trojan/", "https://www.alienvault.com/blogs/labs-research/oceanlotus-for-os-x-an-application-bundle-pretending-to-be-an-adobe-flash-update", - "https://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials/", - "https://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-Wardle.pdf", "https://www.synack.com/wp-content/uploads/2016/03/RSA_OSX_Malware.pdf", - "https://blog.malwarebytes.com/threat-analysis/2017/01/new-mac-backdoor-using-antiquated-code/", - "https://blog.malwarebytes.com/threat-analysis/2017/04/new-osx-dok-malware-intercepts-web-traffic/" + "https://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-Wardle.pdf", + "https://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials/" ] }, "related": [ @@ -18126,8 +18126,8 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "File: File Metadata", "Command: Command Execution", + "File: File Metadata", "File: File Modification", "Process: Process Creation" ], @@ -18136,14 +18136,14 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1553/001", - "https://eclecticlight.co/2020/08/28/how-notarization-works/", "https://blog.malwarebytes.com/cybercrime/2015/10/bypassing-apples-gatekeeper/", - "https://labs.sentinelone.com/20-common-tools-techniques-used-by-macos-threat-actors-malware/", - "https://eclecticlight.co/2020/10/29/quarantine-and-the-quarantine-flag/", - "https://theevilbit.github.io/posts/gatekeeper_not_a_bypass/", - "https://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-Wardle.pdf", "https://derflounder.wordpress.com/2012/11/20/clearing-the-quarantine-extended-attribute-from-downloaded-applications/", - "https://www.alienvault.com/blogs/labs-research/oceanlotus-for-os-x-an-application-bundle-pretending-to-be-an-adobe-flash-update" + "https://eclecticlight.co/2020/08/28/how-notarization-works/", + "https://eclecticlight.co/2020/10/29/quarantine-and-the-quarantine-flag/", + "https://labs.sentinelone.com/20-common-tools-techniques-used-by-macos-threat-actors-malware/", + "https://theevilbit.github.io/posts/gatekeeper_not_a_bypass/", + "https://www.alienvault.com/blogs/labs-research/oceanlotus-for-os-x-an-application-bundle-pretending-to-be-an-adobe-flash-update", + "https://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-Wardle.pdf" ] }, "related": [ @@ -18164,20 +18164,20 @@ "mitre-attack:privilege-escalation" ], "mitre_data_sources": [ - "Process: OS API Execution", - "File: File Metadata" + "File: File Metadata", + "Process: OS API Execution" ], "mitre_platforms": [ "Windows" ], "refs": [ "https://attack.mitre.org/techniques/T1055/013", + "https://hshrzd.wordpress.com/2017/12/18/process-doppelganging-a-new-way-to-impersonate-a-process/", + "https://msdn.microsoft.com/library/windows/desktop/aa365738.aspx", "https://msdn.microsoft.com/library/windows/desktop/bb968806.aspx", "https://msdn.microsoft.com/library/windows/desktop/dd979526.aspx", - "https://msdn.microsoft.com/library/windows/desktop/aa365738.aspx", - "https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdf", - "https://hshrzd.wordpress.com/2017/12/18/process-doppelganging-a-new-way-to-impersonate-a-process/", - "https://msdn.microsoft.com/library/windows/hardware/ff559951.aspx" + "https://msdn.microsoft.com/library/windows/hardware/ff559951.aspx", + "https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdf" ] }, "related": [ @@ -18197,11 +18197,11 @@ "mitre-attack:lateral-movement" ], "mitre_data_sources": [ - "Logon Session: Logon Session Creation", "Command: Command Execution", + "Logon Session: Logon Session Creation", + "Network Traffic: Network Traffic Content", "Network Traffic: Network Traffic Flow", - "Process: Process Creation", - "Network Traffic: Network Traffic Content" + "Process: Process Creation" ], "mitre_platforms": [ "Linux", @@ -18209,10 +18209,10 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1563/001", - "https://www.slideshare.net/morisson/mistrusting-and-abusing-ssh-13526219", + "https://matrix.org/blog/2019/05/08/post-mortem-and-remediations-for-apr-11-security-incident", "https://www.blackhat.com/presentations/bh-usa-05/bh-us-05-boileau.pdf", "https://www.clockwork.com/news/2012/09/28/602/ssh_agent_hijacking", - "https://matrix.org/blog/2019/05/08/post-mortem-and-remediations-for-apr-11-security-incident" + "https://www.slideshare.net/morisson/mistrusting-and-abusing-ssh-13526219" ] }, "related": [ @@ -18240,8 +18240,8 @@ "macOS" ], "refs": [ - "https://attack.mitre.org/techniques/T1573/001", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/techniques/T1573/001" ] }, "related": [ @@ -18271,10 +18271,10 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1137/005", - "https://silentbreaksecurity.com/malicious-outlook-rules/", - "https://docs.microsoft.com/en-us/office365/securitycompliance/detect-and-remediate-outlook-rules-forms-attack", "https://blog.compass-security.com/2018/09/hidden-inbox-rules-in-microsoft-exchange/", - "https://github.com/sensepost/notruler" + "https://docs.microsoft.com/en-us/office365/securitycompliance/detect-and-remediate-outlook-rules-forms-attack", + "https://github.com/sensepost/notruler", + "https://silentbreaksecurity.com/malicious-outlook-rules/" ] }, "related": [ @@ -18327,14 +18327,14 @@ "Linux" ], "refs": [ - "https://attack.mitre.org/techniques/T1055/014", - "https://web.archive.org/web/20150711051625/http://vxer.org/lib/vrn00.html", - "https://backtrace.io/blog/backtrace/elf-shared-library-injection-forensics/", - "https://web.archive.org/web/20051013084246/http://www.trilithium.com/johan/2005/08/linux-gate/", - "https://lwn.net/Articles/604515/", - "https://www.gnu.org/software/acct/", + "http://www.chokepoint.net/2014/02/detecting-userland-preload-rootkits.html", "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security_guide/chap-system_auditing", - "http://www.chokepoint.net/2014/02/detecting-userland-preload-rootkits.html" + "https://attack.mitre.org/techniques/T1055/014", + "https://backtrace.io/blog/backtrace/elf-shared-library-injection-forensics/", + "https://lwn.net/Articles/604515/", + "https://web.archive.org/web/20051013084246/http://www.trilithium.com/johan/2005/08/linux-gate/", + "https://web.archive.org/web/20150711051625/http://vxer.org/lib/vrn00.html", + "https://www.gnu.org/software/acct/" ] }, "related": [ @@ -18355,21 +18355,21 @@ "mitre-attack:persistence" ], "mitre_data_sources": [ - "Windows Registry: Windows Registry Key Modification", "Command: Command Execution", "Module: Module Load", + "Process: OS API Execution", "Process: Process Creation", - "Process: OS API Execution" + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Windows" ], "refs": [ "https://attack.mitre.org/techniques/T1546/010", - "https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process", - "https://support.microsoft.com/en-us/kb/197571", "https://msdn.microsoft.com/en-us/library/dn280412", - "https://technet.microsoft.com/en-us/sysinternals/bb963902" + "https://support.microsoft.com/en-us/kb/197571", + "https://technet.microsoft.com/en-us/sysinternals/bb963902", + "https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process" ] }, "related": [ @@ -18390,19 +18390,19 @@ "mitre-attack:privilege-escalation" ], "mitre_data_sources": [ - "Windows Registry: Windows Registry Key Modification", - "Process: OS API Execution", + "File: File Creation", "Module: Module Load", - "File: File Creation" + "Process: OS API Execution", + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1547/010", - "https://www.defcon.org/images/defcon-22/dc-22-presentations/Bloxham/DEFCON-22-Brady-Bloxham-Windows-API-Abuse-UPDATED.pdf", "http://msdn.microsoft.com/en-us/library/dd183341", - "https://technet.microsoft.com/en-us/sysinternals/bb963902" + "https://attack.mitre.org/techniques/T1547/010", + "https://technet.microsoft.com/en-us/sysinternals/bb963902", + "https://www.defcon.org/images/defcon-22/dc-22-presentations/Bloxham/DEFCON-22-Brady-Bloxham-Windows-API-Abuse-UPDATED.pdf" ] }, "related": [ @@ -18448,9 +18448,9 @@ "mitre-attack:discovery" ], "mitre_data_sources": [ - "Process: Process Creation", "Command: Command Execution", - "Process: OS API Execution" + "Process: OS API Execution", + "Process: Process Creation" ], "mitre_platforms": [ "Linux", @@ -18460,8 +18460,8 @@ "refs": [ "https://attack.mitre.org/techniques/T1497/001", "https://drive.google.com/file/d/1t0jn3xr4ff2fR30oQAUn_RsWSnMpOAQc", - "https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/stopping-malware-fake-virtual-machine/", - "https://researchcenter.paloaltonetworks.com/2018/09/unit42-oilrig-targets-middle-eastern-government-adds-evasion-techniques-oopsie/" + "https://researchcenter.paloaltonetworks.com/2018/09/unit42-oilrig-targets-middle-eastern-government-adds-evasion-techniques-oopsie/", + "https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/stopping-malware-fake-virtual-machine/" ] }, "related": [ @@ -18481,19 +18481,19 @@ "mitre-attack:credential-access" ], "mitre_data_sources": [ - "Logon Session: Logon Session Metadata", - "Active Directory: Active Directory Credential Request" + "Active Directory: Active Directory Credential Request", + "Logon Session: Logon Session Metadata" ], "mitre_platforms": [ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1558/001", - "https://adsecurity.org/?p=1640", - "https://cert.europa.eu/static/WhitePapers/UPDATED%20-%20CERT-EU_Security_Whitepaper_2014-007_Kerberos_Golden_Ticket_Protection_v1_4.pdf", "https://adsecurity.org/?p=1515", + "https://adsecurity.org/?p=1640", "https://adsecurity.org/?p=483", + "https://attack.mitre.org/techniques/T1558/001", "https://blog.stealthbits.com/detect-pass-the-ticket-attacks", + "https://cert.europa.eu/static/WhitePapers/UPDATED%20-%20CERT-EU_Security_Whitepaper_2014-007_Kerberos_Golden_Ticket_Protection_v1_4.pdf", "https://gallery.technet.microsoft.com/scriptcenter/Kerberos-Golden-Ticket-b4814285" ] }, @@ -18514,10 +18514,10 @@ "mitre-attack:initial-access" ], "mitre_data_sources": [ - "Network Traffic: Network Traffic Flow", "Application Log: Application Log Content", "File: File Creation", - "Network Traffic: Network Traffic Content" + "Network Traffic: Network Traffic Content", + "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ "macOS", @@ -18557,11 +18557,11 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1578/001", + "https://cloud.google.com/compute/docs/instances/create-start-instance#api_2", + "https://cloud.google.com/logging/docs/audit#admin-activity", "https://content.fireeye.com/m-trends/rpt-m-trends-2020", "https://docs.aws.amazon.com/aws-backup/latest/devguide/logging-using-cloudtrail.html", - "https://docs.microsoft.com/en-us/azure/backup/backup-azure-monitoring-use-azuremonitor", - "https://cloud.google.com/logging/docs/audit#admin-activity", - "https://cloud.google.com/compute/docs/instances/create-start-instance#api_2" + "https://docs.microsoft.com/en-us/azure/backup/backup-azure-monitoring-use-azuremonitor" ] }, "related": [ @@ -18582,8 +18582,8 @@ ], "mitre_data_sources": [ "Application Log: Application Log Content", - "Network Traffic: Network Traffic Flow", - "Network Traffic: Network Traffic Content" + "Network Traffic: Network Traffic Content", + "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ "PRE" @@ -18612,8 +18612,8 @@ ], "mitre_data_sources": [ "Driver: Driver Metadata", - "Process: OS API Execution", - "Firmware: Firmware Modification" + "Firmware: Firmware Modification", + "Process: OS API Execution" ], "mitre_platforms": [ "Windows", @@ -18622,8 +18622,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1542/002", - "https://www.smartmontools.org/", - "https://www.itworld.com/article/2853992/3-tools-to-check-your-hard-drives-health-and-make-sure-its-not-already-dying-on-you.html" + "https://www.itworld.com/article/2853992/3-tools-to-check-your-hard-drives-health-and-make-sure-its-not-already-dying-on-you.html", + "https://www.smartmontools.org/" ] }, "related": [ @@ -18644,23 +18644,23 @@ "mitre-attack:privilege-escalation" ], "mitre_data_sources": [ - "Service: Service Modification", "Command: Command Execution", - "File: File Modification", "File: File Creation", + "File: File Modification", "Process: Process Creation", - "Service: Service Creation" + "Service: Service Creation", + "Service: Service Modification" ], "mitre_platforms": [ "Linux" ], "refs": [ + "http://man7.org/linux/man-pages/man1/systemd.1.html", "https://attack.mitre.org/techniques/T1543/002", "https://capec.mitre.org/data/definitions/550.html", "https://capec.mitre.org/data/definitions/551.html", - "http://man7.org/linux/man-pages/man1/systemd.1.html", - "https://www.freedesktop.org/wiki/Software/systemd/", "https://www.anomali.com/blog/rocke-evolves-its-arsenal-with-a-new-malware-family-written-in-golang", + "https://www.freedesktop.org/wiki/Software/systemd/", "https://www.rapid7.com/db/modules/exploit/linux/local/service_persistence" ] }, @@ -18681,16 +18681,16 @@ "mitre-attack:credential-access" ], "mitre_data_sources": [ - "File: File Access", - "Command: Command Execution" + "Command: Command Execution", + "File: File Access" ], "mitre_platforms": [ "Linux", "macOS" ], "refs": [ - "https://attack.mitre.org/techniques/T1552/003", - "http://www.slideshare.net/StephanBorosh/external-to-da-the-os-x-way" + "http://www.slideshare.net/StephanBorosh/external-to-da-the-os-x-way", + "https://attack.mitre.org/techniques/T1552/003" ] }, "related": [ @@ -18717,10 +18717,10 @@ "Windows" ], "refs": [ + "http://www.symantec.com/connect/blogs/how-attackers-steal-private-keys-digital-certificates", "https://attack.mitre.org/techniques/T1553/002", "https://en.wikipedia.org/wiki/Code_signing", - "https://securelist.com/why-you-shouldnt-completely-trust-files-signed-with-digital-certificates/68593/", - "http://www.symantec.com/connect/blogs/how-attackers-steal-private-keys-digital-certificates" + "https://securelist.com/why-you-shouldnt-completely-trust-files-signed-with-digital-certificates/68593/" ] }, "related": [ @@ -18740,21 +18740,21 @@ "mitre-attack:lateral-movement" ], "mitre_data_sources": [ - "Network Traffic: Network Traffic Flow", - "Network Traffic: Network Traffic Content", + "Command: Command Execution", "Logon Session: Logon Session Creation", - "Process: Process Creation", - "Command: Command Execution" + "Network Traffic: Network Traffic Content", + "Network Traffic: Network Traffic Flow", + "Process: Process Creation" ], "mitre_platforms": [ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1563/002", - "https://technet.microsoft.com/en-us/windowsserver/ee236407.aspx", "http://www.korznikov.com/2017/03/0-day-or-feature-privilege-escalation.html", + "https://attack.mitre.org/techniques/T1563/002", + "https://github.com/nccgroup/redsnarf", "https://medium.com/@networksecurity/rdp-hijacking-how-to-hijack-rds-and-remoteapp-sessions-transparently-to-move-through-an-da2a1e73a5f6", - "https://github.com/nccgroup/redsnarf" + "https://technet.microsoft.com/en-us/windowsserver/ee236407.aspx" ] }, "related": [ @@ -18782,10 +18782,10 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1573/002", "http://www.sans.org/reading-room/whitepapers/analyst/finding-hidden-threats-decrypting-ssl-34840", - "https://insights.sei.cmu.edu/cert/2015/03/the-risks-of-ssl-inspection.html", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/techniques/T1573/002", + "https://insights.sei.cmu.edu/cert/2015/03/the-risks-of-ssl-inspection.html" ] }, "related": [ @@ -18857,9 +18857,9 @@ "mitre-attack:persistence" ], "mitre_data_sources": [ + "Command: Command Execution", "Firmware: Firmware Modification", - "Network Traffic: Network Connection Creation", - "Command: Command Execution" + "Network Traffic: Network Connection Creation" ], "mitre_platforms": [ "Network" @@ -18867,11 +18867,11 @@ "refs": [ "https://attack.mitre.org/techniques/T1542/005", "https://community.cisco.com/t5/security-blogs/attackers-continue-to-target-legacy-devices/ba-p/4169954", - "https://tools.cisco.com/security/center/resources/integrity_assurance.html#35", - "https://tools.cisco.com/security/center/resources/integrity_assurance.html#7", "https://tools.cisco.com/security/center/resources/integrity_assurance.html#13", "https://tools.cisco.com/security/center/resources/integrity_assurance.html#23", - "https://tools.cisco.com/security/center/resources/integrity_assurance.html#26" + "https://tools.cisco.com/security/center/resources/integrity_assurance.html#26", + "https://tools.cisco.com/security/center/resources/integrity_assurance.html#35", + "https://tools.cisco.com/security/center/resources/integrity_assurance.html#7" ] }, "related": [ @@ -18923,11 +18923,11 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "Process: Process Creation", - "User Account: User Account Metadata", - "User Account: User Account Creation", "Command: Command Execution", "File: File Modification", + "Process: Process Creation", + "User Account: User Account Creation", + "User Account: User Account Metadata", "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ @@ -18939,8 +18939,8 @@ "https://attack.mitre.org/techniques/T1564/002", "https://cdn2.hubspot.net/hubfs/3354902/Content%20PDFs/Cybereason-Lab-Analysis-OSX-Pirrit-4-6-16.pdf", "https://support.apple.com/en-us/HT203998", - "https://www.fireeye.com/blog/threat-research/2021/06/darkside-affiliate-supply-chain-software-compromise.html", "https://ubuntuhandbook.org/index.php/2021/06/hide-user-accounts-ubuntu-20-04-login-screen/", + "https://www.fireeye.com/blog/threat-research/2021/06/darkside-affiliate-supply-chain-software-compromise.html", "https://www.us-cert.gov/ncas/alerts/TA18-074A" ] }, @@ -18963,17 +18963,17 @@ ], "mitre_data_sources": [ "Command: Command Execution", - "Windows Registry: Windows Registry Key Modification", - "Module: Module Load" + "Module: Module Load", + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1547/002", "http://docplayer.net/20839173-Analysis-of-malicious-security-support-provider-dlls.html", - "https://technet.microsoft.com/en-us/library/dn408187.aspx", - "https://msdn.microsoft.com/library/windows/desktop/aa374733.aspx" + "https://attack.mitre.org/techniques/T1547/002", + "https://msdn.microsoft.com/library/windows/desktop/aa374733.aspx", + "https://technet.microsoft.com/en-us/library/dn408187.aspx" ] }, "related": [ @@ -18993,18 +18993,18 @@ "mitre-attack:resource-development" ], "mitre_data_sources": [ - "Domain Name: Passive DNS", - "Domain Name: Active DNS" + "Domain Name: Active DNS", + "Domain Name: Passive DNS" ], "mitre_platforms": [ "PRE" ], "refs": [ "https://attack.mitre.org/techniques/T1584/002", - "https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html", - "https://www.crowdstrike.com/blog/widespread-dns-hijacking-activity-targets-multiple-sectors/", "https://blog.talosintelligence.com/2018/11/dnspionage-campaign-targets-middle-east.html", "https://blogs.cisco.com/security/talos/angler-domain-shadowing", + "https://www.crowdstrike.com/blog/widespread-dns-hijacking-activity-targets-multiple-sectors/", + "https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html", "https://www.proofpoint.com/us/threat-insight/post/The-Shadow-Knows" ] }, @@ -19068,13 +19068,13 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1498/002", - "https://capec.mitre.org/data/definitions/490.html", - "https://blog.cloudflare.com/reflections-on-reflections/", - "https://www.cloudflare.com/learning/ddos/dns-amplification-ddos-attack/", - "https://www.cloudflare.com/learning/ddos/ntp-amplification-ddos-attack/", - "https://web.archive.org/web/20180320005525/https://pages.arbornetworks.com/rs/082-KNA-087/images/13th_Worldwide_Infrastructure_Security_Report.pdf", "https://blog.cloudflare.com/memcrashed-major-amplification-attacks-from-port-11211/", - "https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/netflow/configuration/15-mt/nf-15-mt-book/nf-detct-analy-thrts.pdf" + "https://blog.cloudflare.com/reflections-on-reflections/", + "https://capec.mitre.org/data/definitions/490.html", + "https://web.archive.org/web/20180320005525/https://pages.arbornetworks.com/rs/082-KNA-087/images/13th_Worldwide_Infrastructure_Security_Report.pdf", + "https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/netflow/configuration/15-mt/nf-15-mt-book/nf-detct-analy-thrts.pdf", + "https://www.cloudflare.com/learning/ddos/dns-amplification-ddos-attack/", + "https://www.cloudflare.com/learning/ddos/ntp-amplification-ddos-attack/" ] }, "related": [ @@ -19102,10 +19102,10 @@ "macOS" ], "refs": [ - "https://attack.mitre.org/techniques/T1555/002", "http://juusosalonen.com/post/30923743427/breaking-into-the-os-x-keychain", - "https://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials/", - "http://www.slideshare.net/StephanBorosh/external-to-da-the-os-x-way" + "http://www.slideshare.net/StephanBorosh/external-to-da-the-os-x-way", + "https://attack.mitre.org/techniques/T1555/002", + "https://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials/" ] }, "related": [ @@ -19126,8 +19126,8 @@ ], "mitre_data_sources": [ "Command: Command Execution", - "User Account: User Account Authentication", - "File: File Access" + "File: File Access", + "User Account: User Account Authentication" ], "mitre_platforms": [ "Containers" @@ -19161,8 +19161,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1585/002", - "https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf", - "https://blog.trendmicro.com/trendlabs-security-intelligence/r980-ransomware-disposable-email-service/" + "https://blog.trendmicro.com/trendlabs-security-intelligence/r980-ransomware-disposable-email-service/", + "https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf" ] }, "related": [ @@ -19188,9 +19188,9 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1558/002", - "https://adsecurity.org/?p=2011", "https://adsecurity.org/?p=1515", + "https://adsecurity.org/?p=2011", + "https://attack.mitre.org/techniques/T1558/002", "https://medium.com/threatpunter/detecting-attempts-to-steal-passwords-from-memory-558f16dce4ea" ] }, @@ -19251,9 +19251,9 @@ "refs": [ "https://attack.mitre.org/techniques/T1562/006", "https://capec.mitre.org/data/definitions/571.html", - "https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Backdoor:Win32/Lamin.A", "https://docs.microsoft.com/en-us/windows/desktop/etw/consuming-events", - "https://medium.com/palantir/tampering-with-windows-event-tracing-background-offense-and-defense-4be7ac62ac63" + "https://medium.com/palantir/tampering-with-windows-event-tracing-background-offense-and-defense-4be7ac62ac63", + "https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Backdoor:Win32/Lamin.A" ] }, "related": [ @@ -19273,9 +19273,9 @@ "mitre-attack:initial-access" ], "mitre_data_sources": [ + "Application Log: Application Log Content", "Network Traffic: Network Traffic Content", - "Network Traffic: Network Traffic Flow", - "Application Log: Application Log Content" + "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ "Linux", @@ -19287,11 +19287,11 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1566/002", - "https://www.cyber.gov.au/sites/default/files/2019-03/spoof_email_sender_policy_framework.pdf", "https://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-abuses-open-authentication-advanced-social-engineering-attacks", - "https://www.microsoft.com/security/blog/2021/07/14/microsoft-delivers-comprehensive-solution-to-battle-rise-in-consent-phishing-emails/", + "https://capec.mitre.org/data/definitions/163.html", "https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-spoofing-protection?view=o365-worldwide", - "https://capec.mitre.org/data/definitions/163.html" + "https://www.cyber.gov.au/sites/default/files/2019-03/spoof_email_sender_policy_framework.pdf", + "https://www.microsoft.com/security/blog/2021/07/14/microsoft-delivers-comprehensive-solution-to-battle-rise-in-consent-phishing-emails/" ] }, "related": [ @@ -19315,8 +19315,8 @@ "PRE" ], "refs": [ - "https://attack.mitre.org/techniques/T1586/002", - "https://arstechnica.com/tech-policy/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack/" + "https://arstechnica.com/tech-policy/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack/", + "https://attack.mitre.org/techniques/T1586/002" ] }, "related": [ @@ -19336,10 +19336,10 @@ "mitre-attack:execution" ], "mitre_data_sources": [ + "Command: Command Execution", "Process: Process Creation", - "Windows Registry: Windows Registry Key Modification", "Service: Service Creation", - "Command: Command Execution" + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Windows" @@ -19374,9 +19374,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1589/002", - "https://www.hackers-arise.com/email-scraping-and-maltego", + "https://grimhacker.com/2017/07/24/office365-activesync-username-enumeration/", "https://www.cnet.com/news/massive-breach-leaks-773-million-emails-21-million-passwords/", - "https://grimhacker.com/2017/07/24/office365-activesync-username-enumeration/" + "https://www.hackers-arise.com/email-scraping-and-maltego" ] }, "related": [ @@ -19397,17 +19397,17 @@ ], "mitre_data_sources": [ "Application Log: Application Log Content", - "Network Traffic: Network Traffic Flow", - "Network Traffic: Network Traffic Content" + "Network Traffic: Network Traffic Content", + "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ "PRE" ], "refs": [ "https://attack.mitre.org/techniques/T1598/002", - "https://nakedsecurity.sophos.com/2020/10/02/serious-security-phishing-without-links-when-phishers-bring-along-their-own-web-pages/", - "https://github.com/ryhanson/phishery", "https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-spoofing-protection?view=o365-worldwide", + "https://github.com/ryhanson/phishery", + "https://nakedsecurity.sophos.com/2020/10/02/serious-security-phishing-without-links-when-phishers-bring-along-their-own-web-pages/", "https://www.cyber.gov.au/sites/default/files/2019-03/spoof_email_sender_policy_framework.pdf" ] }, @@ -19429,31 +19429,31 @@ "mitre-attack:privilege-escalation" ], "mitre_data_sources": [ - "Service: Service Creation", "Command: Command Execution", - "Process: OS API Execution", "Driver: Driver Load", - "Windows Registry: Windows Registry Key Modification", - "Service: Service Modification", + "Process: OS API Execution", "Process: Process Creation", - "Windows Registry: Windows Registry Key Creation" + "Service: Service Creation", + "Service: Service Modification", + "Windows Registry: Windows Registry Key Creation", + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Windows" ], "refs": [ "https://attack.mitre.org/techniques/T1543/003", - "https://docs.microsoft.com/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection", - "https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf", - "https://technet.microsoft.com/en-us/library/cc772408.aspx", - "https://docs.microsoft.com/windows/security/threat-protection/auditing/event-4697", - "https://www.wired.com/images_blogs/threatlevel/2010/11/w32_stuxnet_dossier.pdf ", - "https://unit42.paloaltonetworks.com/acidbox-rare-malware/", - "https://technet.microsoft.com/en-us/sysinternals/bb963902", - "https://www.crowdstrike.com/blog/how-crowdstrike-falcon-protects-against-wiper-malware-used-in-ukraine-attacks/", "https://capec.mitre.org/data/definitions/478.html", "https://capec.mitre.org/data/definitions/550.html", - "https://capec.mitre.org/data/definitions/551.html" + "https://capec.mitre.org/data/definitions/551.html", + "https://docs.microsoft.com/windows/security/threat-protection/auditing/event-4697", + "https://docs.microsoft.com/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection", + "https://technet.microsoft.com/en-us/library/cc772408.aspx", + "https://technet.microsoft.com/en-us/sysinternals/bb963902", + "https://unit42.paloaltonetworks.com/acidbox-rare-malware/", + "https://www.crowdstrike.com/blog/how-crowdstrike-falcon-protects-against-wiper-malware-used-in-ukraine-attacks/", + "https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf", + "https://www.wired.com/images_blogs/threatlevel/2010/11/w32_stuxnet_dossier.pdf " ] }, "related": [ @@ -19474,27 +19474,27 @@ "mitre-attack:privilege-escalation" ], "mitre_data_sources": [ - "Service: Service Modification", "Command: Command Execution", "File: File Creation", "File: File Modification", "Process: Process Creation", - "Service: Service Creation" + "Service: Service Creation", + "Service: Service Modification" ], "mitre_platforms": [ "macOS" ], "refs": [ "https://attack.mitre.org/techniques/T1543/004", + "https://bradleyjkemp.dev/post/launchdaemon-hijacking/", "https://capec.mitre.org/data/definitions/550.html", "https://capec.mitre.org/data/definitions/551.html", "https://developer.apple.com/library/content/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLaunchdJobs.html", - "https://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-Wardle.pdf", - "https://www.real-world-systems.com/docs/launchdPlist.1.html", "https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/Unit_42/unit42-wirelurker.pdf", + "https://www.real-world-systems.com/docs/launchdPlist.1.html", + "https://www.sentinelone.com/blog/how-malware-persists-on-macos/", "https://www.synack.com/wp-content/uploads/2016/03/RSA_OSX_Malware.pdf", - "https://bradleyjkemp.dev/post/launchdaemon-hijacking/", - "https://www.sentinelone.com/blog/how-malware-persists-on-macos/" + "https://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-Wardle.pdf" ] }, "related": [ @@ -19515,9 +19515,9 @@ ], "mitre_data_sources": [ "Command: Command Execution", - "Script: Script Execution", "File: File Modification", - "Process: Process Creation" + "Process: Process Creation", + "Script: Script Execution" ], "mitre_platforms": [ "macOS", @@ -19526,8 +19526,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1564/003", - "https://docs.microsoft.com/en-us/powershell/module/Microsoft.PowerShell.Core/About/about_PowerShell_exe?view=powershell-5.1", - "https://blog.malwarebytes.com/threat-analysis/2017/01/new-mac-backdoor-using-antiquated-code/" + "https://blog.malwarebytes.com/threat-analysis/2017/01/new-mac-backdoor-using-antiquated-code/", + "https://docs.microsoft.com/en-us/powershell/module/Microsoft.PowerShell.Core/About/about_PowerShell_exe?view=powershell-5.1" ] }, "related": [ @@ -19549,8 +19549,8 @@ ], "mitre_data_sources": [ "Command: Command Execution", - "Process: Process Creation", "Module: Module Load", + "Process: Process Creation", "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ @@ -19558,9 +19558,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1547/003", - "https://github.com/scottlundgren/w32time", "https://docs.microsoft.com/windows-server/networking/windows-time-service/windows-time-service-tools-and-settings", "https://docs.microsoft.com/windows-server/networking/windows-time-service/windows-time-service-top", + "https://github.com/scottlundgren/w32time", "https://msdn.microsoft.com/library/windows/desktop/ms725475.aspx", "https://technet.microsoft.com/en-us/sysinternals/bb963902" ] @@ -19583,9 +19583,9 @@ "mitre-attack:collection" ], "mitre_data_sources": [ + "Application Log: Application Log Content", "Network Traffic: Network Traffic Content", - "Network Traffic: Network Traffic Flow", - "Application Log: Application Log Content" + "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ "Linux", @@ -19595,8 +19595,8 @@ "refs": [ "https://attack.mitre.org/techniques/T1557/003", "https://datatracker.ietf.org/doc/html/rfc2131", - "https://isc.sans.edu/forums/diary/new+rogueDHCP+server+malware/6025/", "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn800668(v=ws.11)", + "https://isc.sans.edu/forums/diary/new+rogueDHCP+server+malware/6025/", "https://lockstepgroup.com/blog/monitor-dhcp-scopes-and-detect-man-in-the-middle-attacks/", "https://web.archive.org/web/20150923175837/http://www.symantec.com/security_response/writeup.jsp?docid=2009-032211-2952-99&tabid=2" ] @@ -19627,8 +19627,8 @@ "https://attack.mitre.org/techniques/T1559/003", "https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingXPCServices.html#//apple_ref/doc/uid/10000172i-SW6-SW1", "https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/DesigningDaemons.html", - "https://www.trendmicro.com/en_us/research/21/f/CVE-2021-30724_CVMServer_Vulnerability_in_macOS_and_iOS.html", - "https://wojciechregula.blog/post/learn-xpc-exploitation-part-3-code-injections/" + "https://wojciechregula.blog/post/learn-xpc-exploitation-part-3-code-injections/", + "https://www.trendmicro.com/en_us/research/21/f/CVE-2021-30724_CVMServer_Vulnerability_in_macOS_and_iOS.html" ] }, "related": [ @@ -19655,9 +19655,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1595/003", - "https://www.clearskysec.com/wp-content/uploads/2021/01/Lebanese-Cedar-APT.pdf", + "https://github.com/clarketm/s3recon", "https://rhinosecuritylabs.com/gcp/google-cloud-platform-gcp-bucket-enumeration/", - "https://github.com/clarketm/s3recon" + "https://www.clearskysec.com/wp-content/uploads/2021/01/Lebanese-Cedar-APT.pdf" ] }, "related": [ @@ -19685,10 +19685,10 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1568/003", "http://www.crowdstrike.com/blog/whois-numbered-panda/", - "https://www.fireeye.com/blog/threat-research/2014/09/darwins-favorite-apt-group-2.html", - "https://blog.rapid7.com/2013/08/26/upcoming-g20-summit-fuels-espionage-operations/" + "https://attack.mitre.org/techniques/T1568/003", + "https://blog.rapid7.com/2013/08/26/upcoming-g20-summit-fuels-espionage-operations/", + "https://www.fireeye.com/blog/threat-research/2014/09/darwins-favorite-apt-group-2.html" ] }, "related": [ @@ -19740,8 +19740,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1596/003", - "https://www.sslshopper.com/ssl-checker.html", - "https://medium.com/@menakajain/export-download-ssl-certificate-from-server-site-url-bcfc41ea46a2" + "https://medium.com/@menakajain/export-download-ssl-certificate-from-server-site-url-bcfc41ea46a2", + "https://www.sslshopper.com/ssl-checker.html" ] }, "related": [ @@ -19813,19 +19813,19 @@ "mitre-attack:reconnaissance" ], "mitre_data_sources": [ - "Network Traffic: Network Traffic Flow", + "Application Log: Application Log Content", "Network Traffic: Network Traffic Content", - "Application Log: Application Log Content" + "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ "PRE" ], "refs": [ "https://attack.mitre.org/techniques/T1598/003", - "https://www.trendmicro.com/en_us/research/20/i/tricky-forms-of-phishing.html", - "https://www.pcmag.com/news/hackers-try-to-phish-united-nations-staffers-with-fake-login-pages", "https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-spoofing-protection?view=o365-worldwide", - "https://www.cyber.gov.au/sites/default/files/2019-03/spoof_email_sender_policy_framework.pdf" + "https://www.cyber.gov.au/sites/default/files/2019-03/spoof_email_sender_policy_framework.pdf", + "https://www.pcmag.com/news/hackers-try-to-phish-united-nations-staffers-with-fake-login-pages", + "https://www.trendmicro.com/en_us/research/20/i/tricky-forms-of-phishing.html" ] }, "related": [ @@ -19857,14 +19857,14 @@ "refs": [ "https://attack.mitre.org/techniques/T1574/004", "https://capec.mitre.org/data/definitions/471.html", - "https://objective-see.com/blog/blog_0x46.html", - "https://www.virusbulletin.com/uploads/pdf/magazine/2015/vb201503-dylib-hijacking.pdf", - "https://github.com/EmpireProject/Empire/blob/master/lib/modules/python/situational_awareness/host/osx/HijackScanner.py", + "https://developer.apple.com/library/archive/documentation/DeveloperTools/Conceptual/DynamicLibraries/100-Articles/RunpathDependentLibraries.html", "https://github.com/EmpireProject/Empire/blob/08cbd274bef78243d7a8ed6443b8364acd1fc48b/lib/modules/python/persistence/osx/CreateHijacker.py", - "https://www.blackhat.com/docs/us-15/materials/us-15-Wardle-Writing-Bad-A-Malware-For-OS-X.pdf", - "https://taomm.org/vol1/pdfs.html", + "https://github.com/EmpireProject/Empire/blob/master/lib/modules/python/situational_awareness/host/osx/HijackScanner.py", "https://malwareunicorn.org/workshops/macos_dylib_injection.html#5", - "https://developer.apple.com/library/archive/documentation/DeveloperTools/Conceptual/DynamicLibraries/100-Articles/RunpathDependentLibraries.html" + "https://objective-see.com/blog/blog_0x46.html", + "https://taomm.org/vol1/pdfs.html", + "https://www.blackhat.com/docs/us-15/materials/us-15-Wardle-Writing-Bad-A-Malware-For-OS-X.pdf", + "https://www.virusbulletin.com/uploads/pdf/magazine/2015/vb201503-dylib-hijacking.pdf" ] }, "related": [ @@ -19885,19 +19885,19 @@ "mitre-attack:persistence" ], "mitre_data_sources": [ - "File: File Modification", "Command: Command Execution", - "Process: Process Creation", "File: File Metadata", - "Module: Module Load" + "File: File Modification", + "Module: Module Load", + "Process: Process Creation" ], "mitre_platforms": [ "macOS" ], "refs": [ "https://attack.mitre.org/techniques/T1546/006", - "https://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-Wardle.pdf", - "https://www.blackhat.com/docs/us-15/materials/us-15-Wardle-Writing-Bad-A-Malware-For-OS-X.pdf" + "https://www.blackhat.com/docs/us-15/materials/us-15-Wardle-Writing-Bad-A-Malware-For-OS-X.pdf", + "https://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-Wardle.pdf" ] }, "related": [ @@ -19927,12 +19927,12 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1564/007", - "https://www.fireeye.com/blog/threat-research/2020/01/stomp-2-dis-brilliance-in-the-visual-basics.html", - "https://outflank.nl/blog/2019/05/05/evil-clippy-ms-office-maldoc-assistant/", "https://docs.microsoft.com/en-us/openspecs/office_file_formats/ms-ovba/ef7087ac-3974-4452-aab2-7dba2214d239", - "https://medium.com/walmartglobaltech/vba-stomping-advanced-maldoc-techniques-612c484ab278", "https://github.com/bontchev/pcodedmp", - "https://github.com/decalage2/oletools" + "https://github.com/decalage2/oletools", + "https://medium.com/walmartglobaltech/vba-stomping-advanced-maldoc-techniques-612c484ab278", + "https://outflank.nl/blog/2019/05/05/evil-clippy-ms-office-maldoc-assistant/", + "https://www.fireeye.com/blog/threat-research/2020/01/stomp-2-dis-brilliance-in-the-visual-basics.html" ] }, "related": [ @@ -19953,22 +19953,22 @@ "mitre-attack:persistence" ], "mitre_data_sources": [ - "Process: Process Creation", - "Windows Registry: Windows Registry Key Modification", - "File: File Creation", "Command: Command Execution", - "File: File Modification" + "File: File Creation", + "File: File Modification", + "Process: Process Creation", + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Windows" ], "refs": [ + "http://blog.crowdstrike.com/registry-analysis-with-crowdresponse/", "https://attack.mitre.org/techniques/T1546/008", "https://capec.mitre.org/data/definitions/558.html", + "https://giuliocomi.blogspot.com/2019/10/abusing-windows-10-narrators-feedback.html", "https://www.fireeye.com/blog/threat-research/2012/08/hikit-rootkit-advanced-persistent-attack-techniques-part-1.html", - "https://www.slideshare.net/DennisMaldonado5/sticky-keys-to-the-kingdom", - "http://blog.crowdstrike.com/registry-analysis-with-crowdresponse/", - "https://giuliocomi.blogspot.com/2019/10/abusing-windows-10-narrators-feedback.html" + "https://www.slideshare.net/DennisMaldonado5/sticky-keys-to-the-kingdom" ] }, "related": [ @@ -19995,8 +19995,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1584/006", - "https://www.recordedfuture.com/turla-apt-infrastructure/", - "https://threatconnect.com/blog/infrastructure-research-hunting/" + "https://threatconnect.com/blog/infrastructure-research-hunting/", + "https://www.recordedfuture.com/turla-apt-infrastructure/" ] }, "related": [ @@ -20017,20 +20017,20 @@ "mitre-attack:persistence" ], "mitre_data_sources": [ - "Process: OS API Execution", + "Command: Command Execution", "Module: Module Load", + "Process: OS API Execution", "Process: Process Creation", - "Windows Registry: Windows Registry Key Modification", - "Command: Command Execution" + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Windows" ], "refs": [ "https://attack.mitre.org/techniques/T1546/009", - "https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process", + "https://forum.sysinternals.com/appcertdlls_topic12546.html", "https://technet.microsoft.com/en-us/sysinternals/bb963902", - "https://forum.sysinternals.com/appcertdlls_topic12546.html" + "https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process" ] }, "related": [ @@ -20050,21 +20050,21 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "File: File Metadata", - "File: File Creation", "Command: Command Execution", + "File: File Creation", + "File: File Metadata", "Process: Process Creation" ], "mitre_platforms": [ "macOS" ], "refs": [ - "https://attack.mitre.org/techniques/T1564/009", "http://tenon.com/products/codebuilder/User_Guide/6_File_Systems.html#anchor520553", - "https://flylib.com/books/en/4.395.1.192/1/", + "https://attack.mitre.org/techniques/T1564/009", + "https://blogs.vmware.com/security/2020/06/tau-threat-analysis-bundlore-macos-mm-install-macos.html", "https://eclecticlight.co/2020/10/24/theres-more-to-files-than-data-extended-attributes/", - "https://www.sentinelone.com/labs/resourceful-macos-malware-hides-in-named-fork/", - "https://blogs.vmware.com/security/2020/06/tau-threat-analysis-bundlore-macos-mm-install-macos.html" + "https://flylib.com/books/en/4.395.1.192/1/", + "https://www.sentinelone.com/labs/resourceful-macos-malware-hides-in-named-fork/" ] }, "related": [ @@ -20085,20 +20085,20 @@ "mitre-attack:privilege-escalation" ], "mitre_data_sources": [ - "File: File Modification", - "Module: Module Load", "Driver: Driver Load", - "File: File Creation" + "File: File Creation", + "File: File Modification", + "Module: Module Load" ], "mitre_platforms": [ "Windows" ], "refs": [ "https://attack.mitre.org/techniques/T1547/008", - "https://technet.microsoft.com/library/dn408187.aspx", "https://msdn.microsoft.com/library/windows/desktop/ff919712.aspx", + "https://technet.microsoft.com/en-us/sysinternals/bb963902", "https://technet.microsoft.com/library/cc961760.aspx", - "https://technet.microsoft.com/en-us/sysinternals/bb963902" + "https://technet.microsoft.com/library/dn408187.aspx" ] }, "related": [ @@ -20149,18 +20149,18 @@ "mitre-attack:resource-development" ], "mitre_data_sources": [ - "Internet Scan: Response Content", - "Certificate: Certificate Registration" + "Certificate: Certificate Registration", + "Internet Scan: Response Content" ], "mitre_platforms": [ "PRE" ], "refs": [ "https://attack.mitre.org/techniques/T1588/004", - "https://threatpost.com/final-report-diginotar-hack-shows-total-compromise-ca-servers-103112/77170/", "https://letsencrypt.org/docs/faq/", - "https://www.splunk.com/en_us/blog/security/tall-tales-of-hunting-with-tls-ssl-certificates.html", - "https://www.recordedfuture.com/cobalt-strike-servers/" + "https://threatpost.com/final-report-diginotar-hack-shows-total-compromise-ca-servers-103112/77170/", + "https://www.recordedfuture.com/cobalt-strike-servers/", + "https://www.splunk.com/en_us/blog/security/tall-tales-of-hunting-with-tls-ssl-certificates.html" ] }, "related": [ @@ -20181,9 +20181,9 @@ ], "mitre_data_sources": [ "Command: Command Execution", - "Process: Process Access", + "File: File Access", "Process: OS API Execution", - "File: File Access" + "Process: Process Access" ], "mitre_platforms": [ "Linux", @@ -20192,11 +20192,11 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1555/005", - "https://www.ise.io/casestudies/password-manager-hacking/", - "https://www.fox-it.com/media/kadlze5c/201912_report_operation_wocao.pdf", "https://github.com/GhostPack/KeeThief", "https://nvd.nist.gov/vuln/detail/CVE-2019-3610", - "https://www.cybereason.com/blog/dropping-anchor-from-a-trickbot-infection-to-the-discovery-of-the-anchor-malware" + "https://www.cybereason.com/blog/dropping-anchor-from-a-trickbot-infection-to-the-discovery-of-the-anchor-malware", + "https://www.fox-it.com/media/kadlze5c/201912_report_operation_wocao.pdf", + "https://www.ise.io/casestudies/password-manager-hacking/" ] }, "related": [ @@ -20222,11 +20222,11 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1556/005", - "https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption", "http://blog.teusink.net/2009/08/passwords-stored-using-reversible.html", "http://blog.teusink.net/2009/08/passwords-stored-using-reversible_26.html", - "https://adsecurity.org/?p=2053" + "https://adsecurity.org/?p=2053", + "https://attack.mitre.org/techniques/T1556/005", + "https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption" ] }, "related": [ @@ -20272,20 +20272,20 @@ "mitre-attack:persistence" ], "mitre_data_sources": [ - "Windows Registry: Windows Registry Key Modification", - "Module: Module Load", - "File: File Modification", "Command: Command Execution", - "Process: Process Creation" + "File: File Modification", + "Module: Module Load", + "Process: Process Creation", + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1546/011", - "https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process", "http://files.brucon.org/2015/Tomczak_and_Ballenthin_Shims_for_the_Win.pdf", - "https://www.blackhat.com/docs/eu-15/materials/eu-15-Pierce-Defending-Against-Malicious-Application-Compatibility-Shims-wp.pdf" + "https://attack.mitre.org/techniques/T1546/011", + "https://www.blackhat.com/docs/eu-15/materials/eu-15-Pierce-Defending-Against-Malicious-Application-Compatibility-Shims-wp.pdf", + "https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process" ] }, "related": [ @@ -20306,10 +20306,10 @@ "mitre-attack:privilege-escalation" ], "mitre_data_sources": [ - "File: File Modification", - "Service: Service Creation", "Command: Command Execution", - "Process: Process Creation" + "File: File Modification", + "Process: Process Creation", + "Service: Service Creation" ], "mitre_platforms": [ "macOS" @@ -20341,11 +20341,11 @@ "mitre-attack:privilege-escalation" ], "mitre_data_sources": [ - "Process: OS API Execution", - "Windows Registry: Windows Registry Key Modification", + "Driver: Driver Load", "File: File Creation", "Module: Module Load", - "Driver: Driver Load" + "Process: OS API Execution", + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Windows" @@ -20374,21 +20374,21 @@ "mitre-attack:persistence" ], "mitre_data_sources": [ - "File: File Creation", "Command: Command Execution", - "Process: Process Creation", - "File: File Modification" + "File: File Creation", + "File: File Modification", + "Process: Process Creation" ], "mitre_platforms": [ "Windows" ], "refs": [ + "http://www.malwarearchaeology.com/s/Windows-PowerShell-Logging-Cheat-Sheet-ver-June-2016-v2.pdf", "https://attack.mitre.org/techniques/T1546/013", "https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_profiles?view=powershell-6", - "https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/", + "https://docs.microsoft.com/powershell/module/microsoft.powershell.core/about/about_profiles", "https://witsendandshady.blogspot.com/2019/06/lab-notes-persistence-and-privilege.html", - "http://www.malwarearchaeology.com/s/Windows-PowerShell-Logging-Cheat-Sheet-ver-June-2016-v2.pdf", - "https://docs.microsoft.com/powershell/module/microsoft.powershell.core/about/about_profiles" + "https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/" ] }, "related": [ @@ -20411,21 +20411,21 @@ "mitre_data_sources": [ "Command: Command Execution", "Process: Process Creation", - "Windows Registry: Windows Registry Key Modification", - "Windows Registry: Windows Registry Key Creation" + "Windows Registry: Windows Registry Key Creation", + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Windows" ], "refs": [ "https://attack.mitre.org/techniques/T1547/014", - "https://helgeklein.com/blog/2010/04/active-setup-explained/", - "https://digital-forensics.sans.org/summit-archives/2010/35-glyer-apt-persistence-mechanisms.pdf", "https://citizenlab.ca/2015/12/packrat-report/", - "https://www.fireeye.com/blog/threat-research/2012/12/council-foreign-relations-water-hole-attack-details.html", + "https://digital-forensics.sans.org/summit-archives/2010/35-glyer-apt-persistence-mechanisms.pdf", + "https://helgeklein.com/blog/2010/04/active-setup-explained/", "https://securelist.com/whos-really-spreading-through-the-bright-star/68978/", + "https://technet.microsoft.com/en-us/sysinternals/bb963902", "https://unit42.paloaltonetworks.com/unit42-tropic-trooper-targets-taiwanese-government-and-fossil-fuel-provider-with-poison-ivy/", - "https://technet.microsoft.com/en-us/sysinternals/bb963902" + "https://www.fireeye.com/blog/threat-research/2012/12/council-foreign-relations-water-hole-attack-details.html" ] }, "related": [ @@ -20446,30 +20446,30 @@ "mitre-attack:privilege-escalation" ], "mitre_data_sources": [ + "File: File Creation", "File: File Modification", - "Process: Process Creation", - "File: File Creation" + "Process: Process Creation" ], "mitre_platforms": [ "macOS" ], "refs": [ + "http://www.hexed.in/2019/07/osxdok-analysis.html", "https://attack.mitre.org/techniques/T1547/015", - "https://support.apple.com/guide/mac-help/open-items-automatically-when-you-log-in-mh15189/mac", - "https://developer.apple.com/library/content/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLoginItems.html", + "https://blog.checkpoint.com/2017/04/27/osx-malware-catching-wants-read-https-traffic/", "https://blog.timschroeder.net/2013/04/21/smloginitemsetenabled-demystified/", "https://developer.apple.com/documentation/coreservices/launch_services", - "https://eclecticlight.co/2018/05/22/running-at-startup-when-to-use-a-login-item-or-a-launchagent-launchdaemon/", + "https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/LaunchServicesKeys.html#//apple_ref/doc/uid/TP40009250-SW1", "https://developer.apple.com/library/archive/samplecode/LoginItemsAE/Introduction/Intro.html#//apple_ref/doc/uid/DTS10003788", + "https://developer.apple.com/library/content/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLoginItems.html", + "https://eclecticlight.co/2018/05/22/running-at-startup-when-to-use-a-login-item-or-a-launchagent-launchdaemon/", "https://eclecticlight.co/2021/09/16/how-to-run-an-app-or-tool-at-startup/", - "http://www.hexed.in/2019/07/osxdok-analysis.html", "https://gist.github.com/kaloprominat/6111584", "https://objective-see.com/blog/blog_0x25.html", - "https://blog.checkpoint.com/2017/04/27/osx-malware-catching-wants-read-https-traffic/", - "https://objective-see.com/blog/blog_0x44.html", "https://objective-see.com/blog/blog_0x31.html", - "https://www.sentinelone.com/blog/how-malware-persists-on-macos/", - "https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/LaunchServicesKeys.html#//apple_ref/doc/uid/TP40009250-SW1" + "https://objective-see.com/blog/blog_0x44.html", + "https://support.apple.com/guide/mac-help/open-items-automatically-when-you-log-in-mh15189/mac", + "https://www.sentinelone.com/blog/how-malware-persists-on-macos/" ] }, "related": [ @@ -20519,11 +20519,11 @@ "mitre-attack:privilege-escalation" ], "mitre_data_sources": [ + "Command: Command Execution", "Container: Container Creation", "File: File Creation", - "Process: Process Creation", - "Command: Command Execution", "File: File Modification", + "Process: Process Creation", "Scheduled Job: Scheduled Job Creation" ], "mitre_platforms": [ @@ -20534,9 +20534,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1053", - "https://www.proofpoint.com/us/blog/threat-insight/serpent-no-swiping-new-backdoor-targets-french-entities-unique-attack-chain", + "https://capec.mitre.org/data/definitions/557.html", "https://technet.microsoft.com/en-us/library/cc785125.aspx", - "https://capec.mitre.org/data/definitions/557.html" + "https://www.proofpoint.com/us/blog/threat-insight/serpent-no-swiping-new-backdoor-targets-french-entities-unique-attack-chain" ] }, "uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9", @@ -20585,9 +20585,9 @@ "mitre-attack:impact" ], "mitre_data_sources": [ - "Sensor Health: Host Status", "Command: Command Execution", - "Process: Process Creation" + "Process: Process Creation", + "Sensor Health: Host Status" ], "mitre_platforms": [ "Linux", @@ -20597,10 +20597,10 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1529", - "https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/shutdown", - "https://www.cisa.gov/uscert/ncas/alerts/TA18-106A", "https://blog.talosintelligence.com/2017/06/worldwide-ransomware-variant.html", - "https://blog.talosintelligence.com/2018/02/olympic-destroyer.html" + "https://blog.talosintelligence.com/2018/02/olympic-destroyer.html", + "https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/shutdown", + "https://www.cisa.gov/uscert/ncas/alerts/TA18-106A" ] }, "uuid": "ff73aa03-0090-4464-83ac-f89e233c02bc", @@ -20616,8 +20616,8 @@ ], "mitre_data_sources": [ "Command: Command Execution", - "Process: Process Creation", - "Process: OS API Execution" + "Process: OS API Execution", + "Process: Process Creation" ], "mitre_platforms": [ "Windows", @@ -20649,8 +20649,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1001", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/techniques/T1001" ] }, "uuid": "ad255bfe-a9e6-4b52-a258-8d3462abe842", @@ -20697,12 +20697,12 @@ "mitre-attack:exfiltration" ], "mitre_data_sources": [ - "Network Traffic: Network Traffic Flow", - "File: File Access", "Command: Command Execution", - "Script: Script Execution", + "File: File Access", + "Network Traffic: Network Connection Creation", "Network Traffic: Network Traffic Content", - "Network Traffic: Network Connection Creation" + "Network Traffic: Network Traffic Flow", + "Script: Script Execution" ], "mitre_platforms": [ "Linux", @@ -20731,12 +20731,12 @@ "macOS" ], "refs": [ - "https://attack.mitre.org/techniques/T1200", - "https://ossmann.blogspot.com/2011/02/throwing-star-lan-tap.html", - "https://www.youtube.com/watch?v=lDvf4ScWbcQ", "https://arstechnica.com/information-technology/2012/03/the-pwn-plug-is-a-little-white-box-that-can-hack-your-network/", + "https://attack.mitre.org/techniques/T1200", + "https://capec.mitre.org/data/definitions/440.html", + "https://ossmann.blogspot.com/2011/02/throwing-star-lan-tap.html", "https://www.youtube.com/watch?v=fXthwl6ShOg", - "https://capec.mitre.org/data/definitions/440.html" + "https://www.youtube.com/watch?v=lDvf4ScWbcQ" ] }, "uuid": "d40239b3-05ff-46d8-9bdd-b46d13463ef9", @@ -20792,13 +20792,13 @@ "IaaS" ], "refs": [ - "https://attack.mitre.org/techniques/T1040", - "https://docs.aws.amazon.com/vpc/latest/mirroring/traffic-mirroring-how-it-works.html", - "https://cloud.google.com/vpc/docs/packet-mirroring ", " https://posts.specterops.io/through-the-looking-glass-part-1-f539ae308512 ", + "https://attack.mitre.org/techniques/T1040", + "https://capec.mitre.org/data/definitions/158.html", + "https://cloud.google.com/vpc/docs/packet-mirroring ", + "https://docs.aws.amazon.com/vpc/latest/mirroring/traffic-mirroring-how-it-works.html", "https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-tap-overview", - "https://rhinosecuritylabs.com/aws/abusing-vpc-traffic-mirroring-in-aws/ ", - "https://capec.mitre.org/data/definitions/158.html" + "https://rhinosecuritylabs.com/aws/abusing-vpc-traffic-mirroring-in-aws/ " ] }, "uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529", @@ -20819,9 +20819,9 @@ "refs": [ "https://attack.mitre.org/techniques/T1050", "https://capec.mitre.org/data/definitions/550.html", - "https://technet.microsoft.com/en-us/library/cc772408.aspx", "https://docs.microsoft.com/windows/security/threat-protection/auditing/event-4697", "https://docs.microsoft.com/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection", + "https://technet.microsoft.com/en-us/library/cc772408.aspx", "https://technet.microsoft.com/en-us/sysinternals/bb963902" ] }, @@ -20867,8 +20867,8 @@ "mitre-attack:command-and-control" ], "mitre_data_sources": [ - "Network Traffic: Network Traffic Flow", - "Network Traffic: Network Connection Creation" + "Network Traffic: Network Connection Creation", + "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ "Linux", @@ -20876,8 +20876,8 @@ "macOS" ], "refs": [ - "https://attack.mitre.org/techniques/T1008", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/techniques/T1008" ] }, "uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", @@ -20899,9 +20899,9 @@ "refs": [ "https://attack.mitre.org/techniques/T1009", "https://capec.mitre.org/data/definitions/572.html", - "https://www.welivesecurity.com/2018/03/13/oceanlotus-ships-new-backdoor/", "https://securelist.com/old-malware-tricks-to-bypass-detection-in-the-age-of-big-data/78010/", - "https://www.virustotal.com/en/faq/" + "https://www.virustotal.com/en/faq/", + "https://www.welivesecurity.com/2018/03/13/oceanlotus-ships-new-backdoor/" ] }, "related": [ @@ -20956,10 +20956,10 @@ "mitre-attack:discovery" ], "mitre_data_sources": [ - "Windows Registry: Windows Registry Key Access", - "Process: Process Creation", "Command: Command Execution", - "Process: OS API Execution" + "Process: OS API Execution", + "Process: Process Creation", + "Windows Registry: Windows Registry Key Access" ], "mitre_platforms": [ "Windows" @@ -20981,13 +20981,13 @@ "mitre-attack:lateral-movement" ], "mitre_data_sources": [ - "Process: Process Creation", - "Network Share: Network Share Access", "Command: Command Execution", - "Network Traffic: Network Connection Creation", + "Logon Session: Logon Session Creation", "Module: Module Load", + "Network Share: Network Share Access", + "Network Traffic: Network Connection Creation", "Network Traffic: Network Traffic Flow", - "Logon Session: Logon Session Creation" + "Process: Process Creation" ], "mitre_platforms": [ "Linux", @@ -20995,16 +20995,16 @@ "Windows" ], "refs": [ + "http://lockboxx.blogspot.com/2019/07/macos-red-teaming-206-ard-apple-remote.html", "https://attack.mitre.org/techniques/T1021", "https://capec.mitre.org/data/definitions/555.html", - "https://www.ssh.com/ssh", - "https://technet.microsoft.com/en-us/windowsserver/ee236407.aspx", - "https://support.apple.com/en-us/HT209161", - "https://support.apple.com/en-us/HT201710", "https://images.apple.com/remotedesktop/pdf/ARD_Admin_Guide_v3.3.pdf", + "https://sarah-edwards-xzkc.squarespace.com/blog/2020/4/30/analysis-of-apple-unified-logs-quarantine-edition-entry-6-working-from-home-remote-logins", + "https://support.apple.com/en-us/HT201710", + "https://support.apple.com/en-us/HT209161", + "https://technet.microsoft.com/en-us/windowsserver/ee236407.aspx", "https://www.fireeye.com/blog/threat-research/2019/10/leveraging-apple-remote-desktop-for-good-and-evil.html", - "http://lockboxx.blogspot.com/2019/07/macos-red-teaming-206-ard-apple-remote.html", - "https://sarah-edwards-xzkc.squarespace.com/blog/2020/4/30/analysis-of-apple-unified-logs-quarantine-edition-entry-6-working-from-home-remote-logins" + "https://www.ssh.com/ssh" ] }, "uuid": "54a649ff-439a-41a4-9856-8d144a2551ba", @@ -21018,9 +21018,9 @@ "mitre-attack:command-and-control" ], "mitre_data_sources": [ - "Network Traffic: Network Traffic Flow", "Network Traffic: Network Connection Creation", - "Network Traffic: Network Traffic Content" + "Network Traffic: Network Traffic Content", + "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ "Linux", @@ -21028,8 +21028,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1102", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/techniques/T1102" ] }, "uuid": "830c9528-df21-472c-8c14-a036bf17d665", @@ -21049,10 +21049,10 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1103", - "https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process", - "https://support.microsoft.com/en-us/kb/197571", "https://msdn.microsoft.com/en-us/library/dn280412", - "https://technet.microsoft.com/en-us/sysinternals/bb963902" + "https://support.microsoft.com/en-us/kb/197571", + "https://technet.microsoft.com/en-us/sysinternals/bb963902", + "https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process" ] }, "related": [ @@ -21080,10 +21080,10 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1013", "http://msdn.microsoft.com/en-us/library/dd183341", - "https://www.defcon.org/images/defcon-22/dc-22-presentations/Bloxham/DEFCON-22-Brady-Bloxham-Windows-API-Abuse-UPDATED.pdf", - "https://technet.microsoft.com/en-us/sysinternals/bb963902" + "https://attack.mitre.org/techniques/T1013", + "https://technet.microsoft.com/en-us/sysinternals/bb963902", + "https://www.defcon.org/images/defcon-22/dc-22-presentations/Bloxham/DEFCON-22-Brady-Bloxham-Windows-API-Abuse-UPDATED.pdf" ] }, "related": [ @@ -21111,11 +21111,11 @@ "Windows" ], "refs": [ + "http://blog.crowdstrike.com/registry-analysis-with-crowdresponse/", "https://attack.mitre.org/techniques/T1015", "https://capec.mitre.org/data/definitions/558.html", "https://www.fireeye.com/blog/threat-research/2012/08/hikit-rootkit-advanced-persistent-attack-techniques-part-1.html", - "https://www.slideshare.net/DennisMaldonado5/sticky-keys-to-the-kingdom", - "http://blog.crowdstrike.com/registry-analysis-with-crowdresponse/" + "https://www.slideshare.net/DennisMaldonado5/sticky-keys-to-the-kingdom" ] }, "related": [ @@ -21141,13 +21141,13 @@ "Android" ], "refs": [ - "https://attack.mitre.org/techniques/T1510", - "https://www.eset.com/uk/about/newsroom/press-releases/first-clipper-malware-discovered-on-google-play-1/", - "https://www.welivesecurity.com/2019/02/08/first-clipper-malware-google-play/", "http://www.cis.syr.edu/~wedu/Research/paper/clipboard_attack_dimva2014.pdf", - "https://vms.drweb.com/virus/?i=17517761", + "https://attack.mitre.org/techniques/T1510", + "https://developer.android.com/about/versions/10/privacy/changes#clipboard-data", "https://vms.drweb.com/virus/?i=17517750", - "https://developer.android.com/about/versions/10/privacy/changes#clipboard-data" + "https://vms.drweb.com/virus/?i=17517761", + "https://www.eset.com/uk/about/newsroom/press-releases/first-clipper-malware-discovered-on-google-play-1/", + "https://www.welivesecurity.com/2019/02/08/first-clipper-malware-google-play/" ] }, "uuid": "e399430e-30b7-48c5-b70a-f44dc8c175cb", @@ -21195,13 +21195,13 @@ "Linux" ], "refs": [ - "https://attack.mitre.org/techniques/T1501", "http://man7.org/linux/man-pages/man1/systemd.1.html", - "https://www.freedesktop.org/wiki/Software/systemd/", - "https://www.anomali.com/blog/rocke-evolves-its-arsenal-with-a-new-malware-family-written-in-golang", + "https://attack.mitre.org/techniques/T1501", "https://gist.github.com/campuscodi/74d0d2e35d8fd9499c76333ce027345a", - "https://www.bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository/", "https://lists.archlinux.org/pipermail/aur-general/2018-July/034153.html", + "https://www.anomali.com/blog/rocke-evolves-its-arsenal-with-a-new-malware-family-written-in-golang", + "https://www.bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository/", + "https://www.freedesktop.org/wiki/Software/systemd/", "https://www.rapid7.com/db/modules/exploit/linux/local/service_persistence" ] }, @@ -21229,9 +21229,9 @@ "Windows" ], "refs": [ + "http://httpd.apache.org/docs/2.4/getting-started.html#content", "https://attack.mitre.org/techniques/T1051", "https://capec.mitre.org/data/definitions/563.html", - "http://httpd.apache.org/docs/2.4/getting-started.html#content", "https://www.webroot.com/blog/2011/02/22/malicious-php-scripts-on-the-rise/" ] }, @@ -21255,21 +21255,21 @@ "Linux" ], "refs": [ + "http://msdn.microsoft.com/en-us/library/ms682425", "https://attack.mitre.org/techniques/T1106", - "https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/OSX_Technology_Overview/CocoaApplicationLayer/CocoaApplicationLayer.html#//apple_ref/doc/uid/TP40001067-CH274-SW1", "https://developer.apple.com/documentation/coreservices", "https://developer.apple.com/documentation/foundation", - "https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/", - "https://www.gnu.org/software/libc/manual/html_node/Creating-a-Process.html", - "https://www.cyberbit.com/blog/endpoint-security/malware-mitigation-when-direct-system-calls-are-used/", - "https://www.gnu.org/software/libc/", - "https://man7.org/linux/man-pages//man7/libc.7.html", - "https://www.kernel.org/doc/html/v4.12/core-api/kernel-api.html", - "https://www.mdsec.co.uk/2020/12/bypassing-user-mode-hooks-and-direct-invocation-of-system-calls-for-red-teams/", - "http://msdn.microsoft.com/en-us/library/ms682425", + "https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/OSX_Technology_Overview/CocoaApplicationLayer/CocoaApplicationLayer.html#//apple_ref/doc/uid/TP40001067-CH274-SW1", "https://docs.microsoft.com/en-us/windows/win32/api/", "https://dotnet.microsoft.com/learn/dotnet/what-is-dotnet-framework", - "https://undocumented.ntinternals.net/" + "https://man7.org/linux/man-pages//man7/libc.7.html", + "https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/", + "https://undocumented.ntinternals.net/", + "https://www.cyberbit.com/blog/endpoint-security/malware-mitigation-when-direct-system-calls-are-used/", + "https://www.gnu.org/software/libc/", + "https://www.gnu.org/software/libc/manual/html_node/Creating-a-Process.html", + "https://www.kernel.org/doc/html/v4.12/core-api/kernel-api.html", + "https://www.mdsec.co.uk/2020/12/bypassing-user-mode-hooks-and-direct-invocation-of-system-calls-for-red-teams/" ] }, "uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", @@ -21284,10 +21284,10 @@ "mitre-attack:execution" ], "mitre_data_sources": [ - "Container: Container Start", - "Container: Container Creation", - "Pod: Pod Creation", "Application Log: Application Log Content", + "Container: Container Creation", + "Container: Container Start", + "Pod: Pod Creation", "Pod: Pod Modification" ], "mitre_platforms": [ @@ -21295,10 +21295,10 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1610", + "https://blog.aquasec.com/malicious-container-image-docker-container-host", "https://docs.docker.com/engine/api/v1.41/#tag/Container", "https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/", - "https://www.kubeflow.org/docs/components/pipelines/overview/pipelines-overview/", - "https://blog.aquasec.com/malicious-container-image-docker-container-host" + "https://www.kubeflow.org/docs/components/pipelines/overview/pipelines-overview/" ] }, "uuid": "56e0d8b8-3e25-49dd-9050-3aa252f5aa92", @@ -21319,9 +21319,9 @@ "refs": [ "https://attack.mitre.org/techniques/T1160", "https://developer.apple.com/library/content/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLaunchdJobs.html", - "https://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-Wardle.pdf", + "https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/Unit_42/unit42-wirelurker.pdf", "https://www.synack.com/wp-content/uploads/2016/03/RSA_OSX_Malware.pdf", - "https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/Unit_42/unit42-wirelurker.pdf" + "https://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-Wardle.pdf" ] }, "related": [ @@ -21350,8 +21350,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1107", - "http://blog.trendmicro.com/trendlabs-security-intelligence/in-depth-look-apt-attack-tools-of-the-trade/" + "http://blog.trendmicro.com/trendlabs-security-intelligence/in-depth-look-apt-attack-tools-of-the-trade/", + "https://attack.mitre.org/techniques/T1107" ] }, "related": [ @@ -21406,8 +21406,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1109", - "https://www.smartmontools.org/", - "https://www.itworld.com/article/2853992/3-tools-to-check-your-hard-drives-health-and-make-sure-its-not-already-dying-on-you.html" + "https://www.itworld.com/article/2853992/3-tools-to-check-your-hard-drives-health-and-make-sure-its-not-already-dying-on-you.html", + "https://www.smartmontools.org/" ] }, "related": [ @@ -21434,16 +21434,16 @@ "Windows" ], "refs": [ + "http://www.intelsecurity.com/advanced-threat-research/content/data/HT-UEFI-rootkit.html", + "http://www.mitre.org/capabilities/cybersecurity/overview/cybersecurity-blog/copernicus-question-your-assumptions-about", + "http://www.mitre.org/publications/project-stories/going-deep-into-the-bios-with-mitre-firmware-security-research", + "http://www.uefi.org/about", "https://attack.mitre.org/techniques/T1019", "https://capec.mitre.org/data/definitions/532.html", "https://en.wikipedia.org/wiki/BIOS", "https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface", - "http://www.uefi.org/about", - "http://www.mitre.org/publications/project-stories/going-deep-into-the-bios-with-mitre-firmware-security-research", - "http://www.mitre.org/capabilities/cybersecurity/overview/cybersecurity-blog/copernicus-question-your-assumptions-about", - "https://securingtomorrow.mcafee.com/business/chipsec-support-vault-7-disclosure-scanning/", "https://github.com/chipsec/chipsec", - "http://www.intelsecurity.com/advanced-threat-research/content/data/HT-UEFI-rootkit.html" + "https://securingtomorrow.mcafee.com/business/chipsec-support-vault-7-disclosure-scanning/" ] }, "related": [ @@ -21472,8 +21472,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1022", "http://www.netsec.colostate.edu/~zhang/DetectingEncryptedBotnetTraffic.pdf", + "https://attack.mitre.org/techniques/T1022", "https://en.wikipedia.org/wiki/List_of_file_signatures" ] }, @@ -21560,15 +21560,15 @@ "mitre_data_sources": [ "Application Log: Application Log Content", "Command: Command Execution", - "Instance: Instance Start", "Container: Container Creation", - "Image: Image Creation", - "Network Traffic: Network Traffic Content", - "Process: Process Creation", - "Instance: Instance Creation", - "Network Traffic: Network Connection Creation", + "Container: Container Start", "File: File Creation", - "Container: Container Start" + "Image: Image Creation", + "Instance: Instance Creation", + "Instance: Instance Start", + "Network Traffic: Network Connection Creation", + "Network Traffic: Network Traffic Content", + "Process: Process Creation" ], "mitre_platforms": [ "Linux", @@ -21609,8 +21609,8 @@ "mitre-attack:command-and-control" ], "mitre_data_sources": [ - "Network Traffic: Network Traffic Content", "Network Traffic: Network Connection Creation", + "Network Traffic: Network Traffic Content", "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ @@ -21621,13 +21621,13 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1205", - "https://www.bleepingcomputer.com/news/security/ryuk-ransomware-uses-wake-on-lan-to-encrypt-offline-devices/", - "https://www.amd.com/system/files/TechDocs/20213.pdf", - "https://www.mandiant.com/resources/synful-knock-acis", "https://blogs.cisco.com/security/evolution-of-attacks-on-cisco-ios-devices", - "https://www.giac.org/paper/gcih/342/handle-cd00r-invisible-backdoor/103631", "https://community.cisco.com/t5/security-blogs/attackers-continue-to-target-legacy-devices/ba-p/4169954", - "https://gitlab.com/wireshark/wireshark/-/wikis/WakeOnLAN" + "https://gitlab.com/wireshark/wireshark/-/wikis/WakeOnLAN", + "https://www.amd.com/system/files/TechDocs/20213.pdf", + "https://www.bleepingcomputer.com/news/security/ryuk-ransomware-uses-wake-on-lan-to-encrypt-offline-devices/", + "https://www.giac.org/paper/gcih/342/handle-cd00r-invisible-backdoor/103631", + "https://www.mandiant.com/resources/synful-knock-acis" ] }, "uuid": "451a9977-d255-43c9-b431-66de80130c8c", @@ -21647,8 +21647,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1026", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/techniques/T1026" ] }, "uuid": "99709758-2b96-48f2-a68a-ad7fbd828091", @@ -21668,8 +21668,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1206", - "https://www.sudo.ws/", - "https://www.cybereason.com/blog/labs-proton-b-what-this-mac-malware-actually-does" + "https://www.cybereason.com/blog/labs-proton-b-what-this-mac-malware-actually-does", + "https://www.sudo.ws/" ] }, "related": [ @@ -21697,10 +21697,10 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1209", - "https://docs.microsoft.com/windows-server/networking/windows-time-service/windows-time-service-top", - "https://msdn.microsoft.com/library/windows/desktop/ms725475.aspx", - "https://github.com/scottlundgren/w32time", "https://docs.microsoft.com/windows-server/networking/windows-time-service/windows-time-service-tools-and-settings", + "https://docs.microsoft.com/windows-server/networking/windows-time-service/windows-time-service-top", + "https://github.com/scottlundgren/w32time", + "https://msdn.microsoft.com/library/windows/desktop/ms725475.aspx", "https://technet.microsoft.com/en-us/sysinternals/bb963902" ] }, @@ -21724,8 +21724,8 @@ "mitre-attack:exfiltration" ], "mitre_data_sources": [ - "Network Traffic: Network Traffic Flow", - "Network Traffic: Network Connection Creation" + "Network Traffic: Network Connection Creation", + "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ "Linux", @@ -21767,17 +21767,17 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1034", - "https://capec.mitre.org/data/definitions/159.html", - "https://blogs.technet.microsoft.com/srd/2014/04/08/ms14-019-fixing-a-binary-hijacking-via-cmd-or-bat-file/", - "http://support.microsoft.com/KB/103000", - "https://isc.sans.edu/diary/Help+eliminate+unquoted+path+vulnerabilities/14464", - "https://securityboulevard.com/2018/04/windows-privilege-escalation-unquoted-services/", - "https://www.sploitspren.com/2018-01-26-Windows-Privilege-Escalation-Guide/", "http://msdn.microsoft.com/en-us/library/ms682425", - "http://technet.microsoft.com/en-us/library/cc723564.aspx#XSLTsection127121120120", "http://msdn.microsoft.com/en-us/library/ms687393", - "https://msdn.microsoft.com/en-us/library/fd7hxfdd.aspx" + "http://support.microsoft.com/KB/103000", + "http://technet.microsoft.com/en-us/library/cc723564.aspx#XSLTsection127121120120", + "https://attack.mitre.org/techniques/T1034", + "https://blogs.technet.microsoft.com/srd/2014/04/08/ms14-019-fixing-a-binary-hijacking-via-cmd-or-bat-file/", + "https://capec.mitre.org/data/definitions/159.html", + "https://isc.sans.edu/diary/Help+eliminate+unquoted+path+vulnerabilities/14464", + "https://msdn.microsoft.com/en-us/library/fd7hxfdd.aspx", + "https://securityboulevard.com/2018/04/windows-privilege-escalation-unquoted-services/", + "https://www.sploitspren.com/2018-01-26-Windows-Privilege-Escalation-Guide/" ] }, "uuid": "c4ad009b-6e13-4419-8d21-918a1652de02", @@ -21856,8 +21856,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1093", "http://www.autosectools.com/process-hollowing.pdf", + "https://attack.mitre.org/techniques/T1093", "https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process" ] }, @@ -21910,9 +21910,9 @@ "refs": [ "https://attack.mitre.org/techniques/T1054", "https://capec.mitre.org/data/definitions/571.html", - "https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Backdoor:Win32/Lamin.A", "https://docs.microsoft.com/en-us/windows/desktop/etw/consuming-events", - "https://medium.com/palantir/tampering-with-windows-event-tracing-background-offense-and-defense-4be7ac62ac63" + "https://medium.com/palantir/tampering-with-windows-event-tracing-background-offense-and-defense-4be7ac62ac63", + "https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Backdoor:Win32/Lamin.A" ] }, "related": [ @@ -21942,9 +21942,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1540", - "https://shunix.com/shared-library-injection-in-android/", "https://fadeevab.com/shared-library-injection-on-android-8/", - "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html" + "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html", + "https://shunix.com/shared-library-injection-in-android/" ] }, "uuid": "039bc59c-ecc7-4997-b2b4-4ab728bd91aa", @@ -21963,11 +21963,11 @@ "Windows" ], "refs": [ + "http://www.malwarearchaeology.com/s/Windows-PowerShell-Logging-Cheat-Sheet-ver-June-2016-v2.pdf", "https://attack.mitre.org/techniques/T1504", "https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_profiles?view=powershell-6", - "https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/", "https://witsendandshady.blogspot.com/2019/06/lab-notes-persistence-and-privilege.html", - "http://www.malwarearchaeology.com/s/Windows-PowerShell-Logging-Cheat-Sheet-ver-June-2016-v2.pdf" + "https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/" ] }, "related": [ @@ -21995,9 +21995,9 @@ "macOS" ], "refs": [ + "http://en.wikipedia.org/wiki/Executable_compression", "https://attack.mitre.org/techniques/T1045", "https://capec.mitre.org/data/definitions/570.html", - "http://en.wikipedia.org/wiki/Executable_compression", "https://www.welivesecurity.com/wp-content/uploads/2018/01/WP-FinFisher.pdf" ] }, @@ -22041,10 +22041,10 @@ "mitre-attack:collection" ], "mitre_data_sources": [ - "File: File Access", "Command: Command Execution", - "Windows Registry: Windows Registry Key Modification", - "File: File Creation" + "File: File Access", + "File: File Creation", + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Windows", @@ -22054,8 +22054,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1074", - "https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-report-final-v4.pdf", - "https://content.fireeye.com/m-trends/rpt-m-trends-2020" + "https://content.fireeye.com/m-trends/rpt-m-trends-2020", + "https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-report-final-v4.pdf" ] }, "uuid": "7dd95ff6-712e-4056-9626-312ea4ab4c5e", @@ -22095,12 +22095,12 @@ "mitre-attack:privilege-escalation" ], "mitre_data_sources": [ + "File: File Metadata", + "File: File Modification", + "Module: Module Load", "Process: OS API Execution", "Process: Process Access", - "File: File Modification", - "Process: Process Modification", - "File: File Metadata", - "Module: Module Load" + "Process: Process Modification" ], "mitre_platforms": [ "Linux", @@ -22108,13 +22108,13 @@ "Windows" ], "refs": [ + "http://www.chokepoint.net/2014/02/detecting-userland-preload-rootkits.html", + "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security_guide/chap-system_auditing", "https://attack.mitre.org/techniques/T1055", "https://capec.mitre.org/data/definitions/640.html", + "https://docs.microsoft.com/sysinternals/downloads/sysmon", "https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process", - "https://www.gnu.org/software/acct/", - "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security_guide/chap-system_auditing", - "http://www.chokepoint.net/2014/02/detecting-userland-preload-rootkits.html", - "https://docs.microsoft.com/sysinternals/downloads/sysmon" + "https://www.gnu.org/software/acct/" ] }, "uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", @@ -22129,12 +22129,12 @@ "mitre-attack:credential-access" ], "mitre_data_sources": [ - "Windows Registry: Windows Registry Key Modification", - "Process: OS API Execution", "Driver: Driver Load", - "Process: Process Creation", "File: File Modification", - "Process: Process Metadata" + "Process: OS API Execution", + "Process: Process Creation", + "Process: Process Metadata", + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Linux", @@ -22143,9 +22143,9 @@ "Network" ], "refs": [ + "http://opensecuritytraining.info/Keylogging_files/The%20Adventures%20of%20a%20Keystroke.pdf", "https://attack.mitre.org/techniques/T1056", - "https://capec.mitre.org/data/definitions/569.html", - "http://opensecuritytraining.info/Keylogging_files/The%20Adventures%20of%20a%20Keystroke.pdf" + "https://capec.mitre.org/data/definitions/569.html" ] }, "uuid": "bb5a00de-e086-4859-a231-fa793f6797e2", @@ -22160,8 +22160,8 @@ ], "mitre_data_sources": [ "Command: Command Execution", - "Process: Process Creation", - "Process: OS API Execution" + "Process: OS API Execution", + "Process: Process Creation" ], "mitre_platforms": [ "Linux", @@ -22190,14 +22190,14 @@ "PRE" ], "refs": [ - "https://attack.mitre.org/techniques/T1608", - "https://www.volexity.com/blog/2020/11/06/oceanlotus-extending-cyber-espionage-operations-through-fake-websites/", - "https://www.fireeye.com/blog/threat-research/2012/12/council-foreign-relations-water-hole-attack-details.html", "http://arstechnica.com/security/2015/08/newly-discovered-chinese-hacking-group-hacked-100-websites-to-use-as-watering-holes/", - "https://cybersecurity.att.com/blogs/labs-research/scanbox-a-reconnaissance-framework-used-on-watering-hole-attacks", + "https://attack.mitre.org/techniques/T1608", "https://blog.malwarebytes.com/malwarebytes-news/2020/10/silent-librarian-apt-phishing-attack/", + "https://cybersecurity.att.com/blogs/labs-research/scanbox-a-reconnaissance-framework-used-on-watering-hole-attacks", + "https://www.digicert.com/kb/ssl-certificate-installation.htm", + "https://www.fireeye.com/blog/threat-research/2012/12/council-foreign-relations-water-hole-attack-details.html", "https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta407-silent-librarian", - "https://www.digicert.com/kb/ssl-certificate-installation.htm" + "https://www.volexity.com/blog/2020/11/06/oceanlotus-extending-cyber-espionage-operations-through-fake-websites/" ] }, "uuid": "84771bc3-f6a0-403e-b144-01af70e5fda0", @@ -22211,9 +22211,9 @@ "mitre-attack:discovery" ], "mitre_data_sources": [ - "Process: Process Creation", - "File: File Access", "Command: Command Execution", + "File: File Access", + "Process: Process Creation", "User Account: User Account Metadata" ], "mitre_platforms": [ @@ -22246,9 +22246,9 @@ "mitre-attack:initial-access" ], "mitre_data_sources": [ + "Logon Session: Logon Session Creation", "Logon Session: Logon Session Metadata", - "User Account: User Account Authentication", - "Logon Session: Logon Session Creation" + "User Account: User Account Authentication" ], "mitre_platforms": [ "Windows", @@ -22264,9 +22264,9 @@ "refs": [ "https://attack.mitre.org/techniques/T1078", "https://capec.mitre.org/data/definitions/560.html", - "https://www.cisa.gov/uscert/ncas/alerts/aa22-074a", + "https://technet.microsoft.com/en-us/library/dn487457.aspx", "https://technet.microsoft.com/en-us/library/dn535501.aspx", - "https://technet.microsoft.com/en-us/library/dn487457.aspx" + "https://www.cisa.gov/uscert/ncas/alerts/aa22-074a" ] }, "uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", @@ -22286,11 +22286,11 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1079", "http://www.sans.org/reading-room/whitepapers/analyst/finding-hidden-threats-decrypting-ssl-34840", + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/techniques/T1079", "https://insights.sei.cmu.edu/cert/2015/03/the-risks-of-ssl-inspection.html", - "https://www.fidelissecurity.com/sites/default/files/FTA_1018_looking_at_the_sky_for_a_dark_comet.pdf", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://www.fidelissecurity.com/sites/default/files/FTA_1018_looking_at_the_sky_for_a_dark_comet.pdf" ] }, "related": [ @@ -22313,12 +22313,12 @@ "mitre-attack:persistence" ], "mitre_data_sources": [ + "Active Directory: Active Directory Object Modification", + "Command: Command Execution", "File: File Modification", "Group: Group Modification", - "Active Directory: Active Directory Object Modification", "Process: Process Creation", - "User Account: User Account Modification", - "Command: Command Execution" + "User Account: User Account Modification" ], "mitre_platforms": [ "Windows", @@ -22332,10 +22332,10 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1098", - "https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4670", - "https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4738", "https://blog.stealthbits.com/manipulating-user-passwords-with-mimikatz-SetNTLM-ChangeNTLM", - "https://github.com/gentilkiwi/mimikatz/issues/92" + "https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4738", + "https://github.com/gentilkiwi/mimikatz/issues/92", + "https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4670" ] }, "uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27", @@ -22349,26 +22349,26 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "Process: OS API Execution", "Command: Command Execution", - "Windows Registry: Windows Registry Key Modification", + "Process: OS API Execution", "Process: Process Creation", "Windows Registry: Windows Registry Key Creation", - "Windows Registry: Windows Registry Key Deletion" + "Windows Registry: Windows Registry Key Deletion", + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Windows" ], "refs": [ "https://attack.mitre.org/techniques/T1112", - "https://capec.mitre.org/data/definitions/203.html", - "https://technet.microsoft.com/en-us/library/cc732643.aspx", - "https://docs.microsoft.com/sysinternals/downloads/reghide", "https://blog.trendmicro.com/trendlabs-security-intelligence/poweliks-malware-hides-in-windows-registry/", - "https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353", - "https://technet.microsoft.com/en-us/library/cc754820.aspx", + "https://capec.mitre.org/data/definitions/203.html", + "https://docs.microsoft.com/en-us/sysinternals/downloads/regdelnull", + "https://docs.microsoft.com/sysinternals/downloads/reghide", "https://docs.microsoft.com/windows/security/threat-protection/auditing/event-4657", - "https://docs.microsoft.com/en-us/sysinternals/downloads/regdelnull" + "https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353", + "https://technet.microsoft.com/en-us/library/cc732643.aspx", + "https://technet.microsoft.com/en-us/library/cc754820.aspx" ] }, "uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", @@ -22386,9 +22386,9 @@ "Windows" ], "refs": [ + "http://docplayer.net/20839173-Analysis-of-malicious-security-support-provider-dlls.html", "https://attack.mitre.org/techniques/T1131", "https://msdn.microsoft.com/library/windows/desktop/aa374733.aspx", - "http://docplayer.net/20839173-Analysis-of-malicious-security-support-provider-dlls.html", "https://technet.microsoft.com/en-us/library/dn408187.aspx" ] }, @@ -22412,8 +22412,8 @@ "mitre-attack:collection" ], "mitre_data_sources": [ - "Process: OS API Execution", - "Command: Command Execution" + "Command: Command Execution", + "Process: OS API Execution" ], "mitre_platforms": [ "Linux", @@ -22422,9 +22422,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1113", + "https://blog.malwarebytes.com/threat-analysis/2017/01/new-mac-backdoor-using-antiquated-code/", "https://capec.mitre.org/data/definitions/648.html", - "https://docs.microsoft.com/en-us/dotnet/api/system.drawing.graphics.copyfromscreen?view=netframework-4.8", - "https://blog.malwarebytes.com/threat-analysis/2017/01/new-mac-backdoor-using-antiquated-code/" + "https://docs.microsoft.com/en-us/dotnet/api/system.drawing.graphics.copyfromscreen?view=netframework-4.8" ] }, "uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", @@ -22461,11 +22461,11 @@ "mitre-attack:collection" ], "mitre_data_sources": [ - "File: File Access", "Application Log: Application Log Content", - "Network Traffic: Network Connection Creation", + "Command: Command Execution", + "File: File Access", "Logon Session: Logon Session Creation", - "Command: Command Execution" + "Network Traffic: Network Connection Creation" ], "mitre_platforms": [ "Windows", @@ -22494,20 +22494,20 @@ "iOS" ], "refs": [ - "https://attack.mitre.org/techniques/T1411", - "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-31.html", - "http://w2spconf.com/2011/papers/felt-mobilephishing.pdf", - "https://www.welivesecurity.com/2018/09/19/fake-finance-apps-google-play-target-around-world/", - "https://developer.android.com/reference/android/app/ActivityManager.html#getRunningTasks%28int%29", + "http://cloak-and-dagger.org/", "http://stackoverflow.com/questions/30619349/android-5-1-1-and-above-getrunningappprocesses-returns-my-application-packag", - "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html", + "http://w2spconf.com/2011/papers/felt-mobilephishing.pdf", + "https://attack.mitre.org/techniques/T1411", "https://conference.hitb.org/hitbsecconf2011kul/materials/D1T1%20-%20Riley%20Hassell%20-%20Exploiting%20Androids%20for%20Fun%20and%20Profit.pdf", "https://developer.android.com/guide/components/activities/background-starts", - "http://cloak-and-dagger.org/", + "https://developer.android.com/reference/android/app/ActivityManager.html#getRunningTasks%28int%29", + "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-31.html", + "https://www.group-ib.com/blog/gustuff", "https://www.nowsecure.com/blog/2017/05/25/android-overlay-malware-system-alert-window-permission/", "https://www.skycure.com/blog/accessibility-clickjacking/", - "https://www.xda-developers.com/android-q-system-alert-window-deprecate-bubbles/", - "https://www.group-ib.com/blog/gustuff" + "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html", + "https://www.welivesecurity.com/2018/09/19/fake-finance-apps-google-play-target-around-world/", + "https://www.xda-developers.com/android-q-system-alert-window-deprecate-bubbles/" ] }, "uuid": "3dd58c80-4c2e-458c-9503-1b2cd273c4d2", @@ -22527,11 +22527,11 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1141", - "https://capec.mitre.org/data/definitions/569.html", "https://baesystemsai.blogspot.com/2015/06/new-mac-os-malware-exploits-mackeeper.html", + "https://capec.mitre.org/data/definitions/569.html", + "https://enigma0x3.net/2015/01/21/phishing-for-credentials-if-you-want-it-just-ask/", "https://logrhythm.com/blog/do-you-trust-your-computer/", - "https://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials/", - "https://enigma0x3.net/2015/01/21/phishing-for-credentials-if-you-want-it-just-ask/" + "https://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials/" ] }, "related": [ @@ -22565,8 +22565,8 @@ "refs": [ "https://attack.mitre.org/techniques/T1115", "https://capec.mitre.org/data/definitions/637.html", - "https://msdn.microsoft.com/en-us/library/ms649012", - "https://medium.com/rvrsh3ll/operating-with-empyre-ea764eda3363" + "https://medium.com/rvrsh3ll/operating-with-empyre-ea764eda3363", + "https://msdn.microsoft.com/en-us/library/ms649012" ] }, "uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", @@ -22614,11 +22614,11 @@ "Windows" ], "refs": [ + "http://www.symantec.com/connect/blogs/how-attackers-steal-private-keys-digital-certificates", + "http://www.thesafemac.com/new-signed-malware-called-janicab/", "https://attack.mitre.org/techniques/T1116", "https://en.wikipedia.org/wiki/Code_signing", - "http://www.thesafemac.com/new-signed-malware-called-janicab/", - "https://securelist.com/why-you-shouldnt-completely-trust-files-signed-with-digital-certificates/68593/", - "http://www.symantec.com/connect/blogs/how-attackers-steal-private-keys-digital-certificates" + "https://securelist.com/why-you-shouldnt-completely-trust-files-signed-with-digital-certificates/68593/" ] }, "related": [ @@ -22641,9 +22641,9 @@ "mitre-attack:collection" ], "mitre_data_sources": [ - "Script: Script Execution", + "Command: Command Execution", "File: File Access", - "Command: Command Execution" + "Script: Script Execution" ], "mitre_platforms": [ "Linux", @@ -22667,24 +22667,24 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "Process: Process Creation", + "Network Traffic: Network Connection Creation", "Network Traffic: Network Traffic Content", - "Network Traffic: Network Connection Creation" + "Process: Process Creation" ], "mitre_platforms": [ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1221", - "https://docs.microsoft.com/previous-versions/office/developer/office-2007/aa338205(v=office.12)", - "https://www.sans.org/reading-room/whitepapers/testing/template-injection-attacks-bypassing-security-controls-living-land-38780", "http://blog.redxorblue.com/2018/07/executing-macros-from-docx-with-remote.html", + "https://attack.mitre.org/techniques/T1221", "https://blog.malwarebytes.com/threat-analysis/2017/10/decoy-microsoft-word-document-delivers-malware-through-rat/", - "https://www.proofpoint.com/us/blog/threat-insight/injection-new-black-novel-rtf-template-inject-technique-poised-widespread", - "https://ciberseguridad.blog/decodificando-ficheros-rtf-maliciosos/", - "https://forum.anomali.com/t/credential-harvesting-and-malicious-file-delivery-using-microsoft-office-template-injection/2104", "https://blog.talosintelligence.com/2017/07/template-injection.html", - "https://github.com/ryhanson/phishery" + "https://ciberseguridad.blog/decodificando-ficheros-rtf-maliciosos/", + "https://docs.microsoft.com/previous-versions/office/developer/office-2007/aa338205(v=office.12)", + "https://forum.anomali.com/t/credential-harvesting-and-malicious-file-delivery-using-microsoft-office-template-injection/2104", + "https://github.com/ryhanson/phishery", + "https://www.proofpoint.com/us/blog/threat-insight/injection-new-black-novel-rtf-template-inject-technique-poised-widespread", + "https://www.sans.org/reading-room/whitepapers/testing/template-injection-attacks-bypassing-security-controls-living-land-38780" ] }, "uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534", @@ -22698,8 +22698,8 @@ "mitre-attack:collection" ], "mitre_data_sources": [ - "Process: OS API Execution", - "Command: Command Execution" + "Command: Command Execution", + "Process: OS API Execution" ], "mitre_platforms": [ "Linux", @@ -22730,10 +22730,10 @@ "Windows" ], "refs": [ + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", "https://attack.mitre.org/techniques/T1132", "https://en.wikipedia.org/wiki/Binary-to-text_encoding", - "https://en.wikipedia.org/wiki/Character_encoding", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://en.wikipedia.org/wiki/Character_encoding" ] }, "uuid": "cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f", @@ -22766,8 +22766,8 @@ "mitre-attack:collection" ], "mitre_data_sources": [ - "Process: OS API Execution", - "Command: Command Execution" + "Command: Command Execution", + "Process: OS API Execution" ], "mitre_platforms": [ "Windows", @@ -22796,10 +22796,10 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1162", - "https://developer.apple.com/library/content/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLoginItems.html", - "https://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-Wardle.pdf", "https://blog.malwarebytes.com/threat-analysis/2017/04/new-osx-dok-malware-intercepts-web-traffic/", - "https://capec.mitre.org/data/definitions/564.html" + "https://capec.mitre.org/data/definitions/564.html", + "https://developer.apple.com/library/content/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLoginItems.html", + "https://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-Wardle.pdf" ] }, "related": [ @@ -22828,8 +22828,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1172", - "http://www.icir.org/vern/papers/meek-PETS-2015.pdf" + "http://www.icir.org/vern/papers/meek-PETS-2015.pdf", + "https://attack.mitre.org/techniques/T1172" ] }, "related": [ @@ -22858,9 +22858,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1182", - "https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process", + "https://forum.sysinternals.com/appcertdlls_topic12546.html", "https://technet.microsoft.com/en-us/sysinternals/bb963902", - "https://forum.sysinternals.com/appcertdlls_topic12546.html" + "https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process" ] }, "related": [ @@ -22892,8 +22892,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1192", - "https://capec.mitre.org/data/definitions/163.html", - "https://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-abuses-open-authentication-advanced-social-engineering-attacks" + "https://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-abuses-open-authentication-advanced-social-engineering-attacks", + "https://capec.mitre.org/data/definitions/163.html" ] }, "related": [ @@ -22916,8 +22916,8 @@ "mitre-attack:execution" ], "mitre_data_sources": [ - "Process: OS API Execution", - "Module: Module Load" + "Module: Module Load", + "Process: OS API Execution" ], "mitre_platforms": [ "Windows" @@ -22967,8 +22967,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1143", - "https://docs.microsoft.com/en-us/powershell/module/Microsoft.PowerShell.Core/About/about_PowerShell_exe?view=powershell-5.1", - "https://blog.malwarebytes.com/threat-analysis/2017/01/new-mac-backdoor-using-antiquated-code/" + "https://blog.malwarebytes.com/threat-analysis/2017/01/new-mac-backdoor-using-antiquated-code/", + "https://docs.microsoft.com/en-us/powershell/module/Microsoft.PowerShell.Core/About/about_PowerShell_exe?view=powershell-5.1" ] }, "related": [ @@ -22995,12 +22995,12 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1513", + "https://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/", + "https://developer.android.com/reference/android/media/projection/MediaProjectionManager", + "https://developer.android.com/studio/command-line/adb", "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-40.html", "https://www.fortinet.com/blog/threat-research/new-wave-bianlian-malware.html", - "https://developer.android.com/reference/android/media/projection/MediaProjectionManager", - "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf", - "https://developer.android.com/studio/command-line/adb", - "https://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/" + "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf" ] }, "uuid": "73c26732-6422-4081-8b63-6d0ae93d449e", @@ -23014,8 +23014,8 @@ "mitre-attack:persistence" ], "mitre_data_sources": [ - "Process: Process Creation", "Command: Command Execution", + "Process: Process Creation", "User Account: User Account Creation" ], "mitre_platforms": [ @@ -23049,8 +23049,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1138", - "https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process", - "https://www.blackhat.com/docs/eu-15/materials/eu-15-Pierce-Defending-Against-Malicious-Application-Compatibility-Shims-wp.pdf" + "https://www.blackhat.com/docs/eu-15/materials/eu-15-Pierce-Defending-Against-Malicious-Application-Compatibility-Shims-wp.pdf", + "https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process" ] }, "related": [ @@ -23122,8 +23122,8 @@ "macOS" ], "refs": [ - "https://attack.mitre.org/techniques/T1139", - "http://www.slideshare.net/StephanBorosh/external-to-da-the-os-x-way" + "http://www.slideshare.net/StephanBorosh/external-to-da-the-os-x-way", + "https://attack.mitre.org/techniques/T1139" ] }, "related": [ @@ -23151,10 +23151,10 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1144", - "https://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-Wardle.pdf", + "https://blog.malwarebytes.com/cybercrime/2015/10/bypassing-apples-gatekeeper/", "https://derflounder.wordpress.com/2012/11/20/clearing-the-quarantine-extended-attribute-from-downloaded-applications/", "https://www.alienvault.com/blogs/labs-research/oceanlotus-for-os-x-an-application-bundle-pretending-to-be-an-adobe-flash-update", - "https://blog.malwarebytes.com/cybercrime/2015/10/bypassing-apples-gatekeeper/" + "https://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-Wardle.pdf" ] }, "related": [ @@ -23182,11 +23182,11 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1541", - "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-19.html", - "https://developer.android.com/guide/topics/sensors/sensors_overview#sensors-practices", + "https://blog.trendmicro.com/trendlabs-security-intelligence/fake-photo-beautification-apps-on-google-play-can-read-sms-verification-code-to-trigger-wireless-application-protocol-wap-carrier-billing/", "https://developer.android.com/guide/components/services.html#Foreground", + "https://developer.android.com/guide/topics/sensors/sensors_overview#sensors-practices", "https://i.blackhat.com/eu-19/Thursday/eu-19-Sutter-Simple-Spyware-Androids-Invisible-Foreground-Services-And-How-To-Abuse-Them.pdf", - "https://blog.trendmicro.com/trendlabs-security-intelligence/fake-photo-beautification-apps-on-google-play-can-read-sms-verification-code-to-trigger-wireless-application-protocol-wap-carrier-billing/" + "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-19.html" ] }, "uuid": "648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e", @@ -23238,11 +23238,11 @@ "refs": [ "https://attack.mitre.org/techniques/T1461", "https://srlabs.de/bites/spoofing-fingerprints/", - "https://thehackernews.com/2016/05/android-kernal-exploit.htmlhttps://www.secureidnews.com/news-item/another-spoof-of-mobile-biometrics/", - "https://www.thesun.co.uk/tech/5584082/iphone-x-face-unlock-tricked-broken/", "https://support.apple.com/en-us/HT204587", - "https://www.wired.com/2015/09/hack-brief-new-emergency-number-hack-easily-bypasses-android-lock-screens/", - "https://threatpost.com/ios-10-passcode-bypass-can-access-photos-contacts/122033/" + "https://thehackernews.com/2016/05/android-kernal-exploit.htmlhttps://www.secureidnews.com/news-item/another-spoof-of-mobile-biometrics/", + "https://threatpost.com/ios-10-passcode-bypass-can-access-photos-contacts/122033/", + "https://www.thesun.co.uk/tech/5584082/iphone-x-face-unlock-tricked-broken/", + "https://www.wired.com/2015/09/hack-brief-new-emergency-number-hack-easily-bypasses-android-lock-screens/" ] }, "uuid": "dfe29258-ce59-421c-9dee-e85cb9fa90cd", @@ -23329,9 +23329,9 @@ "iOS" ], "refs": [ + "https://andreas-kurtz.de/2014/09/malicious-ios-apps/", "https://attack.mitre.org/techniques/T1418", - "https://developer.android.com/reference/android/content/pm/PackageManager.html", - "https://andreas-kurtz.de/2014/09/malicious-ios-apps/" + "https://developer.android.com/reference/android/content/pm/PackageManager.html" ] }, "uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", @@ -23351,9 +23351,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1184", - "https://www.slideshare.net/morisson/mistrusting-and-abusing-ssh-13526219", "https://www.blackhat.com/presentations/bh-usa-05/bh-us-05-boileau.pdf", "https://www.clockwork.com/news/2012/09/28/602/ssh_agent_hijacking", + "https://www.slideshare.net/morisson/mistrusting-and-abusing-ssh-13526219", "https://www.welivesecurity.com/2014/02/21/an-in-depth-analysis-of-linuxebury/" ] }, @@ -23399,8 +23399,8 @@ "macOS" ], "refs": [ - "https://attack.mitre.org/techniques/T1149", "https://assets.documentcloud.org/documents/2459197/bit9-carbon-black-threat-research-report-2015.pdf", + "https://attack.mitre.org/techniques/T1149", "https://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-Wardle.pdf" ] }, @@ -23415,11 +23415,11 @@ "mitre-attack:impact" ], "mitre_data_sources": [ - "Process: Process Creation", "Command: Command Execution", - "Driver: Driver Load", "Drive: Drive Access", - "Drive: Drive Modification" + "Drive: Drive Modification", + "Driver: Driver Load", + "Process: Process Creation" ], "mitre_platforms": [ "Linux", @@ -23428,8 +23428,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1561", - "https://operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Destructive-Malware-Report.pdf", - "https://docs.microsoft.com/sysinternals/downloads/sysmon" + "https://docs.microsoft.com/sysinternals/downloads/sysmon", + "https://operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Destructive-Malware-Report.pdf" ] }, "uuid": "1988cc35-ced8-4dad-b2d1-7628488fa967", @@ -23448,9 +23448,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1516", - "https://www.welivesecurity.com/2018/12/11/android-trojan-steals-money-paypal-accounts-2fa/", "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html", - "https://help.bitwarden.com/article/auto-fill-android/" + "https://help.bitwarden.com/article/auto-fill-android/", + "https://www.welivesecurity.com/2018/12/11/android-trojan-steals-money-paypal-accounts-2fa/" ] }, "uuid": "d1f1337e-aea7-454c-86bd-482a98ffaf62", @@ -23544,11 +23544,11 @@ "mitre-attack:discovery" ], "mitre_data_sources": [ - "Process: OS API Execution", - "Firewall: Firewall Metadata", - "Process: Process Creation", + "Command: Command Execution", "Firewall: Firewall Enumeration", - "Command: Command Execution" + "Firewall: Firewall Metadata", + "Process: OS API Execution", + "Process: Process Creation" ], "mitre_platforms": [ "Windows", @@ -23581,14 +23581,14 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1159", - "https://developer.apple.com/library/content/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLaunchdJobs.html", - "https://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials/", "https://blog.malwarebytes.com/threat-analysis/2017/01/new-mac-backdoor-using-antiquated-code/", "https://blog.malwarebytes.com/threat-analysis/2017/04/new-osx-dok-malware-intercepts-web-traffic/", + "https://developer.apple.com/library/content/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLaunchdJobs.html", "https://researchcenter.paloaltonetworks.com/2016/09/unit42-sofacys-komplex-os-x-trojan/", - "https://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-Wardle.pdf", + "https://www.alienvault.com/blogs/labs-research/oceanlotus-for-os-x-an-application-bundle-pretending-to-be-an-adobe-flash-update", "https://www.synack.com/wp-content/uploads/2016/03/RSA_OSX_Malware.pdf", - "https://www.alienvault.com/blogs/labs-research/oceanlotus-for-os-x-an-application-bundle-pretending-to-be-an-adobe-flash-update" + "https://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-Wardle.pdf", + "https://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials/" ] }, "related": [ @@ -23617,11 +23617,11 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1616", + "https://developer.android.com/reference/android/Manifest.permission", "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-41.html", - "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-42.html", - "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-36.html", "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-18.html", - "https://developer.android.com/reference/android/Manifest.permission" + "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-36.html", + "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-42.html" ] }, "uuid": "351ddf79-2d3a-41b4-9bef-82ea5d3ccd69", @@ -23635,11 +23635,11 @@ "mitre-attack:persistence" ], "mitre_data_sources": [ - "Windows Registry: Windows Registry Key Creation", "Command: Command Execution", - "Network Traffic: Network Connection Creation", "File: File Creation", - "Process: Process Creation" + "Network Traffic: Network Connection Creation", + "Process: Process Creation", + "Windows Registry: Windows Registry Key Creation" ], "mitre_platforms": [ "Linux", @@ -23648,16 +23648,16 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1176", - "https://www.ghacks.net/2017/09/19/first-chrome-extension-with-javascript-crypto-miner-detected/", - "https://www.xorrior.com/No-Place-Like-Chrome/", "https://developer.chrome.com/extensions", - "https://www.icebrg.io/blog/malicious-chrome-extensions-enable-criminals-to-impact-over-half-a-million-users-and-global-businesses", - "https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/43824.pdf", - "https://kjaer.io/extension-malware/", - "https://isc.sans.edu/forums/diary/CatchAll+Google+Chrome+Malicious+Extension+Steals+All+Posted+Data/22976/https:/threatpost.com/malicious-chrome-extension-steals-data-posted-to-any-website/128680/)", + "https://en.wikipedia.org/wiki/Browser_extension", "https://isc.sans.edu/forums/diary/BankerGoogleChromeExtensiontargetingBrazil/22722/", + "https://isc.sans.edu/forums/diary/CatchAll+Google+Chrome+Malicious+Extension+Steals+All+Posted+Data/22976/https:/threatpost.com/malicious-chrome-extension-steals-data-posted-to-any-website/128680/)", + "https://kjaer.io/extension-malware/", + "https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/43824.pdf", + "https://www.ghacks.net/2017/09/19/first-chrome-extension-with-javascript-crypto-miner-detected/", + "https://www.icebrg.io/blog/malicious-chrome-extensions-enable-criminals-to-impact-over-half-a-million-users-and-global-businesses", "https://www.welivesecurity.com/2017/07/20/stantinko-massive-adware-campaign-operating-covertly-since-2012/", - "https://en.wikipedia.org/wiki/Browser_extension" + "https://www.xorrior.com/No-Place-Like-Chrome/" ] }, "uuid": "389735f1-f21c-4208-b8f0-f8031e7169b8", @@ -23675,9 +23675,9 @@ "macOS" ], "refs": [ - "https://attack.mitre.org/techniques/T1167", "http://juusosalonen.com/post/30923743427/breaking-into-the-os-x-keychain", "http://www.slideshare.net/StephanBorosh/external-to-da-the-os-x-way", + "https://attack.mitre.org/techniques/T1167", "https://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials/" ] }, @@ -23706,12 +23706,12 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1186", + "https://hshrzd.wordpress.com/2017/12/18/process-doppelganging-a-new-way-to-impersonate-a-process/", + "https://msdn.microsoft.com/library/windows/desktop/aa365738.aspx", "https://msdn.microsoft.com/library/windows/desktop/bb968806.aspx", "https://msdn.microsoft.com/library/windows/desktop/dd979526.aspx", - "https://msdn.microsoft.com/library/windows/desktop/aa365738.aspx", - "https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdf", - "https://hshrzd.wordpress.com/2017/12/18/process-doppelganging-a-new-way-to-impersonate-a-process/", - "https://msdn.microsoft.com/library/windows/hardware/ff559951.aspx" + "https://msdn.microsoft.com/library/windows/hardware/ff559951.aspx", + "https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdf" ] }, "related": [ @@ -23757,10 +23757,10 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1177", - "https://technet.microsoft.com/library/cc961760.aspx", - "https://technet.microsoft.com/library/dn408187.aspx", + "https://msdn.microsoft.com/library/windows/desktop/ff919712.aspx", "https://technet.microsoft.com/en-us/sysinternals/bb963902", - "https://msdn.microsoft.com/library/windows/desktop/ff919712.aspx" + "https://technet.microsoft.com/library/cc961760.aspx", + "https://technet.microsoft.com/library/dn408187.aspx" ] }, "related": [ @@ -23783,23 +23783,23 @@ "mitre-attack:credential-access" ], "mitre_data_sources": [ - "File: File Modification", - "Network Traffic: Network Traffic Flow", + "File: File Access", "File: File Creation", + "File: File Modification", "Network Traffic: Network Traffic Content", - "File: File Access" + "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ "Windows" ], "refs": [ "https://attack.mitre.org/techniques/T1187", - "https://en.wikipedia.org/wiki/Server_Message_Block", "https://blog.didierstevens.com/2017/11/13/webdav-traffic-to-malicious-sites/", - "https://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/4beddb35-0cba-424c-8b9b-a5832ad8e208.mspx", + "https://en.wikipedia.org/wiki/Server_Message_Block", "https://github.com/hob0/hashjacking", - "https://www.cylance.com/content/dam/cylance/pdfs/white_papers/RedirectToSMB.pdf", "https://osandamalith.com/2017/03/24/places-of-interest-in-stealing-netntlm-hashes/", + "https://www.cylance.com/content/dam/cylance/pdfs/white_papers/RedirectToSMB.pdf", + "https://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/4beddb35-0cba-424c-8b9b-a5832ad8e208.mspx", "https://www.us-cert.gov/ncas/alerts/TA17-293A" ] }, @@ -23816,24 +23816,24 @@ ], "mitre_data_sources": [ "Command: Command Execution", - "Service: Service Metadata", "Network Traffic: Network Connection Creation", - "Process: Process Creation" + "Process: Process Creation", + "Service: Service Metadata" ], "mitre_platforms": [ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1197", - "https://msdn.microsoft.com/library/windows/desktop/ms680573.aspx", - "https://msdn.microsoft.com/library/windows/desktop/bb968799.aspx", - "https://msdn.microsoft.com/library/aa362813.aspx", - "https://www.secureworks.com/blog/malware-lingers-with-bits", "https://arstechnica.com/information-technology/2007/05/malware-piggybacks-on-windows-background-intelligent-transfer-service/", - "https://www.symantec.com/connect/blogs/malware-update-windows-update", + "https://attack.mitre.org/techniques/T1197", + "https://msdn.microsoft.com/library/aa362813.aspx", + "https://msdn.microsoft.com/library/windows/desktop/bb968799.aspx", + "https://msdn.microsoft.com/library/windows/desktop/ms680573.aspx", "https://researchcenter.paloaltonetworks.com/2017/11/unit42-uboatrat-navigates-east-asia/", "https://technet.microsoft.com/library/dd939934.aspx", - "https://www.elastic.co/blog/hunting-for-persistence-using-elastic-security-part-1" + "https://www.elastic.co/blog/hunting-for-persistence-using-elastic-security-part-1", + "https://www.secureworks.com/blog/malware-lingers-with-bits", + "https://www.symantec.com/connect/blogs/malware-update-windows-update" ] }, "uuid": "c8e87b83-edbb-48d4-9295-4974897525b7", @@ -23847,8 +23847,8 @@ "mitre-attack:initial-access" ], "mitre_data_sources": [ - "Logon Session: Logon Session Creation", "Application Log: Application Log Content", + "Logon Session: Logon Session Creation", "Logon Session: Logon Session Metadata" ], "mitre_platforms": [ @@ -23889,10 +23889,10 @@ "mitre-attack:discovery" ], "mitre_data_sources": [ + "Application Log: Application Log Content", "Command: Command Execution", - "Process: Process Creation", "Process: OS API Execution", - "Application Log: Application Log Content" + "Process: Process Creation" ], "mitre_platforms": [ "Windows", @@ -23901,12 +23901,12 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1622", - "https://research.checkpoint.com/2021/stopping-serial-killer-catching-the-next-strike/", - "https://github.com/hasherezade/malware_training_vol1/blob/main/slides/module3/Module3_2_fingerprinting.pdf", "https://github.com/LordNoteworthy/al-khaser/tree/master/al-khaser/AntiDebug", - "https://objective-see.com/blog/blog_0x60.html", + "https://github.com/hasherezade/malware_training_vol1/blob/main/slides/module3/Module3_2_fingerprinting.pdf", "https://github.com/processhacker/processhacker", - "https://github.com/vxunderground/VX-API/tree/main/Anti%20Debug" + "https://github.com/vxunderground/VX-API/tree/main/Anti%20Debug", + "https://objective-see.com/blog/blog_0x60.html", + "https://research.checkpoint.com/2021/stopping-serial-killer-catching-the-next-strike/" ] }, "uuid": "e4dc8c01-417f-458d-9ee0-bb0617c1b391", @@ -23989,10 +23989,10 @@ "mitre-attack:credential-access" ], "mitre_data_sources": [ + "Command: Command Execution", "File: File Access", "Process: Process Creation", "User Account: User Account Authentication", - "Command: Command Execution", "Windows Registry: Windows Registry Key Access" ], "mitre_platforms": [ @@ -24021,18 +24021,18 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "Windows Registry: Windows Registry Key Modification", - "Script: Script Execution", - "Firewall: Firewall Disable", - "Sensor Health: Host Status", - "Windows Registry: Windows Registry Key Deletion", - "Process: Process Termination", - "Service: Service Metadata", - "Process: Process Creation", + "Cloud Service: Cloud Service Disable", "Cloud Service: Cloud Service Modification", "Command: Command Execution", - "Cloud Service: Cloud Service Disable", - "Firewall: Firewall Rule Modification" + "Firewall: Firewall Disable", + "Firewall: Firewall Rule Modification", + "Process: Process Creation", + "Process: Process Termination", + "Script: Script Execution", + "Sensor Health: Host Status", + "Service: Service Metadata", + "Windows Registry: Windows Registry Key Deletion", + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Windows", @@ -24068,10 +24068,10 @@ "Windows" ], "refs": [ + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", "https://attack.mitre.org/techniques/T1572", - "https://www.ssh.com/ssh/tunneling", "https://www.bleepingcomputer.com/news/security/new-godlua-malware-evades-traffic-monitoring-via-dns-over-https/", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://www.ssh.com/ssh/tunneling" ] }, "uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b", @@ -24088,11 +24088,11 @@ "Android" ], "refs": [ + "https://android-developers.googleblog.com/2013/10/getting-your-sms-apps-ready-for-kitkat.html", + "https://android.googlesource.com/platform/packages/providers/TelephonyProvider/+/7e7c274/src/com/android/providers/telephony/SmsProvider.java", "https://attack.mitre.org/techniques/T1582", "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-16.html", - "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-41.html", - "https://android-developers.googleblog.com/2013/10/getting-your-sms-apps-ready-for-kitkat.html", - "https://android.googlesource.com/platform/packages/providers/TelephonyProvider/+/7e7c274/src/com/android/providers/telephony/SmsProvider.java" + "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-41.html" ] }, "uuid": "b327a9c0-e709-495c-aa6e-00b042136e2b", @@ -24157,9 +24157,9 @@ "mitre-attack:lateral-movement" ], "mitre_data_sources": [ + "Application Log: Application Log Content", "Network Traffic: Network Traffic Content", - "Network Traffic: Network Traffic Flow", - "Application Log: Application Log Content" + "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ "Windows", @@ -24208,10 +24208,10 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1573", "http://www.sans.org/reading-room/whitepapers/analyst/finding-hidden-threats-decrypting-ssl-34840", - "https://insights.sei.cmu.edu/cert/2015/03/the-risks-of-ssl-inspection.html", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/techniques/T1573", + "https://insights.sei.cmu.edu/cert/2015/03/the-risks-of-ssl-inspection.html" ] }, "uuid": "b8902400-e6c5-4ba2-95aa-2d35b442b118", @@ -24225,11 +24225,11 @@ "mitre-attack:resource-development" ], "mitre_data_sources": [ + "Domain Name: Active DNS", + "Domain Name: Domain Registration", "Domain Name: Passive DNS", "Internet Scan: Response Content", - "Internet Scan: Response Metadata", - "Domain Name: Domain Registration", - "Domain Name: Active DNS" + "Internet Scan: Response Metadata" ], "mitre_platforms": [ "PRE" @@ -24237,9 +24237,9 @@ "refs": [ "https://attack.mitre.org/techniques/T1583", "https://documents.trendmicro.com/assets/wp/wp-criminal-hideouts-for-lease.pdf", + "https://michaelkoczwara.medium.com/cobalt-strike-c2-hunting-with-shodan-c448d501a6e2", "https://threatconnect.com/blog/infrastructure-research-hunting/", - "https://www.mandiant.com/resources/scandalous-external-detection-using-network-scan-data-and-automation", - "https://michaelkoczwara.medium.com/cobalt-strike-c2-hunting-with-shodan-c448d501a6e2" + "https://www.mandiant.com/resources/scandalous-external-detection-using-network-scan-data-and-automation" ] }, "uuid": "0458aab9-ad42-4eac-9e22-706a95bafee2", @@ -24258,10 +24258,10 @@ "iOS" ], "refs": [ + "http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-over-225000-apple-accounts-to-create-free-app-utopia/", "https://attack.mitre.org/techniques/T1446", - "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-28.html", "https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#resetPassword(java.lang.String,%20int)", - "http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-over-225000-apple-accounts-to-create-free-app-utopia/" + "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-28.html" ] }, "uuid": "9d7c32f4-ab39-49dc-8055-8106bc2294a1", @@ -24275,19 +24275,19 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "User Account: User Account Metadata", - "File: File Modification", - "Process: Process Creation", - "Service: Service Creation", - "Process: OS API Execution", - "File: File Metadata", - "User Account: User Account Creation", - "Script: Script Execution", - "Firmware: Firmware Modification", - "Windows Registry: Windows Registry Key Modification", - "File: File Creation", + "Application Log: Application Log Content", "Command: Command Execution", - "Application Log: Application Log Content" + "File: File Creation", + "File: File Metadata", + "File: File Modification", + "Firmware: Firmware Modification", + "Process: OS API Execution", + "Process: Process Creation", + "Script: Script Execution", + "Service: Service Creation", + "User Account: User Account Creation", + "User Account: User Account Metadata", + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Linux", @@ -24297,10 +24297,10 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1564", - "https://researchcenter.paloaltonetworks.com/2016/09/unit42-sofacys-komplex-os-x-trojan/", - "https://cdn2.hubspot.net/hubfs/3354902/Content%20PDFs/Cybereason-Lab-Analysis-OSX-Pirrit-4-6-16.pdf", "https://blog.malwarebytes.com/101/2015/07/introduction-to-alternate-data-streams/", - "https://news.sophos.com/en-us/2020/05/21/ragnar-locker-ransomware-deploys-virtual-machine-to-dodge-security/" + "https://cdn2.hubspot.net/hubfs/3354902/Content%20PDFs/Cybereason-Lab-Analysis-OSX-Pirrit-4-6-16.pdf", + "https://news.sophos.com/en-us/2020/05/21/ragnar-locker-ransomware-deploys-virtual-machine-to-dodge-security/", + "https://researchcenter.paloaltonetworks.com/2016/09/unit42-sofacys-komplex-os-x-trojan/" ] }, "uuid": "22905430-4901-4c2a-84f6-98243cb173f8", @@ -24314,9 +24314,9 @@ "mitre-attack:resource-development" ], "mitre_data_sources": [ + "Domain Name: Active DNS", "Domain Name: Domain Registration", "Domain Name: Passive DNS", - "Domain Name: Active DNS", "Internet Scan: Response Content", "Internet Scan: Response Metadata" ], @@ -24325,15 +24325,15 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1584", - "https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html", - "https://www.icann.org/groups/ssac/documents/sac-007-en", - "https://michaelkoczwara.medium.com/cobalt-strike-c2-hunting-with-shodan-c448d501a6e2", - "https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf", "https://blog.talosintelligence.com/2018/11/dnspionage-campaign-targets-middle-east.html", "https://media.defense.gov/2019/Oct/18/2002197242/-1/-1/0/NSA_CSA_Turla_20191021%20ver%204%20-%20nsa.gov.pdf", - "https://www.mandiant.com/resources/scandalous-external-detection-using-network-scan-data-and-automation", + "https://michaelkoczwara.medium.com/cobalt-strike-c2-hunting-with-shodan-c448d501a6e2", "https://threatconnect.com/blog/infrastructure-research-hunting/", - "https://www.fireeye.com/blog/threat-research/2015/12/the-eps-awakens-part-two.html" + "https://www.fireeye.com/blog/threat-research/2015/12/the-eps-awakens-part-two.html", + "https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html", + "https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf", + "https://www.icann.org/groups/ssac/documents/sac-007-en", + "https://www.mandiant.com/resources/scandalous-external-detection-using-network-scan-data-and-automation" ] }, "uuid": "7e3beebd-8bfe-4e7b-a892-e44ab06a75f9", @@ -24347,15 +24347,15 @@ "mitre-attack:impact" ], "mitre_data_sources": [ - "Image: Image Deletion", - "Volume: Volume Deletion", - "File: File Deletion", "Cloud Storage: Cloud Storage Deletion", - "Snapshot: Snapshot Deletion", - "Instance: Instance Deletion", + "Command: Command Execution", + "File: File Deletion", "File: File Modification", + "Image: Image Deletion", + "Instance: Instance Deletion", "Process: Process Creation", - "Command: Command Execution" + "Snapshot: Snapshot Deletion", + "Volume: Volume Deletion" ], "mitre_platforms": [ "Windows", @@ -24364,15 +24364,15 @@ "macOS" ], "refs": [ - "https://attack.mitre.org/techniques/T1485", - "https://www.symantec.com/connect/blogs/shamoon-attacks", - "https://www.fireeye.com/blog/threat-research/2016/11/fireeye_respondsto.html", "http://researchcenter.paloaltonetworks.com/2016/11/unit42-shamoon-2-return-disttrack-wiper/", - "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07180722/Report_Shamoon_StoneDrill_final.pdf", - "https://unit42.paloaltonetworks.com/shamoon-3-targets-oil-gas-organization/", + "https://attack.mitre.org/techniques/T1485", "https://blog.talosintelligence.com/2018/02/olympic-destroyer.html", + "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07180722/Report_Shamoon_StoneDrill_final.pdf", "https://threatpost.com/hacker-puts-hosting-service-code-spaces-out-of-business/106761/", - "https://www.justice.gov/usao-ndca/pr/san-jose-man-pleads-guilty-damaging-cisco-s-network" + "https://unit42.paloaltonetworks.com/shamoon-3-targets-oil-gas-organization/", + "https://www.fireeye.com/blog/threat-research/2016/11/fireeye_respondsto.html", + "https://www.justice.gov/usao-ndca/pr/san-jose-man-pleads-guilty-damaging-cisco-s-network", + "https://www.symantec.com/connect/blogs/shamoon-attacks" ] }, "uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", @@ -24395,8 +24395,8 @@ "Network" ], "refs": [ - "https://attack.mitre.org/techniques/T1495", "http://www.mitre.org/publications/project-stories/going-deep-into-the-bios-with-mitre-firmware-security-research", + "https://attack.mitre.org/techniques/T1495", "https://web.archive.org/web/20190508170055/https://www.symantec.com/security-center/writeup/2000-122010-2655-99" ] }, @@ -24411,12 +24411,12 @@ "mitre-attack:impact" ], "mitre_data_sources": [ - "Process: Process Creation", "Command: Command Execution", - "Sensor Health: Host Status", + "File: File Creation", "Network Traffic: Network Connection Creation", "Network Traffic: Network Traffic Flow", - "File: File Creation" + "Process: Process Creation", + "Sensor Health: Host Status" ], "mitre_platforms": [ "Windows", @@ -24427,9 +24427,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1496", - "https://unit42.paloaltonetworks.com/hildegard-malware-teamtnt/", "https://blog.cloudsploit.com/the-danger-of-unused-aws-regions-af0bf1b878fc", "https://securelist.com/lazarus-under-the-hood/77908/", + "https://unit42.paloaltonetworks.com/hildegard-malware-teamtnt/", "https://www.trendmicro.com/en_us/research/19/e/infected-cryptocurrency-mining-containers-target-docker-hosts-with-exposed-apis-use-shodan-to-find-additional-victims.html", "https://www.trendmicro.com/en_us/research/20/i/war-of-linux-cryptocurrency-miners-a-battle-for-resources.html", "https://www.welivesecurity.com/2019/07/08/south-korean-users-backdoor-torrents/" @@ -24446,13 +24446,13 @@ "mitre-attack:impact" ], "mitre_data_sources": [ + "Command: Command Execution", + "File: File Modification", "Process: OS API Execution", "Process: Process Creation", - "Service: Service Metadata", - "File: File Modification", - "Windows Registry: Windows Registry Key Modification", "Process: Process Termination", - "Command: Command Execution" + "Service: Service Metadata", + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Windows", @@ -24477,13 +24477,13 @@ "mitre-attack:impact" ], "mitre_data_sources": [ - "File: File Metadata", "File: File Creation", + "File: File Deletion", + "File: File Metadata", + "File: File Modification", "Network Traffic: Network Traffic Content", "Network Traffic: Network Traffic Flow", - "File: File Deletion", - "Process: OS API Execution", - "File: File Modification" + "Process: OS API Execution" ], "mitre_platforms": [ "Linux", @@ -24525,17 +24525,17 @@ "mitre-attack:resource-development" ], "mitre_data_sources": [ - "Persona: Social Media", - "Network Traffic: Network Traffic Content" + "Network Traffic: Network Traffic Content", + "Persona: Social Media" ], "mitre_platforms": [ "PRE" ], "refs": [ - "https://attack.mitre.org/techniques/T1585", - "https://www.securityweek.com/iranian-hackers-targeted-us-officials-elaborate-social-media-attack-operation", "http://media.blackhat.com/bh-us-10/whitepapers/Ryan/BlackHat-USA-2010-Ryan-Getting-In-Bed-With-Robin-Sage-v1.0.pdf", - "https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf" + "https://attack.mitre.org/techniques/T1585", + "https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf", + "https://www.securityweek.com/iranian-hackers-targeted-us-officials-elaborate-social-media-attack-operation" ] }, "uuid": "cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8", @@ -24557,8 +24557,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1595", - "https://www.caida.org/publications/papers/2012/analysis_slash_zero/analysis_slash_zero.pdf", - "https://wiki.owasp.org/index.php/OAT-004_Fingerprinting" + "https://wiki.owasp.org/index.php/OAT-004_Fingerprinting", + "https://www.caida.org/publications/papers/2012/analysis_slash_zero/analysis_slash_zero.pdf" ] }, "uuid": "67073dde-d720-45ae-83da-b12d5e73ca3b", @@ -24579,8 +24579,8 @@ "PRE" ], "refs": [ - "https://attack.mitre.org/techniques/T1586", - "https://arstechnica.com/tech-policy/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack/" + "https://arstechnica.com/tech-policy/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack/", + "https://attack.mitre.org/techniques/T1586" ] }, "uuid": "81033c3b-16a4-46e4-8fed-9b030dd03c4a", @@ -24595,8 +24595,8 @@ ], "mitre_data_sources": [ "Network Traffic: Network Connection Creation", - "Network Traffic: Network Traffic Flow", - "Network Traffic: Network Traffic Content" + "Network Traffic: Network Traffic Content", + "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ "Linux", @@ -24604,11 +24604,11 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1568", "http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html", + "https://attack.mitre.org/techniques/T1568", + "https://datadrivensecurity.info/blog/posts/2014/Oct/dga-part2/", "https://www.fireeye.com/blog/threat-research/2017/03/dissecting_one_ofap.html", - "https://www.welivesecurity.com/2017/12/21/sednit-update-fancy-bear-spent-year/", - "https://datadrivensecurity.info/blog/posts/2014/Oct/dga-part2/" + "https://www.welivesecurity.com/2017/12/21/sednit-update-fancy-bear-spent-year/" ] }, "uuid": "7bd9c723-2f78-4309-82c5-47cad406572b", @@ -24622,11 +24622,11 @@ "mitre-attack:execution" ], "mitre_data_sources": [ + "Command: Command Execution", "File: File Modification", "Process: Process Creation", "Service: Service Creation", - "Windows Registry: Windows Registry Key Modification", - "Command: Command Execution" + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Windows", @@ -24648,8 +24648,8 @@ "mitre-attack:resource-development" ], "mitre_data_sources": [ - "Malware Repository: Malware Content", "Internet Scan: Response Content", + "Malware Repository: Malware Content", "Malware Repository: Malware Metadata" ], "mitre_platforms": [ @@ -24657,10 +24657,10 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1587", - "https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf", + "https://blog.talosintelligence.com/2020/06/promethium-extends-with-strongpity3.html", "https://securelist.com/sofacy-apt-hits-high-profile-targets-with-updated-toolset/72924/", "https://www.bitdefender.com/files/News/CaseStudies/study/353/Bitdefender-Whitepaper-StrongPity-APT.pdf", - "https://blog.talosintelligence.com/2020/06/promethium-extends-with-strongpity3.html", + "https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf", "https://www.splunk.com/en_us/blog/security/tall-tales-of-hunting-with-tls-ssl-certificates.html" ] }, @@ -24676,8 +24676,8 @@ ], "mitre_data_sources": [ "Certificate: Certificate Registration", - "Malware Repository: Malware Content", "Internet Scan: Response Content", + "Malware Repository: Malware Content", "Malware Repository: Malware Metadata" ], "mitre_platforms": [ @@ -24685,13 +24685,13 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1588", - "https://www.nytimes.com/2013/07/14/world/europe/nations-buying-as-hackers-sell-computer-flaws.html", "https://citizenlab.ca/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/", "https://threatpost.com/final-report-diginotar-hack-shows-total-compromise-ca-servers-103112/77170/", "https://www.mandiant.com/resources/supply-chain-analysis-from-quartermaster-to-sunshop", + "https://www.nytimes.com/2013/07/14/world/europe/nations-buying-as-hackers-sell-computer-flaws.html", "https://www.randhome.io/blog/2020/12/20/analyzing-cobalt-strike-for-fun-and-profit/", - "https://www.splunk.com/en_us/blog/security/tall-tales-of-hunting-with-tls-ssl-certificates.html", - "https://www.recordedfuture.com/cobalt-strike-servers/" + "https://www.recordedfuture.com/cobalt-strike-servers/", + "https://www.splunk.com/en_us/blog/security/tall-tales-of-hunting-with-tls-ssl-certificates.html" ] }, "uuid": "ce0687a0-e692-4b77-964a-0784a8e54ff1", @@ -24707,10 +24707,10 @@ ], "mitre_data_sources": [ "Application Log: Application Log Content", - "Network Traffic: Network Traffic Flow", "Network Traffic: Network Traffic Content", - "Windows Registry: Windows Registry Key Modification", - "Service: Service Creation" + "Network Traffic: Network Traffic Flow", + "Service: Service Creation", + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Windows", @@ -24718,15 +24718,15 @@ "Linux" ], "refs": [ - "https://attack.mitre.org/techniques/T1557", - "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/web-attack/125/how-dns-changer-trojans-direct-users-to-threats", "https://arxiv.org/abs/1809.05681", + "https://attack.mitre.org/techniques/T1557", + "https://blog.netlab.360.com/ttint-an-iot-remote-control-trojan-spread-through-2-0-day-vulnerabilities/", + "https://capec.mitre.org/data/definitions/94.html", "https://securelist.com/ad-blocker-with-miner-included/101105/", + "https://tlseminar.github.io/downgrade-attacks/", "https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/", "https://www.rapid7.com/fundamentals/man-in-the-middle-attacks/", - "https://tlseminar.github.io/downgrade-attacks/", - "https://blog.netlab.360.com/ttint-an-iot-remote-control-trojan-spread-through-2-0-day-vulnerabilities/", - "https://capec.mitre.org/data/definitions/94.html" + "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/web-attack/125/how-dns-changer-trojans-direct-users-to-threats" ] }, "uuid": "035bb001-ab69-4a0b-9f6c-2de8b09e1b9d", @@ -24740,12 +24740,12 @@ "mitre-attack:persistence" ], "mitre_data_sources": [ + "Command: Command Execution", + "File: File Creation", + "File: File Modification", "Process: Process Creation", "Windows Registry: Windows Registry Key Creation", - "Windows Registry: Windows Registry Key Modification", - "Command: Command Execution", - "File: File Modification", - "File: File Creation" + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Windows", @@ -24753,9 +24753,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1137/006", - "https://support.office.com/article/Add-or-remove-add-ins-0af570c4-5cf3-4fa9-9b88-403625a0b460", "https://labs.mwrinfosecurity.com/blog/add-in-opportunities-for-office-persistence/", "https://summit.fireeye.com/content/dam/fireeye-www/summit/cds-2018/presentations/cds18-technical-s03-youve-got-mail.pdf", + "https://support.office.com/article/Add-or-remove-add-ins-0af570c4-5cf3-4fa9-9b88-403625a0b460", "https://www.221bluestreet.com/post/office-templates-and-globaldotname-a-stealthy-office-persistence-technique" ] }, @@ -24776,18 +24776,18 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "Process: Process Creation", - "Command: Command Execution" + "Command: Command Execution", + "Process: Process Creation" ], "mitre_platforms": [ "Windows" ], "refs": [ "https://attack.mitre.org/techniques/T1218/009", - "https://msdn.microsoft.com/en-us/library/04za0hca.aspx", - "https://msdn.microsoft.com/en-us/library/tzat5yw6.aspx", + "https://lolbas-project.github.io/lolbas/Binaries/Regasm/", "https://lolbas-project.github.io/lolbas/Binaries/Regsvcs/", - "https://lolbas-project.github.io/lolbas/Binaries/Regasm/" + "https://msdn.microsoft.com/en-us/library/04za0hca.aspx", + "https://msdn.microsoft.com/en-us/library/tzat5yw6.aspx" ] }, "related": [ @@ -24815,8 +24815,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1001/002", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/techniques/T1001/002" ] }, "related": [ @@ -24843,9 +24843,9 @@ "Windows" ], "refs": [ + "http://adsecurity.org/?p=1275", "https://attack.mitre.org/techniques/T1003/003", - "https://en.wikipedia.org/wiki/Active_Directory", - "http://adsecurity.org/?p=1275" + "https://en.wikipedia.org/wiki/Active_Directory" ] }, "related": [ @@ -24865,25 +24865,25 @@ "mitre-attack:credential-access" ], "mitre_data_sources": [ + "Active Directory: Active Directory Object Access", "Network Traffic: Network Traffic Content", - "Network Traffic: Network Traffic Flow", - "Active Directory: Active Directory Object Access" + "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1003/006", - "https://msdn.microsoft.com/library/cc228086.aspx", - "https://msdn.microsoft.com/library/dd207691.aspx", - "https://wiki.samba.org/index.php/DRSUAPI", - "https://source.winehq.org/WineAPI/samlib.html", - "https://adsecurity.org/?p=1729", "http://www.harmj0y.net/blog/redteaming/mimikatz-and-dcsync-and-extrasids-oh-my/", + "https://adsecurity.org/?p=1729", + "https://attack.mitre.org/techniques/T1003/006", "https://blog.stealthbits.com/manipulating-user-passwords-with-mimikatz-SetNTLM-ChangeNTLM", "https://github.com/gentilkiwi/mimikatz/wiki/module-~-lsadump", + "https://msdn.microsoft.com/library/cc228086.aspx", "https://msdn.microsoft.com/library/cc237008.aspx", - "https://msdn.microsoft.com/library/cc245496.aspx" + "https://msdn.microsoft.com/library/cc245496.aspx", + "https://msdn.microsoft.com/library/dd207691.aspx", + "https://source.winehq.org/WineAPI/samlib.html", + "https://wiki.samba.org/index.php/DRSUAPI" ] }, "related": [ @@ -24912,8 +24912,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1070/006", - "http://windowsir.blogspot.com/2013/07/howto-determinedetect-use-of-anti.html" + "http://windowsir.blogspot.com/2013/07/howto-determinedetect-use-of-anti.html", + "https://attack.mitre.org/techniques/T1070/006" ] }, "related": [ @@ -24933,9 +24933,9 @@ "mitre-attack:lateral-movement" ], "mitre_data_sources": [ - "Process: Process Creation", "Logon Session: Logon Session Creation", - "Network Traffic: Network Connection Creation" + "Network Traffic: Network Connection Creation", + "Process: Process Creation" ], "mitre_platforms": [ "Linux", @@ -24964,8 +24964,8 @@ "mitre-attack:lateral-movement" ], "mitre_data_sources": [ - "Network Traffic: Network Connection Creation", "Logon Session: Logon Session Creation", + "Network Traffic: Network Connection Creation", "Process: Process Creation" ], "mitre_platforms": [ @@ -24974,20 +24974,20 @@ "Windows" ], "refs": [ + "http://lists.openstack.org/pipermail/openstack/2013-December/004138.html", "https://attack.mitre.org/techniques/T1021/005", "https://capec.mitre.org/data/definitions/555.html", "https://datatracker.ietf.org/doc/html/rfc6143#section-7.2.2", - "https://support.apple.com/guide/remote-desktop/set-up-a-computer-running-vnc-software-apdbed09830/mac", + "https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/blob/9aa9181e/src/grd-settings.c#L207", + "https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/blob/9aa9181e/src/org.gnome.desktop.remote-desktop.gschema.xml.in", "https://help.realvnc.com/hc/en-us/articles/360002250097-Setting-up-System-Authentication", "https://int0x33.medium.com/day-70-hijacking-vnc-enum-brute-access-and-crack-d3d18a4601cc", - "https://www.tenable.com/blog/detecting-macos-high-sierra-root-account-without-authentication", + "https://pentestlab.blog/2012/10/30/attacking-vnc-servers/", + "https://sarah-edwards-xzkc.squarespace.com/blog/2020/4/30/analysis-of-apple-unified-logs-quarantine-edition-entry-6-working-from-home-remote-logins", + "https://support.apple.com/guide/remote-desktop/set-up-a-computer-running-vnc-software-apdbed09830/mac", "https://www.bleepingcomputer.com/news/security/dozens-of-vnc-vulnerabilities-found-in-linux-windows-solutions/", "https://www.offensive-security.com/metasploit-unleashed/vnc-authentication/", - "https://pentestlab.blog/2012/10/30/attacking-vnc-servers/", - "http://lists.openstack.org/pipermail/openstack/2013-December/004138.html", - "https://sarah-edwards-xzkc.squarespace.com/blog/2020/4/30/analysis-of-apple-unified-logs-quarantine-edition-entry-6-working-from-home-remote-logins", - "https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/blob/9aa9181e/src/grd-settings.c#L207", - "https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/blob/9aa9181e/src/org.gnome.desktop.remote-desktop.gschema.xml.in" + "https://www.tenable.com/blog/detecting-macos-high-sierra-root-account-without-authentication" ] }, "related": [ @@ -25007,8 +25007,8 @@ "mitre-attack:command-and-control" ], "mitre_data_sources": [ - "Network Traffic: Network Traffic Flow", - "Network Traffic: Network Traffic Content" + "Network Traffic: Network Traffic Content", + "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ "Linux", @@ -25016,10 +25016,10 @@ "Windows" ], "refs": [ + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", "https://attack.mitre.org/techniques/T1071/004", - "https://www.paloaltonetworks.com/cyberpedia/what-is-dns-tunneling", "https://medium.com/@galolbardes/learn-how-easy-is-to-bypass-firewalls-using-dns-tunneling-and-also-how-to-block-it-3ed652f4a000", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://www.paloaltonetworks.com/cyberpedia/what-is-dns-tunneling" ] }, "related": [ @@ -25041,8 +25041,8 @@ ], "mitre_data_sources": [ "Driver: Driver Load", - "Windows Registry: Windows Registry Key Modification", - "Process: OS API Execution" + "Process: OS API Execution", + "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ "Windows", @@ -25051,9 +25051,9 @@ "Network" ], "refs": [ + "http://opensecuritytraining.info/Keylogging_files/The%20Adventures%20of%20a%20Keystroke.pdf", "https://attack.mitre.org/techniques/T1056/001", "https://capec.mitre.org/data/definitions/568.html", - "http://opensecuritytraining.info/Keylogging_files/The%20Adventures%20of%20a%20Keystroke.pdf", "https://community.cisco.com/t5/security-blogs/attackers-continue-to-target-legacy-devices/ba-p/4169954" ] }, @@ -25074,25 +25074,25 @@ "mitre-attack:execution" ], "mitre_data_sources": [ - "Process: Process Metadata", "Command: Command Execution", - "Script: Script Execution", "Module: Module Load", - "Process: Process Creation" + "Process: Process Creation", + "Process: Process Metadata", + "Script: Script Execution" ], "mitre_platforms": [ "Windows" ], "refs": [ + "http://www.malwarearchaeology.com/s/Windows-PowerShell-Logging-Cheat-Sheet-ver-June-2016-v2.pdf", + "http://www.sixdub.net/?p=367", "https://attack.mitre.org/techniques/T1059/001", "https://blogs.msdn.microsoft.com/kebab/2014/04/28/executing-powershell-scripts-from-c/", - "https://silentbreaksecurity.com/powershell-jobs-without-powershell-exe/", - "https://www.fireeye.com/blog/threat-research/2016/02/greater_visibilityt.html", "https://github.com/jaredhaight/PSAttack", "https://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/", - "http://www.malwarearchaeology.com/s/Windows-PowerShell-Logging-Cheat-Sheet-ver-June-2016-v2.pdf", + "https://silentbreaksecurity.com/powershell-jobs-without-powershell-exe/", "https://technet.microsoft.com/en-us/scriptcenter/dd742419.aspx", - "http://www.sixdub.net/?p=367" + "https://www.fireeye.com/blog/threat-research/2016/02/greater_visibilityt.html" ] }, "related": [ @@ -25114,10 +25114,10 @@ "mitre-attack:privilege-escalation" ], "mitre_data_sources": [ - "Scheduled Job: Scheduled Job Creation", "Command: Command Execution", "File: File Modification", - "Process: Process Creation" + "Process: Process Creation", + "Scheduled Job: Scheduled Job Creation" ], "mitre_platforms": [ "Windows", @@ -25126,14 +25126,14 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1053/002", - "https://www.linkedin.com/pulse/getting-attacker-ip-address-from-malicious-linux-job-craig-rowland/", + "https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/audit-other-object-access-events", "https://gtfobins.github.io/gtfobins/at/", "https://man7.org/linux/man-pages/man1/at.1p.html", - "https://twitter.com/leoloobeek/status/939248813465853953", - "https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/audit-other-object-access-events", - "https://technet.microsoft.com/library/dd315590.aspx", + "https://social.technet.microsoft.com/Forums/en-US/e5bca729-52e7-4fcb-ba12-3225c564674c/scheduled-tasks-history-retention-settings?forum=winserver8gen", "https://technet.microsoft.com/en-us/sysinternals/bb963902", - "https://social.technet.microsoft.com/Forums/en-US/e5bca729-52e7-4fcb-ba12-3225c564674c/scheduled-tasks-history-retention-settings?forum=winserver8gen" + "https://technet.microsoft.com/library/dd315590.aspx", + "https://twitter.com/leoloobeek/status/939248813465853953", + "https://www.linkedin.com/pulse/getting-attacker-ip-address-from-malicious-linux-job-craig-rowland/" ] }, "related": [ @@ -25184,9 +25184,9 @@ "mitre-attack:execution" ], "mitre_data_sources": [ - "Process: Process Creation", + "Command: Command Execution", "Process: OS API Execution", - "Command: Command Execution" + "Process: Process Creation" ], "mitre_platforms": [ "macOS" @@ -25194,9 +25194,9 @@ "refs": [ "https://attack.mitre.org/techniques/T1059/002", "https://developer.apple.com/library/archive/documentation/AppleScript/Conceptual/AppleScriptLangGuide/introduction/ASLR_intro.html", - "https://www.sentinelone.com/blog/macos-red-team-calling-apple-apis-without-building-binaries/", + "https://www.mcafee.com/blogs/other-blogs/mcafee-labs/macro-malware-targets-macs/", "https://www.sentinelone.com/blog/how-offensive-actors-use-applescript-for-attacking-macos/", - "https://www.mcafee.com/blogs/other-blogs/mcafee-labs/macro-malware-targets-macs/" + "https://www.sentinelone.com/blog/macos-red-team-calling-apple-apis-without-building-binaries/" ] }, "related": [ @@ -25244,10 +25244,10 @@ "mitre-attack:privilege-escalation" ], "mitre_data_sources": [ - "Scheduled Job: Scheduled Job Creation", + "Command: Command Execution", "File: File Modification", "Process: Process Creation", - "Command: Command Execution" + "Scheduled Job: Scheduled Job Creation" ], "mitre_platforms": [ "Linux", @@ -25303,8 +25303,8 @@ "mitre-attack:execution" ], "mitre_data_sources": [ - "Process: Process Creation", - "Command: Command Execution" + "Command: Command Execution", + "Process: Process Creation" ], "mitre_platforms": [ "Linux", @@ -25332,10 +25332,10 @@ "mitre-attack:execution" ], "mitre_data_sources": [ - "Process: Process Creation", + "Command: Command Execution", "Module: Module Load", - "Script: Script Execution", - "Command: Command Execution" + "Process: Process Creation", + "Script: Script Execution" ], "mitre_platforms": [ "Windows", @@ -25344,15 +25344,15 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1059/007", - "https://nodejs.org/", - "https://docs.microsoft.com/windows/win32/com/translating-to-jscript", + "https://developer.apple.com/library/archive/documentation/LanguagesUtilities/Conceptual/MacAutomationScriptingGuide/index.html", "https://docs.microsoft.com/archive/blogs/gauravseth/the-world-of-jscript-javascript-ecmascript", "https://docs.microsoft.com/scripting/winscript/windows-script-interfaces", - "https://developer.apple.com/library/archive/documentation/LanguagesUtilities/Conceptual/MacAutomationScriptingGuide/index.html", + "https://docs.microsoft.com/windows/win32/com/translating-to-jscript", + "https://nodejs.org/", "https://posts.specterops.io/persistent-jxa-66e1c3cd1cf5", - "https://www.sentinelone.com/blog/macos-red-team-calling-apple-apis-without-building-binaries/", "https://redcanary.com/blog/clipping-silver-sparrows-wings/", - "https://www.mdsec.co.uk/2021/01/macos-post-exploitation-shenanigans-with-vscode-extensions/" + "https://www.mdsec.co.uk/2021/01/macos-post-exploitation-shenanigans-with-vscode-extensions/", + "https://www.sentinelone.com/blog/macos-red-team-calling-apple-apis-without-building-binaries/" ] }, "related": [ @@ -25373,8 +25373,8 @@ ], "mitre_data_sources": [ "Command: Command Execution", - "Network Traffic: Network Connection Creation", "Module: Module Load", + "Network Traffic: Network Connection Creation", "Process: Process Creation" ], "mitre_platforms": [ @@ -25382,8 +25382,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1218/010", - "https://support.microsoft.com/en-us/kb/249873", "https://lolbas-project.github.io/lolbas/Binaries/Regsvr32/", + "https://support.microsoft.com/en-us/kb/249873", "https://www.carbonblack.com/2016/04/28/threat-advisory-squiblydoo-continues-trend-of-attackers-using-native-os-tools-to-live-off-the-land/", "https://www.fireeye.com/blog/threat-research/2017/02/spear_phishing_techn.html" ] @@ -25433,9 +25433,9 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "Script: Script Execution", + "Command: Command Execution", "Process: Process Creation", - "Command: Command Execution" + "Script: Script Execution" ], "mitre_platforms": [ "Windows" @@ -25463,17 +25463,17 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "Process: Process Creation", - "Command: Command Execution" + "Command: Command Execution", + "Process: Process Creation" ], "mitre_platforms": [ "Windows" ], "refs": [ "https://attack.mitre.org/techniques/T1127/001", - "https://msdn.microsoft.com/library/dd393574.aspx", "https://docs.microsoft.com/en-us/visualstudio/msbuild/msbuild-inline-tasks?view=vs-2019#code-element", - "https://lolbas-project.github.io/lolbas/Binaries/Msbuild/" + "https://lolbas-project.github.io/lolbas/Binaries/Msbuild/", + "https://msdn.microsoft.com/library/dd393574.aspx" ] }, "related": [ @@ -25493,8 +25493,8 @@ "mitre-attack:collection" ], "mitre_data_sources": [ - "Logon Session: Logon Session Creation", - "Application Log: Application Log Content" + "Application Log: Application Log Content", + "Logon Session: Logon Session Creation" ], "mitre_platforms": [ "Windows", @@ -25523,20 +25523,20 @@ ], "mitre_data_sources": [ "Command: Command Execution", - "Process: Process Creation", - "Network Traffic: Network Connection Creation" + "Network Traffic: Network Connection Creation", + "Process: Process Creation" ], "mitre_platforms": [ "Windows" ], "refs": [ + "http://www.endurant.io/cmstp/detecting-cmstp-enabled-code-execution-and-uac-bypass-with-sysmon/", "https://attack.mitre.org/techniques/T1218/003", "https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2003/cc786431(v=ws.10)", - "https://twitter.com/ItsReallyNick/status/958789644165894146", - "https://msitpros.com/?p=3960", - "https://twitter.com/NickTyrer/status/958450014111633408", "https://github.com/api0cradle/UltimateAppLockerByPassList", - "http://www.endurant.io/cmstp/detecting-cmstp-enabled-code-execution-and-uac-bypass-with-sysmon/" + "https://msitpros.com/?p=3960", + "https://twitter.com/ItsReallyNick/status/958789644165894146", + "https://twitter.com/NickTyrer/status/958450014111633408" ] }, "related": [ @@ -25564,8 +25564,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1218/004", - "https://msdn.microsoft.com/en-us/library/50614e95.aspx", - "https://lolbas-project.github.io/lolbas/Binaries/Installutil/" + "https://lolbas-project.github.io/lolbas/Binaries/Installutil/", + "https://msdn.microsoft.com/en-us/library/50614e95.aspx" ] }, "related": [ @@ -25585,24 +25585,24 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "Process: Process Creation", + "Command: Command Execution", "File: File Creation", "Network Traffic: Network Connection Creation", - "Command: Command Execution" + "Process: Process Creation" ], "mitre_platforms": [ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1218/005", - "https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf", - "https://www.redcanary.com/blog/microsoft-html-application-hta-abuse-part-deux/", - "https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199-hta-handler.html", "https://airbus-cyber-security.com/fileless-malware-behavioural-analysis-kovter-persistence/", - "https://www.fireeye.com/blog/threat-research/2017/04/fin7-phishing-lnk.html", + "https://attack.mitre.org/techniques/T1218/005", "https://en.wikipedia.org/wiki/HTML_Application", + "https://lolbas-project.github.io/lolbas/Binaries/Mshta/", "https://msdn.microsoft.com/library/ms536471.aspx", - "https://lolbas-project.github.io/lolbas/Binaries/Mshta/" + "https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf", + "https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199-hta-handler.html", + "https://www.fireeye.com/blog/threat-research/2017/04/fin7-phishing-lnk.html", + "https://www.redcanary.com/blog/microsoft-html-application-hta-abuse-part-deux/" ] }, "related": [ @@ -25650,9 +25650,9 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "Network Traffic: Network Connection Creation", - "Module: Module Load", "Command: Command Execution", + "Module: Module Load", + "Network Traffic: Network Connection Creation", "Process: Process Creation" ], "mitre_platforms": [ @@ -25661,9 +25661,9 @@ "refs": [ "https://attack.mitre.org/techniques/T1218/007", "https://blog.trendmicro.com/trendlabs-security-intelligence/attack-using-windows-installer-msiexec-exe-leads-lokibot/", - "https://lolbas-project.github.io/lolbas/Binaries/Msiexec/", "https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/msiexec", - "https://docs.microsoft.com/en-us/windows/win32/msi/alwaysinstallelevated" + "https://docs.microsoft.com/en-us/windows/win32/msi/alwaysinstallelevated", + "https://lolbas-project.github.io/lolbas/Binaries/Msiexec/" ] }, "related": [ @@ -25683,19 +25683,19 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "Process: Process Creation", "Command: Command Execution", - "Module: Module Load" + "Module: Module Load", + "Process: Process Creation" ], "mitre_platforms": [ "Windows" ], "refs": [ "https://attack.mitre.org/techniques/T1218/008", - "https://docs.microsoft.com/en-us/sql/odbc/odbcconf-exe?view=sql-server-2017", - "https://lolbas-project.github.io/lolbas/Binaries/Odbcconf/", "https://blog.trendmicro.com/trendlabs-security-intelligence/backdoor-carrying-emails-set-sights-on-russian-speaking-businesses/", - "https://blog.trendmicro.com/trendlabs-security-intelligence/cobalt-spam-runs-use-macros-cve-2017-8759-exploit/" + "https://blog.trendmicro.com/trendlabs-security-intelligence/cobalt-spam-runs-use-macros-cve-2017-8759-exploit/", + "https://docs.microsoft.com/en-us/sql/odbc/odbcconf-exe?view=sql-server-2017", + "https://lolbas-project.github.io/lolbas/Binaries/Odbcconf/" ] }, "related": [ @@ -25715,8 +25715,8 @@ "mitre-attack:resource-development" ], "mitre_data_sources": [ - "Domain Name: Domain Registration", "Domain Name: Active DNS", + "Domain Name: Domain Registration", "Domain Name: Passive DNS" ], "mitre_platforms": [ @@ -25725,12 +25725,12 @@ "refs": [ "https://attack.mitre.org/techniques/T1583/001", "https://capec.mitre.org/data/definitions/630.html", + "https://threatconnect.com/blog/infrastructure-research-hunting/", "https://us-cert.cisa.gov/ncas/alerts/aa20-258a", - "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-apt28.pdf", - "https://www.zdnet.com/article/paypal-alert-beware-the-paypai-scam-5000109103/", "https://us-cert.cisa.gov/ncas/tips/ST05-016", + "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-apt28.pdf", "https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf", - "https://threatconnect.com/blog/infrastructure-research-hunting/" + "https://www.zdnet.com/article/paypal-alert-beware-the-paypai-scam-5000109103/" ] }, "related": [ @@ -25750,18 +25750,18 @@ "mitre-attack:resource-development" ], "mitre_data_sources": [ + "Domain Name: Active DNS", "Domain Name: Domain Registration", - "Domain Name: Passive DNS", - "Domain Name: Active DNS" + "Domain Name: Passive DNS" ], "mitre_platforms": [ "PRE" ], "refs": [ "https://attack.mitre.org/techniques/T1584/001", + "https://docs.microsoft.com/en-us/azure/security/fundamentals/subdomain-takeover", "https://krebsonsecurity.com/2019/02/a-deep-dive-on-the-recent-widespread-dns-hijacking-attacks/", - "https://www.icann.org/groups/ssac/documents/sac-007-en", - "https://docs.microsoft.com/en-us/azure/security/fundamentals/subdomain-takeover" + "https://www.icann.org/groups/ssac/documents/sac-007-en" ] }, "related": [ @@ -25782,20 +25782,20 @@ ], "mitre_data_sources": [ "Command: Command Execution", - "Process: Process Creation", + "File: File Access", "Process: OS API Execution", - "File: File Access" + "Process: Process Creation" ], "mitre_platforms": [ "macOS" ], "refs": [ - "https://attack.mitre.org/techniques/T1555/001", "http://www.slideshare.net/StephanBorosh/external-to-da-the-os-x-way", + "https://attack.mitre.org/techniques/T1555/001", "https://developer.apple.com/documentation/security/keychain_services", "https://github.com/EmpireProject/Empire/blob/08cbd274bef78243d7a8ed6443b8364acd1fc48b/lib/modules/python/collection/osx/keychaindump_decrypt.py", - "https://www.netmeister.org/blog/keychain-passwords.html", - "https://support.passware.com/hc/en-us/articles/4573379868567-A-Deep-Dive-into-Apple-Keychain-Decryption" + "https://support.passware.com/hc/en-us/articles/4573379868567-A-Deep-Dive-into-Apple-Keychain-Decryption", + "https://www.netmeister.org/blog/keychain-passwords.html" ] }, "related": [ @@ -25846,19 +25846,19 @@ "mitre-attack:execution" ], "mitre_data_sources": [ - "Service: Service Creation", - "Process: Process Creation", + "Command: Command Execution", "File: File Modification", - "Command: Command Execution" + "Process: Process Creation", + "Service: Service Creation" ], "mitre_platforms": [ "macOS" ], "refs": [ "https://attack.mitre.org/techniques/T1569/001", - "https://ss64.com/osx/launchctl.html", + "https://labs.sentinelone.com/20-common-tools-techniques-used-by-macos-threat-actors-malware/", "https://researchcenter.paloaltonetworks.com/2016/09/unit42-sofacys-komplex-os-x-trojan/", - "https://labs.sentinelone.com/20-common-tools-techniques-used-by-macos-threat-actors-malware/" + "https://ss64.com/osx/launchctl.html" ] }, "related": [ @@ -25878,18 +25878,18 @@ "mitre-attack:resource-development" ], "mitre_data_sources": [ - "Malware Repository: Malware Metadata", - "Malware Repository: Malware Content" + "Malware Repository: Malware Content", + "Malware Repository: Malware Metadata" ], "mitre_platforms": [ "PRE" ], "refs": [ - "https://attack.mitre.org/techniques/T1587/001", - "https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf", - "https://securelist.com/sofacy-apt-hits-high-profile-targets-with-updated-toolset/72924/", "https://arstechnica.com/information-technology/2014/06/active-malware-operation-let-attackers-sabotage-us-energy-industry/", + "https://attack.mitre.org/techniques/T1587/001", + "https://securelist.com/sofacy-apt-hits-high-profile-targets-with-updated-toolset/72924/", "https://therecord.media/fbi-fin7-hackers-target-us-companies-with-badusb-devices-to-install-ransomware/", + "https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf", "https://www2.fireeye.com/rs/848-DID-242/images/rpt-apt29-hammertoss.pdf" ] }, @@ -25910,8 +25910,8 @@ "mitre-attack:resource-development" ], "mitre_data_sources": [ - "Malware Repository: Malware Metadata", - "Malware Repository: Malware Content" + "Malware Repository: Malware Content", + "Malware Repository: Malware Metadata" ], "mitre_platforms": [ "PRE" @@ -25944,13 +25944,13 @@ "refs": [ "https://attack.mitre.org/techniques/T1589/001", "https://cybersecurity.att.com/blogs/labs-research/scanbox-a-reconnaissance-framework-used-on-watering-hole-attacks", - "https://www.theregister.com/2017/09/26/deloitte_leak_github_and_google/", - "https://www.theregister.com/2015/02/28/uber_subpoenas_github_for_hacker_details/", - "https://labs.detectify.com/2016/04/28/slack-bot-token-leakage-exposing-business-critical-information/", - "https://www.forbes.com/sites/runasandvik/2014/01/14/attackers-scrape-github-for-cloud-service-credentials-hijack-account-to-mine-virtual-currency/#242c479d3196", "https://github.com/dxa4481/truffleHog", "https://github.com/michenriksen/gitrob", - "https://www.cnet.com/news/massive-breach-leaks-773-million-emails-21-million-passwords/" + "https://labs.detectify.com/2016/04/28/slack-bot-token-leakage-exposing-business-critical-information/", + "https://www.cnet.com/news/massive-breach-leaks-773-million-emails-21-million-passwords/", + "https://www.forbes.com/sites/runasandvik/2014/01/14/attackers-scrape-github-for-cloud-service-credentials-hijack-account-to-mine-virtual-currency/#242c479d3196", + "https://www.theregister.com/2015/02/28/uber_subpoenas_github_for_hacker_details/", + "https://www.theregister.com/2017/09/26/deloitte_leak_github_and_google/" ] }, "related": [ @@ -26006,10 +26006,10 @@ "Windows" ], "refs": [ + "http://www.symantec.com/connect/blogs/are-mbr-infections-back-fashion", "https://attack.mitre.org/techniques/T1542/003", "https://capec.mitre.org/data/definitions/552.html", - "https://www.fireeye.com/content/dam/fireeye-www/current-threats/pdfs/rpt-mtrends-2016.pdf", - "http://www.symantec.com/connect/blogs/are-mbr-infections-back-fashion" + "https://www.fireeye.com/content/dam/fireeye-www/current-threats/pdfs/rpt-mtrends-2016.pdf" ] }, "related": [ @@ -26033,8 +26033,8 @@ "PRE" ], "refs": [ - "https://attack.mitre.org/techniques/T1592/003", - "https://arstechnica.com/information-technology/2020/08/intel-is-investigating-the-leak-of-20gb-of-its-source-code-and-private-data/" + "https://arstechnica.com/information-technology/2020/08/intel-is-investigating-the-leak-of-20gb-of-its-source-code-and-private-data/", + "https://attack.mitre.org/techniques/T1592/003" ] }, "related": [ @@ -26085,9 +26085,9 @@ ], "mitre_data_sources": [ "Command: Command Execution", - "Process: Process Creation", - "File: File Modification", "File: File Creation", + "File: File Modification", + "Process: Process Creation", "Windows Registry: Windows Registry Key Modification" ], "mitre_platforms": [ @@ -26095,8 +26095,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1546/002", - "https://www.welivesecurity.com/wp-content/uploads/2017/08/eset-gazer.pdf", - "https://en.wikipedia.org/wiki/Screensaver" + "https://en.wikipedia.org/wiki/Screensaver", + "https://www.welivesecurity.com/wp-content/uploads/2017/08/eset-gazer.pdf" ] }, "related": [ @@ -26148,8 +26148,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1588/002", - "https://www.recordedfuture.com/identifying-cobalt-strike-servers/", - "https://www.randhome.io/blog/2020/12/20/analyzing-cobalt-strike-for-fun-and-profit/" + "https://www.randhome.io/blog/2020/12/20/analyzing-cobalt-strike-for-fun-and-profit/", + "https://www.recordedfuture.com/identifying-cobalt-strike-servers/" ] }, "related": [ @@ -26177,10 +26177,10 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1583/004", - "https://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html", + "https://michaelkoczwara.medium.com/cobalt-strike-c2-hunting-with-shodan-c448d501a6e2", "https://threatconnect.com/blog/infrastructure-research-hunting/", "https://www.mandiant.com/resources/scandalous-external-detection-using-network-scan-data-and-automation", - "https://michaelkoczwara.medium.com/cobalt-strike-c2-hunting-with-shodan-c448d501a6e2" + "https://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html" ] }, "related": [ @@ -26205,11 +26205,11 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1583/005", - "https://us.norton.com/internetsecurity-malware-what-is-a-botnet.html", - "https://www.imperva.com/learn/ddos/booters-stressers-ddosers/", - "https://krebsonsecurity.com/2017/01/who-is-anna-senpai-the-mirai-worm-author/", + "https://krebsonsecurity.com/2016/10/are-the-days-of-booter-services-numbered/", "https://krebsonsecurity.com/2016/10/hackforums-shutters-booter-service-bazaar/", - "https://krebsonsecurity.com/2016/10/are-the-days-of-booter-services-numbered/" + "https://krebsonsecurity.com/2017/01/who-is-anna-senpai-the-mirai-worm-author/", + "https://us.norton.com/internetsecurity-malware-what-is-a-botnet.html", + "https://www.imperva.com/learn/ddos/booters-stressers-ddosers/" ] }, "related": [ @@ -26235,14 +26235,14 @@ "Windows" ], "refs": [ + "https://adsecurity.org/?p=2293", "https://attack.mitre.org/techniques/T1558/003", + "https://blogs.technet.microsoft.com/motiba/2018/02/23/detecting-kerberoasting-activity-using-azure-security-center/", "https://capec.mitre.org/data/definitions/509.html", "https://github.com/EmpireProject/Empire/blob/master/data/module_source/credentials/Invoke-Kerberoast.ps1", - "https://adsecurity.org/?p=2293", - "https://blogs.technet.microsoft.com/motiba/2018/02/23/detecting-kerberoasting-activity-using-azure-security-center/", "https://msdn.microsoft.com/library/ms677949.aspx", - "https://social.technet.microsoft.com/wiki/contents/articles/717.service-principal-names-spns-setspn-syntax-setspn-exe.aspx", "https://redsiege.com/kerberoast-slides", + "https://social.technet.microsoft.com/wiki/contents/articles/717.service-principal-names-spns-setspn-syntax-setspn-exe.aspx", "https://www.harmj0y.net/blog/powershell/kerberoasting-without-mimikatz/" ] }, @@ -26263,17 +26263,17 @@ "mitre-attack:resource-development" ], "mitre_data_sources": [ - "Internet Scan: Response Metadata", - "Internet Scan: Response Content" + "Internet Scan: Response Content", + "Internet Scan: Response Metadata" ], "mitre_platforms": [ "PRE" ], "refs": [ "https://attack.mitre.org/techniques/T1584/004", + "https://michaelkoczwara.medium.com/cobalt-strike-c2-hunting-with-shodan-c448d501a6e2", "https://threatconnect.com/blog/infrastructure-research-hunting/", - "https://www.mandiant.com/resources/scandalous-external-detection-using-network-scan-data-and-automation", - "https://michaelkoczwara.medium.com/cobalt-strike-c2-hunting-with-shodan-c448d501a6e2" + "https://www.mandiant.com/resources/scandalous-external-detection-using-network-scan-data-and-automation" ] }, "related": [ @@ -26294,10 +26294,10 @@ "mitre-attack:persistence" ], "mitre_data_sources": [ - "File: File Creation", - "Process: Process Creation", "Command: Command Execution", - "File: File Modification" + "File: File Creation", + "File: File Modification", + "Process: Process Creation" ], "mitre_platforms": [ "macOS", @@ -26305,8 +26305,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1546/005", - "https://ss64.com/bash/trap.html", - "https://bash.cyberciti.biz/guide/Trap_statement" + "https://bash.cyberciti.biz/guide/Trap_statement", + "https://ss64.com/bash/trap.html" ] }, "related": [ @@ -26331,9 +26331,9 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1584/005", - "https://www.secureworks.com/research/dridex-bugat-v5-botnet-takeover-operation", + "https://us.norton.com/internetsecurity-malware-what-is-a-botnet.html", "https://www.imperva.com/learn/ddos/booters-stressers-ddosers/", - "https://us.norton.com/internetsecurity-malware-what-is-a-botnet.html" + "https://www.secureworks.com/research/dridex-bugat-v5-botnet-takeover-operation" ] }, "related": [ @@ -26383,8 +26383,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1587/004", - "https://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html", - "https://www.irongeek.com/i.php?page=videos/bsidescharm2017/bsidescharm-2017-t111-microsoft-patch-analysis-for-exploitation-stephen-sims" + "https://www.irongeek.com/i.php?page=videos/bsidescharm2017/bsidescharm-2017-t111-microsoft-patch-analysis-for-exploitation-stephen-sims", + "https://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html" ] }, "related": [ @@ -26409,11 +26409,11 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1588/005", - "https://www.exploit-db.com/", - "https://www.wired.co.uk/article/darkhotel-hacking-team-cyber-espionage", - "https://www.nytimes.com/2013/07/14/world/europe/nations-buying-as-hackers-sell-computer-flaws.html", "https://citizenlab.ca/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/", - "https://www.vice.com/en/article/3kx5y3/uzbekistan-hacking-operations-uncovered-due-to-spectacularly-bad-opsec" + "https://www.exploit-db.com/", + "https://www.nytimes.com/2013/07/14/world/europe/nations-buying-as-hackers-sell-computer-flaws.html", + "https://www.vice.com/en/article/3kx5y3/uzbekistan-hacking-operations-uncovered-due-to-spectacularly-bad-opsec", + "https://www.wired.co.uk/article/darkhotel-hacking-team-cyber-espionage" ] }, "related": [ @@ -26459,8 +26459,8 @@ ], "mitre_data_sources": [ "Command: Command Execution", - "Module: Module Load", "File: File Metadata", + "Module: Module Load", "Process: Process Creation" ], "mitre_platforms": [ @@ -26468,10 +26468,10 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1218/011", - "https://www.cynet.com/attack-techniques-hands-on/defense-evasion-techniques/", - "https://www.attackify.com/blog/rundll32_execution_order/", - "https://thisissecurity.stormshield.com/2014/08/20/poweliks-command-line-confusion/", "https://github.com/gtworek/PSBits/tree/master/NoRunDll", + "https://thisissecurity.stormshield.com/2014/08/20/poweliks-command-line-confusion/", + "https://www.attackify.com/blog/rundll32_execution_order/", + "https://www.cynet.com/attack-techniques-hands-on/defense-evasion-techniques/", "https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-cpl-malware.pdf" ] }, @@ -26500,11 +26500,11 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1218/012", - "https://www.winosbite.com/verclsid-exe/ ", + "https://bohops.com/2018/08/18/abusing-the-com-registry-structure-part-2-loading-techniques-for-evasion-and-persistence/", + "https://gist.github.com/NickTyrer/0598b60112eaafe6d07789f7964290d5", "https://lolbas-project.github.io/lolbas/Binaries/Verclsid/", "https://redcanary.com/blog/verclsid-exe-threat-detection/", - "https://bohops.com/2018/08/18/abusing-the-com-registry-structure-part-2-loading-techniques-for-evasion-and-persistence/", - "https://gist.github.com/NickTyrer/0598b60112eaafe6d07789f7964290d5" + "https://www.winosbite.com/verclsid-exe/ " ] }, "related": [ @@ -26556,22 +26556,22 @@ ], "mitre_data_sources": [ "Command: Command Execution", - "Process: Process Creation", - "File: File Creation" + "File: File Creation", + "Process: Process Creation" ], "mitre_platforms": [ "Windows" ], "refs": [ "https://attack.mitre.org/techniques/T1218/014", - "https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/mmc", + "https://bohops.com/2018/08/18/abusing-the-com-registry-structure-part-2-loading-techniques-for-evasion-and-persistence/", "https://docs.microsoft.com/en-us/troubleshoot/windows-server/system-management-components/what-is-microsoft-management-console", - "https://www.ghacks.net/2017/06/10/windows-msc-files-overview/", + "https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/mmc", "https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/wbadmin-delete-catalog", - "https://www.virustotal.com/gui/file/0b4c743246478a6a8c9fa3ff8e04f297507c2f0ea5d61a1284fe65387d172f81/detection ", "https://docs.microsoft.com/en-us/windows/win32/com/clsid-key-hklm", "https://research.checkpoint.com/2019/microsoft-management-console-mmc-vulnerabilities/", - "https://bohops.com/2018/08/18/abusing-the-com-registry-structure-part-2-loading-techniques-for-evasion-and-persistence/" + "https://www.ghacks.net/2017/06/10/windows-msc-files-overview/", + "https://www.virustotal.com/gui/file/0b4c743246478a6a8c9fa3ff8e04f297507c2f0ea5d61a1284fe65387d172f81/detection " ] }, "related": [ @@ -26605,10 +26605,10 @@ "https://attack.mitre.org/techniques/T1574/012", "https://docs.microsoft.com/en-us/dotnet/framework/unmanaged-api/profiling/profiling-overview", "https://docs.microsoft.com/en-us/previous-versions/dotnet/netframework-4.0/ee471451(v=vs.100)", + "https://github.com/OmerYa/Invisi-Shell", + "https://offsec.almond.consulting/UAC-bypass-dotnet.html", "https://redcanary.com/blog/blue-mockingbird-cryptominer/", "https://redcanary.com/blog/cor_profiler-for-persistence/", - "https://offsec.almond.consulting/UAC-bypass-dotnet.html", - "https://github.com/OmerYa/Invisi-Shell", "https://web.archive.org/web/20170720041203/http://subt0x10.blogspot.com/2017/05/subvert-clr-process-listing-with-net.html" ] }, @@ -26637,9 +26637,9 @@ "refs": [ "https://attack.mitre.org/techniques/T1574/013", "https://blog.malwarebytes.com/threat-intelligence/2022/01/north-koreas-lazarus-apt-leverages-windows-update-client-github-in-latest-campaign/", - "https://www.microsoft.com/security/blog/2018/03/01/finfisher-exposed-a-researchers-tale-of-defeating-traps-tricks-and-complex-virtual-machines/", + "https://docs.microsoft.com/en-us/windows/win32/api/winternl/nf-winternl-ntqueryinformationprocess", "https://modexp.wordpress.com/2019/05/25/windows-injection-finspy/", - "https://docs.microsoft.com/en-us/windows/win32/api/winternl/nf-winternl-ntqueryinformationprocess" + "https://www.microsoft.com/security/blog/2018/03/01/finfisher-exposed-a-researchers-tale-of-defeating-traps-tricks-and-complex-virtual-machines/" ] }, "related": [ @@ -26660,19 +26660,19 @@ "mitre-attack:persistence" ], "mitre_data_sources": [ - "File: File Modification", + "Command: Command Execution", "File: File Creation", - "Process: Process Creation", - "Command: Command Execution" + "File: File Modification", + "Process: Process Creation" ], "mitre_platforms": [ "macOS" ], "refs": [ - "https://attack.mitre.org/techniques/T1546/014", "http://www.magnusviri.com/Mac/what-is-emond.html", - "https://www.xorrior.com/emond-persistence/", - "https://www.sentinelone.com/blog/how-malware-persists-on-macos/" + "https://attack.mitre.org/techniques/T1546/014", + "https://www.sentinelone.com/blog/how-malware-persists-on-macos/", + "https://www.xorrior.com/emond-persistence/" ] }, "related": [ @@ -26727,10 +26727,10 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1121", - "https://msdn.microsoft.com/en-us/library/04za0hca.aspx", - "https://msdn.microsoft.com/en-us/library/tzat5yw6.aspx", + "https://lolbas-project.github.io/lolbas/Binaries/Regasm/", "https://lolbas-project.github.io/lolbas/Binaries/Regsvcs/", - "https://lolbas-project.github.io/lolbas/Binaries/Regasm/" + "https://msdn.microsoft.com/en-us/library/04za0hca.aspx", + "https://msdn.microsoft.com/en-us/library/tzat5yw6.aspx" ] }, "related": [ @@ -26753,8 +26753,8 @@ "mitre-attack:command-and-control" ], "mitre_data_sources": [ - "Network Traffic: Network Traffic Content", "Network Traffic: Network Connection Creation", + "Network Traffic: Network Traffic Content", "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ @@ -26764,9 +26764,9 @@ "Network" ], "refs": [ - "https://attack.mitre.org/techniques/T1090", "http://blog.trendmicro.com/trendlabs-security-intelligence/in-depth-look-apt-attack-tools-of-the-trade/", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/techniques/T1090" ] }, "uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", @@ -26780,8 +26780,8 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "File: File Modification", "Drive: Drive Modification", + "File: File Modification", "Firmware: Firmware Modification" ], "mitre_platforms": [ @@ -26790,12 +26790,12 @@ "Windows" ], "refs": [ + "http://www.blackhat.com/docs/asia-14/materials/Tsai/WP-Asia-14-Tsai-You-Cant-See-Me-A-Mac-OS-X-Rootkit-Uses-The-Tricks-You-Havent-Known-Yet.pdf", "https://attack.mitre.org/techniques/T1014", "https://capec.mitre.org/data/definitions/552.html", - "https://www.symantec.com/avcenter/reference/windows.rootkit.overview.pdf", "https://en.wikipedia.org/wiki/Rootkit", "https://www.crowdstrike.com/blog/http-iframe-injecting-linux-rootkit/", - "http://www.blackhat.com/docs/asia-14/materials/Tsai/WP-Asia-14-Tsai-You-Cant-See-Me-A-Mac-OS-X-Rootkit-Uses-The-Tricks-You-Havent-Known-Yet.pdf" + "https://www.symantec.com/avcenter/reference/windows.rootkit.overview.pdf" ] }, "uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", @@ -26814,15 +26814,15 @@ "Windows" ], "refs": [ + "https://airbus-cyber-security.com/fileless-malware-behavioural-analysis-kovter-persistence/", "https://attack.mitre.org/techniques/T1170", "https://en.wikipedia.org/wiki/HTML_Application", + "https://lolbas-project.github.io/lolbas/Binaries/Mshta/", "https://msdn.microsoft.com/library/ms536471.aspx", "https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf", - "https://www.redcanary.com/blog/microsoft-html-application-hta-abuse-part-deux/", "https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199-hta-handler.html", - "https://airbus-cyber-security.com/fileless-malware-behavioural-analysis-kovter-persistence/", "https://www.fireeye.com/blog/threat-research/2017/04/fin7-phishing-lnk.html", - "https://lolbas-project.github.io/lolbas/Binaries/Mshta/" + "https://www.redcanary.com/blog/microsoft-html-application-hta-abuse-part-deux/" ] }, "related": [ @@ -26880,8 +26880,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1085", - "https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-cpl-malware.pdf", - "https://thisissecurity.stormshield.com/2014/08/20/poweliks-command-line-confusion/" + "https://thisissecurity.stormshield.com/2014/08/20/poweliks-command-line-confusion/", + "https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-cpl-malware.pdf" ] }, "related": [ @@ -26908,12 +26908,12 @@ "Windows" ], "refs": [ + "http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.90.8832&rep=rep1&type=pdf", + "http://en.wikipedia.org/wiki/Xen", + "http://virtualization.info/en/news/2006/08/debunking-blue-pill-myth.html", "https://attack.mitre.org/techniques/T1062", "https://capec.mitre.org/data/definitions/552.html", - "https://en.wikipedia.org/wiki/Hypervisor", - "http://en.wikipedia.org/wiki/Xen", - "http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.90.8832&rep=rep1&type=pdf", - "http://virtualization.info/en/news/2006/08/debunking-blue-pill-myth.html" + "https://en.wikipedia.org/wiki/Hypervisor" ] }, "uuid": "4be89c7c-ace6-4876-9377-c8d54cef3d63", @@ -26931,14 +26931,14 @@ "Windows" ], "refs": [ + "https://adsecurity.org/?p=2293", "https://attack.mitre.org/techniques/T1208", "https://blogs.technet.microsoft.com/motiba/2018/02/23/detecting-kerberoasting-activity-using-azure-security-center/", - "https://msdn.microsoft.com/library/ms677949.aspx", - "https://social.technet.microsoft.com/wiki/contents/articles/717.service-principal-names-spns-setspn-syntax-setspn-exe.aspx", - "https://redsiege.com/kerberoast-slides", - "https://www.harmj0y.net/blog/powershell/kerberoasting-without-mimikatz/", "https://github.com/EmpireProject/Empire/blob/master/data/module_source/credentials/Invoke-Kerberoast.ps1", - "https://adsecurity.org/?p=2293" + "https://msdn.microsoft.com/library/ms677949.aspx", + "https://redsiege.com/kerberoast-slides", + "https://social.technet.microsoft.com/wiki/contents/articles/717.service-principal-names-spns-setspn-syntax-setspn-exe.aspx", + "https://www.harmj0y.net/blog/powershell/kerberoasting-without-mimikatz/" ] }, "related": [ @@ -26961,15 +26961,15 @@ "mitre-attack:defense-evasion" ], "mitre_data_sources": [ - "Process: Process Metadata", - "Scheduled Job: Scheduled Job Modification", - "Image: Image Metadata", "Command: Command Execution", "File: File Metadata", + "File: File Modification", + "Image: Image Metadata", + "Process: Process Metadata", "Scheduled Job: Scheduled Job Metadata", - "Service: Service Metadata", + "Scheduled Job: Scheduled Job Modification", "Service: Service Creation", - "File: File Modification" + "Service: Service Metadata" ], "mitre_platforms": [ "Linux", @@ -26978,10 +26978,10 @@ "Containers" ], "refs": [ + "http://pages.endgame.com/rs/627-YBU-612/images/EndgameJournal_The%20Masquerade%20Ball_Pages_R2.pdf", "https://attack.mitre.org/techniques/T1036", "https://capec.mitre.org/data/definitions/177.html", "https://lolbas-project.github.io/", - "http://pages.endgame.com/rs/627-YBU-612/images/EndgameJournal_The%20Masquerade%20Ball_Pages_R2.pdf", "https://twitter.com/ItsReallyNick/status/1055321652777619457" ] }, @@ -27003,12 +27003,12 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1064", "http://www.metasploit.com", - "https://www.veil-framework.com/framework/", - "https://github.com/mattifestation/PowerSploit", + "https://attack.mitre.org/techniques/T1064", "https://blog.crowdstrike.com/deep-thought-chinese-targeting-national-security-think-tanks/", - "https://www.uperesia.com/analyzing-malicious-office-documents" + "https://github.com/mattifestation/PowerSploit", + "https://www.uperesia.com/analyzing-malicious-office-documents", + "https://www.veil-framework.com/framework/" ] }, "uuid": "7fd87010-3a00-4da3-b905-410525e8ec44", @@ -27027,9 +27027,9 @@ "Windows" ], "refs": [ + "http://www.symantec.com/connect/blogs/are-mbr-infections-back-fashion", "https://attack.mitre.org/techniques/T1067", - "https://www.fireeye.com/content/dam/fireeye-www/regional/fr_FR/offers/pdfs/ig-mtrends-2016.pdf", - "http://www.symantec.com/connect/blogs/are-mbr-infections-back-fashion" + "https://www.fireeye.com/content/dam/fireeye-www/regional/fr_FR/offers/pdfs/ig-mtrends-2016.pdf" ] }, "related": [ @@ -27056,14 +27056,14 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/techniques/T1086", - "https://technet.microsoft.com/en-us/scriptcenter/dd742419.aspx", - "https://github.com/mattifestation/PowerSploit", - "https://github.com/jaredhaight/PSAttack", - "http://www.sixdub.net/?p=367", - "https://silentbreaksecurity.com/powershell-jobs-without-powershell-exe/", - "https://blogs.msdn.microsoft.com/kebab/2014/04/28/executing-powershell-scripts-from-c/", "http://www.malwarearchaeology.com/s/Windows-PowerShell-Logging-Cheat-Sheet-ver-June-2016-v2.pdf", + "http://www.sixdub.net/?p=367", + "https://attack.mitre.org/techniques/T1086", + "https://blogs.msdn.microsoft.com/kebab/2014/04/28/executing-powershell-scripts-from-c/", + "https://github.com/jaredhaight/PSAttack", + "https://github.com/mattifestation/PowerSploit", + "https://silentbreaksecurity.com/powershell-jobs-without-powershell-exe/", + "https://technet.microsoft.com/en-us/scriptcenter/dd742419.aspx", "https://www.fireeye.com/blog/threat-research/2016/02/greater_visibilityt.html" ] }, @@ -27093,8 +27093,8 @@ "macOS" ], "refs": [ - "https://attack.mitre.org/techniques/T1099", - "http://windowsir.blogspot.com/2013/07/howto-determinedetect-use-of-anti.html" + "http://windowsir.blogspot.com/2013/07/howto-determinedetect-use-of-anti.html", + "https://attack.mitre.org/techniques/T1099" ] }, "related": [ @@ -27123,8 +27123,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1117", - "https://support.microsoft.com/en-us/kb/249873", "https://lolbas-project.github.io/lolbas/Binaries/Regsvr32/", + "https://support.microsoft.com/en-us/kb/249873", "https://www.carbonblack.com/2016/04/28/threat-advisory-squiblydoo-continues-trend-of-attackers-using-native-os-tools-to-live-off-the-land/", "https://www.fireeye.com/blog/threat-research/2017/02/spear_phishing_techn.html" ] @@ -27155,8 +27155,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1118", - "https://msdn.microsoft.com/en-us/library/50614e95.aspx", - "https://lolbas-project.github.io/lolbas/Binaries/Installutil/" + "https://lolbas-project.github.io/lolbas/Binaries/Installutil/", + "https://msdn.microsoft.com/en-us/library/50614e95.aspx" ] }, "related": [ @@ -27184,13 +27184,13 @@ "Windows" ], "refs": [ + "http://www.endurant.io/cmstp/detecting-cmstp-enabled-code-execution-and-uac-bypass-with-sysmon/", "https://attack.mitre.org/techniques/T1191", "https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2003/cc786431(v=ws.10)", - "https://twitter.com/ItsReallyNick/status/958789644165894146", - "https://msitpros.com/?p=3960", - "https://twitter.com/NickTyrer/status/958450014111633408", "https://github.com/api0cradle/UltimateAppLockerByPassList", - "http://www.endurant.io/cmstp/detecting-cmstp-enabled-code-execution-and-uac-bypass-with-sysmon/" + "https://msitpros.com/?p=3960", + "https://twitter.com/ItsReallyNick/status/958789644165894146", + "https://twitter.com/NickTyrer/status/958450014111633408" ] }, "related": [ @@ -27217,9 +27217,9 @@ "macOS" ], "refs": [ + "http://www.slideshare.net/StephanBorosh/external-to-da-the-os-x-way", "https://attack.mitre.org/techniques/T1142", - "https://en.wikipedia.org/wiki/Keychain_(software)", - "http://www.slideshare.net/StephanBorosh/external-to-da-the-os-x-way" + "https://en.wikipedia.org/wiki/Keychain_(software)" ] }, "related": [ @@ -27299,8 +27299,8 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1154", - "https://ss64.com/bash/trap.html", - "https://bash.cyberciti.biz/guide/Trap_statement" + "https://bash.cyberciti.biz/guide/Trap_statement", + "https://ss64.com/bash/trap.html" ] }, "related": [ @@ -27352,10 +27352,10 @@ "mitre-attack:impact" ], "mitre_data_sources": [ - "Network Traffic: Network Traffic Content", "Application Log: Application Log Content", "File: File Creation", - "File: File Modification" + "File: File Modification", + "Network Traffic: Network Traffic Content" ], "mitre_platforms": [ "Windows", @@ -27432,10 +27432,10 @@ "macOS" ], "refs": [ - "https://attack.mitre.org/techniques/T1519", - "https://www.xorrior.com/emond-persistence/", "http://www.magnusviri.com/Mac/what-is-emond.html", - "https://www.sentinelone.com/blog/how-malware-persists-on-macos/" + "https://attack.mitre.org/techniques/T1519", + "https://www.sentinelone.com/blog/how-malware-persists-on-macos/", + "https://www.xorrior.com/emond-persistence/" ] }, "related": [ @@ -27510,22 +27510,22 @@ "Windows" ], "refs": [ + "http://www.gmer.net/", "https://attack.mitre.org/techniques/T1179", + "https://eyeofrablog.wordpress.com/2017/06/27/windows-keylogger-part-2-defense-against-user-land/", + "https://github.com/jay/gethooks", + "https://github.com/prekageo/winhook", "https://msdn.microsoft.com/library/windows/desktop/ms644959.aspx", - "https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process", + "https://msdn.microsoft.com/library/windows/desktop/ms686701.aspx", + "https://security.stackexchange.com/questions/17904/what-are-the-methods-to-find-hooked-functions-and-apis", + "https://volatility-labs.blogspot.com/2012/09/movp-31-detecting-malware-hooks-in.html", "https://www.adlice.com/userland-rootkits-part-1-iat-hooks/", - "https://www.mwrinfosecurity.com/our-thinking/dynamic-hooking-techniques-user-mode/", + "https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process", "https://www.exploit-db.com/docs/17802.pdf", "https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanSpy:Win32/Ursnif.gen!I&threatId=-2147336918", + "https://www.mwrinfosecurity.com/our-thinking/dynamic-hooking-techniques-user-mode/", "https://www.symantec.com/avcenter/reference/windows.rootkit.overview.pdf", - "https://volatility-labs.blogspot.com/2012/09/movp-31-detecting-malware-hooks-in.html", - "https://github.com/prekageo/winhook", - "https://github.com/jay/gethooks", - "https://zairon.wordpress.com/2006/12/06/any-application-defined-hook-procedure-on-my-machine/", - "https://eyeofrablog.wordpress.com/2017/06/27/windows-keylogger-part-2-defense-against-user-land/", - "http://www.gmer.net/", - "https://msdn.microsoft.com/library/windows/desktop/ms686701.aspx", - "https://security.stackexchange.com/questions/17904/what-are-the-methods-to-find-hooked-functions-and-apis" + "https://zairon.wordpress.com/2006/12/06/any-application-defined-hook-procedure-on-my-machine/" ] }, "related": [ @@ -27563,10 +27563,10 @@ "mitre-attack:initial-access" ], "mitre_data_sources": [ - "Network Traffic: Network Traffic Content", - "Network Traffic: Network Traffic Flow", + "Application Log: Application Log Content", "File: File Creation", - "Application Log: Application Log Content" + "Network Traffic: Network Traffic Content", + "Network Traffic: Network Traffic Flow" ], "mitre_platforms": [ "Linux", @@ -27598,14 +27598,14 @@ ], "refs": [ "https://attack.mitre.org/techniques/T1579", - "https://pages.nist.gov/mobile-threat-catalogue/authentication-threats/AUT-11.html", + "https://blog.elcomsoft.com/2018/12/six-ways-to-decrypt-iphone-passwords-from-the-keychain/", "https://developer.apple.com/documentation/security/keychain_services", - "https://blog.elcomsoft.com/2018/12/six-ways-to-decrypt-iphone-passwords-from-the-keychain/" + "https://pages.nist.gov/mobile-threat-catalogue/authentication-threats/AUT-11.html" ] }, "uuid": "27f483c6-6666-44fa-8532-ffd5fc7dab38", "value": "Keychain - T1579" } ], - "version": 18 + "version": 19 } diff --git a/clusters/mitre-course-of-action.json b/clusters/mitre-course-of-action.json index 6e3cc79..a5d7667 100644 --- a/clusters/mitre-course-of-action.json +++ b/clusters/mitre-course-of-action.json @@ -14,11 +14,11 @@ "meta": { "external_id": "T1060", "refs": [ - "https://attack.mitre.org/mitigations/T1060", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1060", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -39,8 +39,8 @@ "meta": { "external_id": "T1041", "refs": [ - "https://attack.mitre.org/mitigations/T1041", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/mitigations/T1041" ] }, "related": [ @@ -86,13 +86,6 @@ ] }, "related": [ - { - "dest-uuid": "5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "01327cde-66c4-4123-bf34-5f258d59457b", "tags": [ @@ -100,440 +93,6 @@ ], "type": "mitigates" }, - { - "dest-uuid": "edbe24e9-aec4-4994-ac75-6a6bc7f1ddd0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "e0033c16-a07e-48aa-8204-7c3ca669998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "51dea151-0898-4a45-967c-3ebee0420484", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "650c784b-7504-4df7-ab2c-4ea882384d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "19bf235b-8620-4997-b5b4-94e0659ed7c3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "c48a67ee-b657-45c1-91bf-6cdbe27205f8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "ce4b7013-640e-48a9-b501-d0025a95f4bf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "4cbc6a62-9e34-4f94-8a19-5c1a11392a49", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "0dbf5f1b-a560-4d51-ac1b-d70caab3e1f0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "2c4d4e92-0ccf-4a97-b54c-86d662988a53", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "c3bce4f4-9795-46c6-976e-8676300bbc39", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "808e6329-ca91-4b87-ac2d-8eadc5f8f327", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "a3e1e6c5-9c74-4fc0-a16c-a9d228c17829", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "79a47ad0-fc3b-4821-9f01-a026b1ddba21", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "ffbcfdb0-de22-4106-9ed3-fc23c8a01407", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "c898c4b5-bf36-4e6e-a4ad-5b8c4c13e35b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "2cd950a6-16c4-404a-aa01-044322395107", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "64196062-5210-42c3-9a02-563a0d1797ef", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "68a0c5ed-bee2-4513-830d-5b0d650139bd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "7e7c2fba-7cca-486c-9582-4c1bb2851961", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "613d08bc-e8f4-4791-80b0-c8b974340dfd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "cabe189c-a0e3-4965-a473-dcff00f17213", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d376668f-b208-42de-b1f5-fdfe0ad4b753", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "7d6f590f-544b-45b4-9a42-e0805f342af3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "215190a9-9f02-4e83-bb5f-e0589965a302", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "6b57dc31-b814-4a03-8706-28bc20d739c4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "451a9977-d255-43c9-b431-66de80130c8c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "7d77a07d-02fe-4e88-8bd9-e9c008c01bf0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "ff25900d-76d5-449b-a351-8824e62fc81b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "e6415f09-df0e-48de-9aba-928c902b7549", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "4d2a5b3e-340d-4600-9123-309dd63c9bf8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "824add00-99a1-4b15-9a2d-6c5683b7b497", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "c92e3d68-2349-49e4-a341-7edca2deff96", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "e74de37c-a829-446c-937d-56a44f0e9306", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "acd0ba37-7ba9-4cc5-ac61-796586cd856d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f792d02f-813d-402b-86a5-ab98cb391d3b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "b5327dd1-6bf9-4785-a199-25bcbd1f4a9d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d336b553-5da9-46ca-98a8-0b23f49fb447", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "772bc7a8-a157-42cc-8728-d648e25c7fe7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "6a3be63a-64c5-4678-a036-03ff8fc35300", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "a127c32c-cbb0-4f9d-be07-881a792408ec", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "457c7820-d331-465a-915e-42f85500ccc4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "bed04f7d-e48a-4e76-bd0f-4c57fe31fc46", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "e5cc9e7a-e61a-46a1-b869-55fb6eab058e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d456de47-a16f-4e46-8980-e67478a12dcb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "035bb001-ab69-4a0b-9f6c-2de8b09e1b9d", "tags": [ @@ -542,14 +101,28 @@ "type": "mitigates" }, { - "dest-uuid": "2892b9ee-ca9f-4723-b332-0dc6e843a8ae", + "dest-uuid": "0dbf5f1b-a560-4d51-ac1b-d70caab3e1f0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "9c45eaa3-8604-4780-8988-b5074dbb9ecd", + "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "19bf235b-8620-4997-b5b4-94e0659ed7c3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -563,7 +136,154 @@ "type": "mitigates" }, { - "dest-uuid": "c1b11bf7-c68e-4fbf-a95b-28efbe7953bb", + "dest-uuid": "215190a9-9f02-4e83-bb5f-e0589965a302", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "2892b9ee-ca9f-4723-b332-0dc6e843a8ae", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "2c4d4e92-0ccf-4a97-b54c-86d662988a53", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "2cd950a6-16c4-404a-aa01-044322395107", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "451a9977-d255-43c9-b431-66de80130c8c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "457c7820-d331-465a-915e-42f85500ccc4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "4cbc6a62-9e34-4f94-8a19-5c1a11392a49", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "4d2a5b3e-340d-4600-9123-309dd63c9bf8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "51dea151-0898-4a45-967c-3ebee0420484", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "613d08bc-e8f4-4791-80b0-c8b974340dfd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "64196062-5210-42c3-9a02-563a0d1797ef", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "650c784b-7504-4df7-ab2c-4ea882384d1e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "68a0c5ed-bee2-4513-830d-5b0d650139bd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "6a3be63a-64c5-4678-a036-03ff8fc35300", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "6b57dc31-b814-4a03-8706-28bc20d739c4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -576,12 +296,292 @@ ], "type": "mitigates" }, + { + "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "772bc7a8-a157-42cc-8728-d648e25c7fe7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "79a47ad0-fc3b-4821-9f01-a026b1ddba21", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "7d6f590f-544b-45b4-9a42-e0805f342af3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "7d77a07d-02fe-4e88-8bd9-e9c008c01bf0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "7e7c2fba-7cca-486c-9582-4c1bb2851961", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "808e6329-ca91-4b87-ac2d-8eadc5f8f327", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "824add00-99a1-4b15-9a2d-6c5683b7b497", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "9c45eaa3-8604-4780-8988-b5074dbb9ecd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "a127c32c-cbb0-4f9d-be07-881a792408ec", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "a3e1e6c5-9c74-4fc0-a16c-a9d228c17829", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "acd0ba37-7ba9-4cc5-ac61-796586cd856d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "b5327dd1-6bf9-4785-a199-25bcbd1f4a9d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "bed04f7d-e48a-4e76-bd0f-4c57fe31fc46", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "c1b11bf7-c68e-4fbf-a95b-28efbe7953bb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "c3bce4f4-9795-46c6-976e-8676300bbc39", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "c48a67ee-b657-45c1-91bf-6cdbe27205f8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "c898c4b5-bf36-4e6e-a4ad-5b8c4c13e35b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "c92e3d68-2349-49e4-a341-7edca2deff96", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "cabe189c-a0e3-4965-a473-dcff00f17213", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ce4b7013-640e-48a9-b501-d0025a95f4bf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d336b553-5da9-46ca-98a8-0b23f49fb447", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d376668f-b208-42de-b1f5-fdfe0ad4b753", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d456de47-a16f-4e46-8980-e67478a12dcb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "e0033c16-a07e-48aa-8204-7c3ca669998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "e5cc9e7a-e61a-46a1-b869-55fb6eab058e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "e6415f09-df0e-48de-9aba-928c902b7549", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "e74de37c-a829-446c-937d-56a44f0e9306", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" + }, + { + "dest-uuid": "edbe24e9-aec4-4994-ac75-6a6bc7f1ddd0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f792d02f-813d-402b-86a5-ab98cb391d3b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ff25900d-76d5-449b-a351-8824e62fc81b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ffbcfdb0-de22-4106-9ed3-fc23c8a01407", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" } ], "uuid": "eb88d97c-32f1-40be-80f0-d61a4b0b4b31", @@ -597,7 +597,7 @@ }, "related": [ { - "dest-uuid": "e0033c16-a07e-48aa-8204-7c3ca669998c", + "dest-uuid": "035bb001-ab69-4a0b-9f6c-2de8b09e1b9d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -610,34 +610,6 @@ ], "type": "mitigates" }, - { - "dest-uuid": "d40239b3-05ff-46d8-9bdd-b46d13463ef9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "28abec6c-4443-4b03-8206-07f2e264a6b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "035bb001-ab69-4a0b-9f6c-2de8b09e1b9d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "9b99b83a-1aac-4e29-b975-b374950551a3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", "tags": [ @@ -646,21 +618,7 @@ "type": "mitigates" }, { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "804c042c-cfe6-449e-bc1a-ba0a998a70db", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "7b50a1d3-4ca7-45d1-989d-a6503f04bfe1", + "dest-uuid": "28abec6c-4443-4b03-8206-07f2e264a6b4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -680,13 +638,6 @@ ], "type": "mitigates" }, - { - "dest-uuid": "f8ef3a62-3f44-40a4-abca-761ab235c436", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "56e0d8b8-3e25-49dd-9050-3aa252f5aa92", "tags": [ @@ -701,6 +652,13 @@ ], "type": "mitigates" }, + { + "dest-uuid": "7b50a1d3-4ca7-45d1-989d-a6503f04bfe1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "800f9819-7007-4540-a520-40e655876800", "tags": [ @@ -708,12 +666,54 @@ ], "type": "mitigates" }, + { + "dest-uuid": "804c042c-cfe6-449e-bc1a-ba0a998a70db", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "9b99b83a-1aac-4e29-b975-b374950551a3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "cabe189c-a0e3-4965-a473-dcff00f17213", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" + }, + { + "dest-uuid": "d40239b3-05ff-46d8-9bdd-b46d13463ef9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "e0033c16-a07e-48aa-8204-7c3ca669998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f8ef3a62-3f44-40a4-abca-761ab235c436", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" } ], "uuid": "1dcaeb21-9348-42ea-950a-f842aaf1ae1f", @@ -724,11 +724,11 @@ "meta": { "external_id": "T1039", "refs": [ - "https://attack.mitre.org/mitigations/T1039", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1039", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -770,8 +770,8 @@ "meta": { "external_id": "T1094", "refs": [ - "https://attack.mitre.org/mitigations/T1094", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/mitigations/T1094" ] }, "related": [ @@ -791,11 +791,11 @@ "meta": { "external_id": "T1183", "refs": [ - "https://attack.mitre.org/mitigations/T1183", - "https://answers.microsoft.com/windows/forum/windows_10-security/part-of-windows-10-or-really-malware/af715663-a34a-423c-850d-2a46f369a54c", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm" + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://answers.microsoft.com/windows/forum/windows_10-security/part-of-windows-10-or-really-malware/af715663-a34a-423c-850d-2a46f369a54c", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1183" ] }, "related": [ @@ -836,8 +836,8 @@ "meta": { "external_id": "T1095", "refs": [ - "https://attack.mitre.org/mitigations/T1095", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/mitigations/T1095" ] }, "related": [ @@ -857,11 +857,11 @@ "meta": { "external_id": "T1140", "refs": [ - "https://attack.mitre.org/mitigations/T1140", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1140", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -886,13 +886,6 @@ ] }, "related": [ - { - "dest-uuid": "9d7c32f4-ab39-49dc-8055-8106bc2294a1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "27f483c6-6666-44fa-8532-ffd5fc7dab38", "tags": [ @@ -901,7 +894,14 @@ "type": "mitigates" }, { - "dest-uuid": "e083305c-49e7-4c87-aae8-9689213bffbe", + "dest-uuid": "2f0e8d80-4b8b-4f4a-b5cc-132afe7e057d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "9d7c32f4-ab39-49dc-8055-8106bc2294a1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -915,7 +915,7 @@ "type": "mitigates" }, { - "dest-uuid": "2f0e8d80-4b8b-4f4a-b5cc-132afe7e057d", + "dest-uuid": "e083305c-49e7-4c87-aae8-9689213bffbe", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -930,8 +930,8 @@ "meta": { "external_id": "T1030", "refs": [ - "https://attack.mitre.org/mitigations/T1030", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/mitigations/T1030" ] }, "related": [ @@ -951,11 +951,11 @@ "meta": { "external_id": "T1005", "refs": [ - "https://attack.mitre.org/mitigations/T1005", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", - "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1005", + "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -976,11 +976,11 @@ "meta": { "external_id": "T1006", "refs": [ - "https://attack.mitre.org/mitigations/T1006", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", - "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1006", + "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -1006,14 +1006,14 @@ }, "related": [ { - "dest-uuid": "9d7c32f4-ab39-49dc-8055-8106bc2294a1", + "dest-uuid": "8e27551a-5080-4148-a584-c64348212e4f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "8e27551a-5080-4148-a584-c64348212e4f", + "dest-uuid": "9d7c32f4-ab39-49dc-8055-8106bc2294a1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1032,6 +1032,13 @@ ] }, "related": [ + { + "dest-uuid": "2bce5b30-7014-4a5d-ade7-12913fe6ac36", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", "tags": [ @@ -1045,13 +1052,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" - }, - { - "dest-uuid": "2bce5b30-7014-4a5d-ade7-12913fe6ac36", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" } ], "uuid": "6cac62ce-550b-4793-8ee6-6a1b8836edb0", @@ -1062,8 +1062,8 @@ "meta": { "external_id": "T1210", "refs": [ - "https://attack.mitre.org/mitigations/T1210", "https://arstechnica.com/information-technology/2017/03/hack-that-escapes-vm-by-exploiting-edge-browser-fetches-105000-at-pwn2own/", + "https://attack.mitre.org/mitigations/T1210", "https://blogs.technet.microsoft.com/srd/2017/08/09/moving-beyond-emet-ii-windows-defender-exploit-guard/", "https://en.wikipedia.org/wiki/Control-flow_integrity" ] @@ -1085,11 +1085,11 @@ "meta": { "external_id": "T1016", "refs": [ - "https://attack.mitre.org/mitigations/T1016", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1016", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -1110,13 +1110,13 @@ "meta": { "external_id": "T1091", "refs": [ + "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", + "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "https://attack.mitre.org/mitigations/T1091", "https://support.microsoft.com/en-us/kb/967715", "https://technet.microsoft.com/en-us/library/cc772540(v=ws.10).aspx", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", - "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", - "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -1142,294 +1142,7 @@ }, "related": [ { - "dest-uuid": "4ff5d6a8-c062-4c68-a778-36fc5edd564f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "e0232cb0-ded5-4c2e-9dc7-2893142a5c11", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "4d2a5b3e-340d-4600-9123-309dd63c9bf8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "2e0dd10b-676d-4964-acd0-8a404c92b044", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f2857333-11d4-45bf-b064-2c28d8525be5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "b2001907-166b-4d71-bb3c-9d26c871de09", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "61afc315-860c-4364-825d-0d62b2e91edc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d3046a90-580c-4004-8208-66915bc29830", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "65917ae0-b854-4139-83fe-bf2441cf0196", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "56ff457d-5e39-492b-974c-dfd2b8603ffe", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "67720091-eee3-4d2d-ae16-8264567f6f5b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "9e80ddfb-ce32-4961-a778-ca6a10cfae72", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "0fff2797-19cb-41ea-a5f1-8a9303b8158e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "34e793de-0274-4982-9c1a-246ed1c19dee", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f2d44246-91f1-478a-b6c8-1227e0ca109d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "ac9e6b22-11bf-45d7-9181-c1cb08360931", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d201d4cc-214d-4a74-a1ba-b3fa09fd4591", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "0c2d00da-7742-49e7-9928-4514e5075d32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "1365fe3b-0f50-455d-b4da-266ce31c23b0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "dfefe2ed-4389-4318-8762-f0272b350a1b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "1cfcb312-b8d7-47a4-b560-4b16cc677292", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "58af3705-8740-4c68-9329-ec015a7013c2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "106c0cf6-bf73-4601-9aa8-0945c2715ec5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "ba8e391f-14b5-496f-81f2-2d5ecd646c1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "2bce5b30-7014-4a5d-ade7-12913fe6ac36", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "dca670cf-eeec-438f-8185-fd959d9ef211", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "09b130a2-a77e-4af0-a361-f46f9aad1345", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "6a5848a8-6201-4a2c-8a6a-ca5af8c6f3df", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "2ba5aa71-9d15-4b22-b726-56af06d9ad2f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "0bf78622-e8d2-41da-a857-731472d61a92", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "72b5ef57-325c-411b-93ca-a3ca6fa17e31", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "bf96a5a3-3bce-43b7-8597-88545984c07b", + "dest-uuid": "01df3350-ce05-4bdf-bdf8-0a919a66d4a8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1443,84 +1156,70 @@ "type": "mitigates" }, { - "dest-uuid": "dce31a00-1e90-4655-b0f9-e2e71a748a87", + "dest-uuid": "09b130a2-a77e-4af0-a361-f46f9aad1345", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "c1b11bf7-c68e-4fbf-a95b-28efbe7953bb", + "dest-uuid": "0bf78622-e8d2-41da-a857-731472d61a92", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "a542bac9-7bc1-4da7-9a09-96f69e23cc21", + "dest-uuid": "0c2d00da-7742-49e7-9928-4514e5075d32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490", + "dest-uuid": "0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf", + "dest-uuid": "0fff2797-19cb-41ea-a5f1-8a9303b8158e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "c0dfe7b0-b873-4618-9ff8-53e31f70907f", + "dest-uuid": "106c0cf6-bf73-4601-9aa8-0945c2715ec5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "804c042c-cfe6-449e-bc1a-ba0a998a70db", + "dest-uuid": "1365fe3b-0f50-455d-b4da-266ce31c23b0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "aa8bfbc9-78dc-41a4-a03b-7453e0fdccda", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "8df54627-376c-487c-a09c-7d2b5620f56e", + "dest-uuid": "1cfcb312-b8d7-47a4-b560-4b16cc677292", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "74d2a63f-3c7b-4852-92da-02d8fbab16da", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "6b57dc31-b814-4a03-8706-28bc20d739c4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529", + "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1534,63 +1233,21 @@ "type": "mitigates" }, { - "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", + "dest-uuid": "2ba5aa71-9d15-4b22-b726-56af06d9ad2f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "c4ad009b-6e13-4419-8d21-918a1652de02", + "dest-uuid": "2bce5b30-7014-4a5d-ade7-12913fe6ac36", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "723e3a2b-ca0d-4daa-ada8-82ea35d3733a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "b63a34e8-0a61-4c97-a23b-bf8a2ed812e2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f44731de-ea9f-406d-9b83-30ecbb9b4392", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "43ba2b05-cf72-4b6c-8243-03a4aba41ee0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "fc742192-19e3-466c-9eb5-964a97b29490", + "dest-uuid": "2e0dd10b-676d-4964-acd0-8a404c92b044", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1604,14 +1261,35 @@ "type": "mitigates" }, { - "dest-uuid": "d157f9d2-d09a-4efa-bb2a-64963f94e253", + "dest-uuid": "32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "d10cbd34-42e3-45c0-84d2-535a09849584", + "dest-uuid": "34e793de-0274-4982-9c1a-246ed1c19dee", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "3aef9463-9a7a-43ba-8957-a867e07c1e6a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1624,6 +1302,20 @@ ], "type": "mitigates" }, + { + "dest-uuid": "43ba2b05-cf72-4b6c-8243-03a4aba41ee0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "4d2a5b3e-340d-4600-9123-309dd63c9bf8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "4eb28bed-d11a-4641-9863-c2ac017d910a", "tags": [ @@ -1631,6 +1323,237 @@ ], "type": "mitigates" }, + { + "dest-uuid": "4ff5d6a8-c062-4c68-a778-36fc5edd564f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "543fceb5-cb92-40cb-aacf-6913d4db58bc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "56ff457d-5e39-492b-974c-dfd2b8603ffe", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "58af3705-8740-4c68-9329-ec015a7013c2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "61afc315-860c-4364-825d-0d62b2e91edc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "65917ae0-b854-4139-83fe-bf2441cf0196", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "67720091-eee3-4d2d-ae16-8264567f6f5b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "6a5848a8-6201-4a2c-8a6a-ca5af8c6f3df", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "6b57dc31-b814-4a03-8706-28bc20d739c4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "723e3a2b-ca0d-4daa-ada8-82ea35d3733a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "72b5ef57-325c-411b-93ca-a3ca6fa17e31", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "74d2a63f-3c7b-4852-92da-02d8fbab16da", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "804c042c-cfe6-449e-bc1a-ba0a998a70db", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "8df54627-376c-487c-a09c-7d2b5620f56e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "9e80ddfb-ce32-4961-a778-ca6a10cfae72", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "a542bac9-7bc1-4da7-9a09-96f69e23cc21", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "aa8bfbc9-78dc-41a4-a03b-7453e0fdccda", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ac9e6b22-11bf-45d7-9181-c1cb08360931", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "b2001907-166b-4d71-bb3c-9d26c871de09", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "b63a34e8-0a61-4c97-a23b-bf8a2ed812e2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ba8e391f-14b5-496f-81f2-2d5ecd646c1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "bf96a5a3-3bce-43b7-8597-88545984c07b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "c0dfe7b0-b873-4618-9ff8-53e31f70907f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "c1b11bf7-c68e-4fbf-a95b-28efbe7953bb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "c4ad009b-6e13-4419-8d21-918a1652de02", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "c63a348e-ffc2-486a-b9d9-d7f11ec54d99", "tags": [ @@ -1646,21 +1569,98 @@ "type": "mitigates" }, { - "dest-uuid": "3aef9463-9a7a-43ba-8957-a867e07c1e6a", + "dest-uuid": "d10cbd34-42e3-45c0-84d2-535a09849584", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "543fceb5-cb92-40cb-aacf-6913d4db58bc", + "dest-uuid": "d157f9d2-d09a-4efa-bb2a-64963f94e253", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "01df3350-ce05-4bdf-bdf8-0a919a66d4a8", + "dest-uuid": "d201d4cc-214d-4a74-a1ba-b3fa09fd4591", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d3046a90-580c-4004-8208-66915bc29830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "dca670cf-eeec-438f-8185-fd959d9ef211", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "dce31a00-1e90-4655-b0f9-e2e71a748a87", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "dfefe2ed-4389-4318-8762-f0272b350a1b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "e0232cb0-ded5-4c2e-9dc7-2893142a5c11", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f2857333-11d4-45bf-b064-2c28d8525be5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f2d44246-91f1-478a-b6c8-1227e0ca109d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f44731de-ea9f-406d-9b83-30ecbb9b4392", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "fc742192-19e3-466c-9eb5-964a97b29490", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1675,10 +1675,10 @@ "meta": { "external_id": "T1203", "refs": [ - "https://attack.mitre.org/mitigations/T1203", - "https://blogs.windows.com/msedgedev/2017/03/23/strengthening-microsoft-edge-sandbox/", "https://arstechnica.com/information-technology/2017/03/hack-that-escapes-vm-by-exploiting-edge-browser-fetches-105000-at-pwn2own/", + "https://attack.mitre.org/mitigations/T1203", "https://blogs.technet.microsoft.com/srd/2017/08/09/moving-beyond-emet-ii-windows-defender-exploit-guard/", + "https://blogs.windows.com/msedgedev/2017/03/23/strengthening-microsoft-edge-sandbox/", "https://en.wikipedia.org/wiki/Control-flow_integrity" ] }, @@ -1699,25 +1699,25 @@ "meta": { "external_id": "T1042", "refs": [ + "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", + "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "https://attack.mitre.org/mitigations/T1042", "https://msdn.microsoft.com/en-us/library/cc144156.aspx", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", - "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", - "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, "related": [ { - "dest-uuid": "98034fef-d9fb-4667-8dc4-2eab6231724c", + "dest-uuid": "68c96494-1a50-403e-8844-69a6af278c68", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "68c96494-1a50-403e-8844-69a6af278c68", + "dest-uuid": "98034fef-d9fb-4667-8dc4-2eab6231724c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1732,11 +1732,11 @@ "meta": { "external_id": "T1025", "refs": [ - "https://attack.mitre.org/mitigations/T1025", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1025", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -1801,11 +1801,11 @@ "meta": { "external_id": "T1083", "refs": [ - "https://attack.mitre.org/mitigations/T1083", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1083", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -1826,13 +1826,13 @@ "meta": { "external_id": "T1038", "refs": [ - "https://attack.mitre.org/mitigations/T1038", "http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx", "http://msdn.microsoft.com/en-US/library/ms682586", - "https://github.com/mattifestation/PowerSploit", "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1038", "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm" + "https://github.com/mattifestation/PowerSploit" ] }, "related": [ @@ -1852,12 +1852,12 @@ "meta": { "external_id": "T1044", "refs": [ - "https://attack.mitre.org/mitigations/T1044", - "https://github.com/mattifestation/PowerSploit", + "http://seclists.org/fulldisclosure/2015/Dec/34", "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", - "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", - "http://seclists.org/fulldisclosure/2015/Dec/34" + "https://attack.mitre.org/mitigations/T1044", + "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", + "https://github.com/mattifestation/PowerSploit" ] }, "related": [ @@ -1877,11 +1877,11 @@ "meta": { "external_id": "T1049", "refs": [ - "https://attack.mitre.org/mitigations/T1049", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", - "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1049", + "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -1902,10 +1902,10 @@ "meta": { "external_id": "T1058", "refs": [ - "https://attack.mitre.org/mitigations/T1058", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm" + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1058" ] }, "related": [ @@ -1925,12 +1925,12 @@ "meta": { "external_id": "T1066", "refs": [ - "https://attack.mitre.org/mitigations/T1066", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", - "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", - "https://www.iad.gov/iad/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", - "https://technet.microsoft.com/en-us/library/ee791851.aspx" + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://attack.mitre.org/mitigations/T1066", + "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", + "https://technet.microsoft.com/en-us/library/ee791851.aspx", + "https://www.iad.gov/iad/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm" ] }, "related": [ @@ -1950,8 +1950,8 @@ "meta": { "external_id": "T1068", "refs": [ - "https://attack.mitre.org/mitigations/T1068", "https://arstechnica.com/information-technology/2017/03/hack-that-escapes-vm-by-exploiting-edge-browser-fetches-105000-at-pwn2own/", + "https://attack.mitre.org/mitigations/T1068", "https://blogs.technet.microsoft.com/srd/2017/08/09/moving-beyond-emet-ii-windows-defender-exploit-guard/", "https://en.wikipedia.org/wiki/Control-flow_integrity" ] @@ -1994,8 +1994,8 @@ "meta": { "external_id": "T1211", "refs": [ - "https://attack.mitre.org/mitigations/T1211", "https://arstechnica.com/information-technology/2017/03/hack-that-escapes-vm-by-exploiting-edge-browser-fetches-105000-at-pwn2own/", + "https://attack.mitre.org/mitigations/T1211", "https://blogs.technet.microsoft.com/srd/2017/08/09/moving-beyond-emet-ii-windows-defender-exploit-guard/", "https://en.wikipedia.org/wiki/Control-flow_integrity" ] @@ -2017,11 +2017,11 @@ "meta": { "external_id": "T1181", "refs": [ - "https://attack.mitre.org/mitigations/T1181", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", - "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1181", + "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -2042,8 +2042,8 @@ "meta": { "external_id": "T1212", "refs": [ - "https://attack.mitre.org/mitigations/T1212", "https://arstechnica.com/information-technology/2017/03/hack-that-escapes-vm-by-exploiting-edge-browser-fetches-105000-at-pwn2own/", + "https://attack.mitre.org/mitigations/T1212", "https://blogs.technet.microsoft.com/srd/2017/08/09/moving-beyond-emet-ii-windows-defender-exploit-guard/", "https://en.wikipedia.org/wiki/Control-flow_integrity" ] @@ -2065,11 +2065,11 @@ "meta": { "external_id": "T1122", "refs": [ - "https://attack.mitre.org/mitigations/T1122", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1122", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -2110,9 +2110,9 @@ "meta": { "external_id": "T1215", "refs": [ - "https://attack.mitre.org/mitigations/T1215", "http://rkhunter.sourceforge.net", "http://www.chkrootkit.org/", + "https://attack.mitre.org/mitigations/T1215", "https://patchwork.kernel.org/patch/8754821/" ] }, @@ -2133,11 +2133,11 @@ "meta": { "external_id": "T1126", "refs": [ - "https://attack.mitre.org/mitigations/T1126", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1126", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -2206,11 +2206,11 @@ "external_id": "T1175", "refs": [ "https://attack.mitre.org/mitigations/T1175", + "https://docs.microsoft.com/en-us/windows/desktop/com/dcom-security-enhancements-in-windows-xp-service-pack-2-and-windows-server-2003-service-pack-1", "https://msdn.microsoft.com/en-us/library/windows/desktop/ms687317(v=vs.85).aspx", "https://msdn.microsoft.com/en-us/library/windows/desktop/ms694331(v=vs.85).aspx", - "https://docs.microsoft.com/en-us/windows/desktop/com/dcom-security-enhancements-in-windows-xp-service-pack-2-and-windows-server-2003-service-pack-1", - "https://technet.microsoft.com/library/cc771387.aspx", - "https://support.office.com/en-us/article/What-is-Protected-View-d6f09ac7-e6b9-4495-8e43-2bbcdbcb6653" + "https://support.office.com/en-us/article/What-is-Protected-View-d6f09ac7-e6b9-4495-8e43-2bbcdbcb6653", + "https://technet.microsoft.com/library/cc771387.aspx" ] }, "related": [ @@ -2270,13 +2270,13 @@ "meta": { "external_id": "T1486", "refs": [ - "https://attack.mitre.org/mitigations/T1486", - "https://www.ready.gov/business/implementation/IT", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", - "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", - "https://technet.microsoft.com/en-us/library/ee791851.aspx" + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1486", + "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", + "https://technet.microsoft.com/en-us/library/ee791851.aspx", + "https://www.ready.gov/business/implementation/IT" ] }, "related": [ @@ -2296,8 +2296,8 @@ "meta": { "external_id": "T1498", "refs": [ - "https://attack.mitre.org/mitigations/T1498", - "http://cert.europa.eu/static/WhitePapers/CERT-EU_Security_Whitepaper_DDoS_17-003.pdf" + "http://cert.europa.eu/static/WhitePapers/CERT-EU_Security_Whitepaper_DDoS_17-003.pdf", + "https://attack.mitre.org/mitigations/T1498" ] }, "related": [ @@ -2317,8 +2317,8 @@ "meta": { "external_id": "T1499", "refs": [ - "https://attack.mitre.org/mitigations/T1499", - "http://cert.europa.eu/static/WhitePapers/CERT-EU_Security_Whitepaper_DDoS_17-003.pdf" + "http://cert.europa.eu/static/WhitePapers/CERT-EU_Security_Whitepaper_DDoS_17-003.pdf", + "https://attack.mitre.org/mitigations/T1499" ] }, "related": [ @@ -2329,13 +2329,6 @@ ], "type": "mitigates" }, - { - "dest-uuid": "c675646d-e204-4aa8-978d-e3d6d65885c4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "18cffc21-3260-437e-80e4-4ab8bf2ba5e9", "tags": [ @@ -2356,6 +2349,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" + }, + { + "dest-uuid": "c675646d-e204-4aa8-978d-e3d6d65885c4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" } ], "uuid": "82c21600-ccb6-4232-8c04-ef3792b56628", @@ -2386,11 +2386,11 @@ "meta": { "external_id": "T1111", "refs": [ - "https://attack.mitre.org/mitigations/T1111", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1111", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -2431,11 +2431,11 @@ "meta": { "external_id": "T1033", "refs": [ - "https://attack.mitre.org/mitigations/T1033", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", - "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1033", + "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -2456,11 +2456,11 @@ "meta": { "external_id": "T1010", "refs": [ - "https://attack.mitre.org/mitigations/T1010", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1010", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -2485,6 +2485,13 @@ ] }, "related": [ + { + "dest-uuid": "0042a9f5-f053-4769-b3ef-9ad018dfa298", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ @@ -2492,6 +2499,69 @@ ], "type": "mitigates" }, + { + "dest-uuid": "09cd431f-eaf4-4d2a-acaf-2a7acfe7ed58", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "106c0cf6-bf73-4601-9aa8-0945c2715ec5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "2c4d4e92-0ccf-4a97-b54c-86d662988a53", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "34f1d81d-fe88-4f97-bd3b-a3164536255d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "tags": [ @@ -2500,7 +2570,98 @@ "type": "mitigates" }, { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "3d1b9d7e-3921-4d25-845a-7d9f15c0da44", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "41d9846c-f6af-4302-a654-24bba2729bc6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "7007935a-a8a7-4c0b-bd98-4e85be8ed197", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "79a47ad0-fc3b-4821-9f01-a026b1ddba21", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "7c0f17c9-1af6-4628-9cbd-9e45482dd605", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "806a49c4-970d-43f9-9acc-ac0ee11e6662", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "98be40f2-c86b-4ade-b6fc-4964932040e5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "a4657bc9-d22f-47d2-a7b7-dd6ec33f3dde", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2520,13 +2681,6 @@ ], "type": "mitigates" }, - { - "dest-uuid": "d201d4cc-214d-4a74-a1ba-b3fa09fd4591", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6", "tags": [ @@ -2534,139 +2688,6 @@ ], "type": "mitigates" }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "41d9846c-f6af-4302-a654-24bba2729bc6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "ea016b56-ae0e-47fe-967a-cc0ad51af67f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "a4657bc9-d22f-47d2-a7b7-dd6ec33f3dde", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "98be40f2-c86b-4ade-b6fc-4964932040e5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "3d1b9d7e-3921-4d25-845a-7d9f15c0da44", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "eb2cb5cb-ae87-4de0-8c35-da2a17aafb99", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d157f9d2-d09a-4efa-bb2a-64963f94e253", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "79a47ad0-fc3b-4821-9f01-a026b1ddba21", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "edbe24e9-aec4-4994-ac75-6a6bc7f1ddd0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "2c4d4e92-0ccf-4a97-b54c-86d662988a53", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "106c0cf6-bf73-4601-9aa8-0945c2715ec5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", "tags": [ @@ -2674,34 +2695,6 @@ ], "type": "mitigates" }, - { - "dest-uuid": "7007935a-a8a7-4c0b-bd98-4e85be8ed197", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ @@ -2710,35 +2703,35 @@ "type": "mitigates" }, { - "dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5", + "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "34f1d81d-fe88-4f97-bd3b-a3164536255d", + "dest-uuid": "bf147104-abf9-4221-95d1-e81585859441", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "dest-uuid": "d157f9d2-d09a-4efa-bb2a-64963f94e253", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "0042a9f5-f053-4769-b3ef-9ad018dfa298", + "dest-uuid": "d201d4cc-214d-4a74-a1ba-b3fa09fd4591", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "09cd431f-eaf4-4d2a-acaf-2a7acfe7ed58", + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2752,7 +2745,28 @@ "type": "mitigates" }, { - "dest-uuid": "806a49c4-970d-43f9-9acc-ac0ee11e6662", + "dest-uuid": "ea016b56-ae0e-47fe-967a-cc0ad51af67f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "eb2cb5cb-ae87-4de0-8c35-da2a17aafb99", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "edbe24e9-aec4-4994-ac75-6a6bc7f1ddd0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2766,21 +2780,7 @@ "type": "mitigates" }, { - "dest-uuid": "7c0f17c9-1af6-4628-9cbd-9e45482dd605", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "bf147104-abf9-4221-95d1-e81585859441", + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2795,10 +2795,10 @@ "meta": { "external_id": "T1004", "refs": [ - "https://attack.mitre.org/mitigations/T1004", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm" + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1004" ] }, "related": [ @@ -2818,11 +2818,11 @@ "meta": { "external_id": "T1500", "refs": [ - "https://attack.mitre.org/mitigations/T1500", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", - "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1500", + "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -2847,76 +2847,6 @@ ] }, "related": [ - { - "dest-uuid": "cde2cb84-455e-410c-8aa9-086f2788bcd2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "9d7c32f4-ab39-49dc-8055-8106bc2294a1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "29e07491-8947-43a3-8d4e-9a787c45f3d3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "3b0b604f-10db-41a0-b54c-493124d455b9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "2d646840-f6f5-4619-a5a8-29c8316bbac5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "702055ac-4e54-4ae9-9527-e23a38e0b160", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "cf28ca46-1fd3-46b4-b1f6-ec0b72361848", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "1b51f5bc-b97a-498a-8dbd-bc6b1901bf19", "tags": [ @@ -2924,62 +2854,6 @@ ], "type": "mitigates" }, - { - "dest-uuid": "3dd58c80-4c2e-458c-9503-1b2cd273c4d2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "8f0e39c6-82c9-41ec-9f93-5696c0f2e274", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "82f04b1e-5371-4a6f-be06-411f0f43b483", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "fd339382-bfec-4bf0-8d47-1caedc9e7e57", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "351c0927-2fc1-4a2c-ad84-cbbee7eb8172", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "dfe29258-ce59-421c-9dee-e85cb9fa90cd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "ef771e03-e080-43b4-a619-ac6f84899884", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "88932a8c-3a17-406f-9431-1da3ff19f6d6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "2204c371-6100-4ae0-82f3-25c07c29772a", "tags": [ @@ -2987,6 +2861,48 @@ ], "type": "mitigates" }, + { + "dest-uuid": "27f483c6-6666-44fa-8532-ffd5fc7dab38", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "29e07491-8947-43a3-8d4e-9a787c45f3d3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "2d646840-f6f5-4619-a5a8-29c8316bbac5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "351c0927-2fc1-4a2c-ad84-cbbee7eb8172", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "3b0b604f-10db-41a0-b54c-493124d455b9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "3dd58c80-4c2e-458c-9503-1b2cd273c4d2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "667e5707-3843-4da8-bd34-88b922526f0d", "tags": [ @@ -2994,34 +2910,6 @@ ], "type": "mitigates" }, - { - "dest-uuid": "a0464539-e1b7-4455-a355-12495987c300", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "e399430e-30b7-48c5-b70a-f44dc8c175cb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "c4b96c0b-cb58-497a-a1c2-bb447d79d692", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", "tags": [ @@ -3037,21 +2925,7 @@ "type": "mitigates" }, { - "dest-uuid": "bd4d32f5-eed4-4018-a649-40b229dd1d69", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d3bc5020-f6a2-41c0-8ccb-5e563101b60c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "27f483c6-6666-44fa-8532-ffd5fc7dab38", + "dest-uuid": "702055ac-4e54-4ae9-9527-e23a38e0b160", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -3064,12 +2938,138 @@ ], "type": "mitigates" }, + { + "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "8197f026-64da-4700-93b9-b55ba55f3b31", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" + }, + { + "dest-uuid": "82f04b1e-5371-4a6f-be06-411f0f43b483", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "88932a8c-3a17-406f-9431-1da3ff19f6d6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "8f0e39c6-82c9-41ec-9f93-5696c0f2e274", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "9d7c32f4-ab39-49dc-8055-8106bc2294a1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "a0464539-e1b7-4455-a355-12495987c300", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "bd4d32f5-eed4-4018-a649-40b229dd1d69", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "c4b96c0b-cb58-497a-a1c2-bb447d79d692", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "cde2cb84-455e-410c-8aa9-086f2788bcd2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "cf28ca46-1fd3-46b4-b1f6-ec0b72361848", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d3bc5020-f6a2-41c0-8ccb-5e563101b60c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "dfe29258-ce59-421c-9dee-e85cb9fa90cd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "e399430e-30b7-48c5-b70a-f44dc8c175cb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ef771e03-e080-43b4-a619-ac6f84899884", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "fd339382-bfec-4bf0-8d47-1caedc9e7e57", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" } ], "uuid": "0beabf44-e8d8-4ae4-9122-ef56369a2564", @@ -3080,11 +3080,11 @@ "meta": { "external_id": "T1007", "refs": [ - "https://attack.mitre.org/mitigations/T1007", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1007", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -3105,12 +3105,12 @@ "meta": { "external_id": "T1080", "refs": [ - "https://attack.mitre.org/mitigations/T1080", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", - "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", - "https://www.iad.gov/iad/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", - "https://technet.microsoft.com/en-us/library/ee791851.aspx" + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://attack.mitre.org/mitigations/T1080", + "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", + "https://technet.microsoft.com/en-us/library/ee791851.aspx", + "https://www.iad.gov/iad/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm" ] }, "related": [ @@ -3130,8 +3130,8 @@ "meta": { "external_id": "T1101", "refs": [ - "https://attack.mitre.org/mitigations/T1101", "http://docplayer.net/20839173-Analysis-of-malicious-security-support-provider-dlls.html", + "https://attack.mitre.org/mitigations/T1101", "https://technet.microsoft.com/en-us/library/dn408187.aspx" ] }, @@ -3152,11 +3152,11 @@ "meta": { "external_id": "T1120", "refs": [ - "https://attack.mitre.org/mitigations/T1120", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1120", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -3220,11 +3220,11 @@ "meta": { "external_id": "T1031", "refs": [ - "https://attack.mitre.org/mitigations/T1031", - "https://github.com/mattifestation/PowerSploit", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm" + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1031", + "https://github.com/mattifestation/PowerSploit" ] }, "related": [ @@ -3244,8 +3244,8 @@ "meta": { "external_id": "T1105", "refs": [ - "https://attack.mitre.org/mitigations/T1105", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/mitigations/T1105" ] }, "related": [ @@ -3265,11 +3265,11 @@ "meta": { "external_id": "T1061", "refs": [ - "https://attack.mitre.org/mitigations/T1061", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", - "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1061", + "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -3310,20 +3310,20 @@ "meta": { "external_id": "T1081", "refs": [ - "https://attack.mitre.org/mitigations/T1081", - "http://support.microsoft.com/kb/2962486" + "http://support.microsoft.com/kb/2962486", + "https://attack.mitre.org/mitigations/T1081" ] }, "related": [ { - "dest-uuid": "ba8e391f-14b5-496f-81f2-2d5ecd646c1c", + "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", + "dest-uuid": "ba8e391f-14b5-496f-81f2-2d5ecd646c1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -3338,11 +3338,11 @@ "meta": { "external_id": "T1018", "refs": [ - "https://attack.mitre.org/mitigations/T1018", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1018", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -3363,13 +3363,13 @@ "meta": { "external_id": "T1202", "refs": [ - "https://attack.mitre.org/mitigations/T1202", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", - "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", - "https://technet.microsoft.com/en-us/library/ee791851.aspx", - "https://posts.specterops.io/the-tale-of-settingcontent-ms-files-f1ea253e4d39" + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1202", + "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", + "https://posts.specterops.io/the-tale-of-settingcontent-ms-files-f1ea253e4d39", + "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, "related": [ @@ -3409,8 +3409,8 @@ "meta": { "external_id": "T1032", "refs": [ - "https://attack.mitre.org/mitigations/T1032", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/mitigations/T1032" ] }, "related": [ @@ -3430,8 +3430,8 @@ "meta": { "external_id": "T1024", "refs": [ - "https://attack.mitre.org/mitigations/T1024", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/mitigations/T1024" ] }, "related": [ @@ -3451,11 +3451,11 @@ "meta": { "external_id": "T1082", "refs": [ - "https://attack.mitre.org/mitigations/T1082", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1082", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -3476,8 +3476,8 @@ "meta": { "external_id": "T1028", "refs": [ - "https://attack.mitre.org/mitigations/T1028", - "https://apps.nsa.gov/iaarchive/library/reports/spotting-the-adversary-with-windows-event-log-monitoring.cfm" + "https://apps.nsa.gov/iaarchive/library/reports/spotting-the-adversary-with-windows-event-log-monitoring.cfm", + "https://attack.mitre.org/mitigations/T1028" ] }, "related": [ @@ -3497,8 +3497,8 @@ "meta": { "external_id": "T1043", "refs": [ - "https://attack.mitre.org/mitigations/T1043", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/mitigations/T1043" ] }, "related": [ @@ -3518,11 +3518,11 @@ "meta": { "external_id": "T1063", "refs": [ - "https://attack.mitre.org/mitigations/T1063", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", - "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1063", + "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -3543,11 +3543,11 @@ "meta": { "external_id": "T1046", "refs": [ - "https://attack.mitre.org/mitigations/T1046", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", - "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1046", + "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -3572,6 +3572,27 @@ ] }, "related": [ + { + "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "4a5b7ade-8bb5-4853-84ed-23f262002665", "tags": [ @@ -3579,6 +3600,41 @@ ], "type": "mitigates" }, + { + "dest-uuid": "68a0c5ed-bee2-4513-830d-5b0d650139bd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "772bc7a8-a157-42cc-8728-d648e25c7fe7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "9c306d8d-cde7-4b4c-b6e8-d0bb16caca36", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "acd0ba37-7ba9-4cc5-ac61-796586cd856d", "tags": [ @@ -3593,62 +3649,6 @@ ], "type": "mitigates" }, - { - "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "fe926152-f431-4baf-956c-4ad3cb0bf23b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "9c306d8d-cde7-4b4c-b6e8-d0bb16caca36", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "edbe24e9-aec4-4994-ac75-6a6bc7f1ddd0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "772bc7a8-a157-42cc-8728-d648e25c7fe7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "68a0c5ed-bee2-4513-830d-5b0d650139bd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ @@ -3656,13 +3656,6 @@ ], "type": "mitigates" }, - { - "dest-uuid": "2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", "tags": [ @@ -3671,7 +3664,14 @@ "type": "mitigates" }, { - "dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44", + "dest-uuid": "edbe24e9-aec4-4994-ac75-6a6bc7f1ddd0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "fe926152-f431-4baf-956c-4ad3cb0bf23b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -3686,13 +3686,13 @@ "meta": { "external_id": "T1490", "refs": [ - "https://attack.mitre.org/mitigations/T1490", - "https://www.ready.gov/business/implementation/IT", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", - "https://technet.microsoft.com/en-us/library/ee791851.aspx" + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1490", + "https://technet.microsoft.com/en-us/library/ee791851.aspx", + "https://www.ready.gov/business/implementation/IT" ] }, "related": [ @@ -3712,8 +3712,8 @@ "meta": { "external_id": "T1065", "refs": [ - "https://attack.mitre.org/mitigations/T1065", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/mitigations/T1065" ] }, "related": [ @@ -3776,15 +3776,15 @@ "meta": { "external_id": "T1096", "refs": [ - "https://attack.mitre.org/mitigations/T1096", - "https://blogs.technet.microsoft.com/askcore/2013/03/24/alternate-data-streams-in-ntfs/", - "https://www.symantec.com/connect/articles/what-you-need-know-about-alternate-data-streams-windows-your-data-secure-can-you-restore", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", - "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1096", + "https://blog.stealthbits.com/attack-step-3-persistence-ntfs-extended-attributes-file-system-attacks", + "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", + "https://blogs.technet.microsoft.com/askcore/2013/03/24/alternate-data-streams-in-ntfs/", "https://technet.microsoft.com/en-us/library/ee791851.aspx", - "https://blog.stealthbits.com/attack-step-3-persistence-ntfs-extended-attributes-file-system-attacks" + "https://www.symantec.com/connect/articles/what-you-need-know-about-alternate-data-streams-windows-your-data-secure-can-you-restore" ] }, "related": [ @@ -3804,11 +3804,11 @@ "meta": { "external_id": "T1069", "refs": [ - "https://attack.mitre.org/mitigations/T1069", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1069", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -3829,11 +3829,11 @@ "meta": { "external_id": "T1077", "refs": [ - "https://attack.mitre.org/mitigations/T1077", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1077", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -3854,13 +3854,13 @@ "meta": { "external_id": "T1097", "refs": [ - "https://attack.mitre.org/mitigations/T1097", - "https://adsecurity.org/?p=556", - "https://cert.europa.eu/static/WhitePapers/UPDATED%20-%20CERT-EU_Security_Whitepaper_2014-007_Kerberos_Golden_Ticket_Protection_v1_4.pdf", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", - "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://adsecurity.org/?p=556", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1097", + "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", + "https://cert.europa.eu/static/WhitePapers/UPDATED%20-%20CERT-EU_Security_Whitepaper_2014-007_Kerberos_Golden_Ticket_Protection_v1_4.pdf", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -3948,11 +3948,11 @@ "meta": { "external_id": "T1124", "refs": [ - "https://attack.mitre.org/mitigations/T1124", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1124", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -3973,11 +3973,11 @@ "meta": { "external_id": "T1217", "refs": [ - "https://attack.mitre.org/mitigations/T1217", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1217", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -3998,10 +3998,10 @@ "meta": { "external_id": "T1128", "refs": [ - "https://attack.mitre.org/mitigations/T1128", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm" + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1128" ] }, "related": [ @@ -4083,11 +4083,11 @@ "meta": { "external_id": "T1135", "refs": [ - "https://attack.mitre.org/mitigations/T1135", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1135", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -4109,13 +4109,13 @@ "external_id": "T1173", "refs": [ "https://attack.mitre.org/mitigations/T1173", - "https://technet.microsoft.com/library/security/4053440", - "https://www.bleepingcomputer.com/news/microsoft/microsoft-disables-dde-feature-in-word-to-prevent-further-malware-attacks/", + "https://docs.microsoft.com/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction", "https://gist.github.com/wdormann/732bb88d9b5dd5a66c9f1e1498f31a1b", "https://portal.msrc.microsoft.com/security-guidance/advisory/ADV170021", - "https://support.office.com/en-us/article/What-is-Protected-View-d6f09ac7-e6b9-4495-8e43-2bbcdbcb6653", "https://posts.specterops.io/reviving-dde-using-onenote-and-excel-for-code-execution-d7226864caee", - "https://docs.microsoft.com/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction" + "https://support.office.com/en-us/article/What-is-Protected-View-d6f09ac7-e6b9-4495-8e43-2bbcdbcb6653", + "https://technet.microsoft.com/library/security/4053440", + "https://www.bleepingcomputer.com/news/microsoft/microsoft-disables-dde-feature-in-word-to-prevent-further-malware-attacks/" ] }, "related": [ @@ -4135,8 +4135,8 @@ "meta": { "external_id": "T1146", "refs": [ - "https://attack.mitre.org/mitigations/T1146", - "http://www.akyl.net/securing-bashhistory-file-make-sure-your-linux-system-users-won%E2%80%99t-hide-or-delete-their-bashhistory" + "http://www.akyl.net/securing-bashhistory-file-make-sure-your-linux-system-users-won%E2%80%99t-hide-or-delete-their-bashhistory", + "https://attack.mitre.org/mitigations/T1146" ] }, "related": [ @@ -4204,10 +4204,10 @@ "meta": { "external_id": "T1195", "refs": [ - "https://attack.mitre.org/mitigations/T1195", - "https://www.mitre.org/sites/default/files/publications/se-guide-book-interactive.pdf", "http://dx.doi.org/10.6028/NIST.IR.7622", - "https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/" + "https://attack.mitre.org/mitigations/T1195", + "https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/", + "https://www.mitre.org/sites/default/files/publications/se-guide-book-interactive.pdf" ] }, "related": [ @@ -4267,10 +4267,10 @@ "meta": { "external_id": "T1196", "refs": [ - "https://attack.mitre.org/mitigations/T1196", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1196", "https://msdn.microsoft.com/library/windows/desktop/dn742497.aspx" ] }, @@ -4312,8 +4312,8 @@ "meta": { "external_id": "T1482", "refs": [ - "https://attack.mitre.org/mitigations/T1482", - "http://www.harmj0y.net/blog/redteaming/a-guide-to-attacking-domain-trusts/" + "http://www.harmj0y.net/blog/redteaming/a-guide-to-attacking-domain-trusts/", + "https://attack.mitre.org/mitigations/T1482" ] }, "related": [ @@ -4354,11 +4354,11 @@ "meta": { "external_id": "T1483", "refs": [ - "https://attack.mitre.org/mitigations/T1483", "http://go.cybereason.com/rs/996-YZT-709/images/Cybereason-Lab-Analysis-Dissecting-DGAs-Eight-Real-World-DGA-Variants.pdf", - "https://umbrella.cisco.com/blog/2015/02/18/at-high-noon-algorithms-do-battle/", + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/mitigations/T1483", "https://blogs.akamai.com/2018/01/a-death-match-of-domain-generation-algorithms.html", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://umbrella.cisco.com/blog/2015/02/18/at-high-noon-algorithms-do-battle/" ] }, "related": [ @@ -4405,11 +4405,11 @@ "meta": { "external_id": "T1494", "refs": [ - "https://attack.mitre.org/mitigations/T1494", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", - "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1494", + "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -4430,10 +4430,10 @@ "meta": { "external_id": "T1171", "refs": [ - "https://attack.mitre.org/mitigations/T1171", "https://adsecurity.org/?p=3299", - "https://byt3bl33d3r.github.io/practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-5-minutes.html", + "https://attack.mitre.org/mitigations/T1171", "https://blog.secureideas.com/2018/04/ever-run-a-relay-why-smb-relays-should-be-on-your-mind.html", + "https://byt3bl33d3r.github.io/practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-5-minutes.html", "https://docs.microsoft.com/en-us/previous-versions/system-center/operations-manager-2005/cc180803(v=technet.10)" ] }, @@ -4459,133 +4459,7 @@ }, "related": [ { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "20138b9d-1aac-4a26-8654-a36b6bbf2bba", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "9c99724c-a483-4d60-ad9d-7f004e42e8e8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "27960489-4e7f-461d-a62a-f5c0cb521e4a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "a62a8db3-f23a-4d8f-afd6-9dbc77e7813b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "54456690-84de-4538-9101-643e26437e09", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d21a2069-23d5-4043-ad6d-64f6b644cb1a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "890c9858-598c-401d-a4d5-c67ebcdd703a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d3df754e-997b-4cf9-97d4-70feb3120847", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f7827069-0bf2-4764-af4f-23fae0d181b7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", + "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4599,7 +4473,56 @@ "type": "mitigates" }, { - "dest-uuid": "86a96bf6-cf8b-411c-aaeb-8959944d64f7", + "dest-uuid": "20138b9d-1aac-4a26-8654-a36b6bbf2bba", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "27960489-4e7f-461d-a62a-f5c0cb521e4a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "40597f16-0963-4249-bf4c-ac93b7fb9807", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "54456690-84de-4538-9101-643e26437e09", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "6aac77c4-eaf2-4366-8c13-ce50ab951f38", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4612,6 +4535,48 @@ ], "type": "mitigates" }, + { + "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "86a96bf6-cf8b-411c-aaeb-8959944d64f7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "890c9858-598c-401d-a4d5-c67ebcdd703a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "9c99724c-a483-4d60-ad9d-7f004e42e8e8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "a62a8db3-f23a-4d8f-afd6-9dbc77e7813b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "a6937325-9321-4e2e-bb2b-3ed2d40b2a9d", "tags": [ @@ -4620,7 +4585,49 @@ "type": "mitigates" }, { - "dest-uuid": "6aac77c4-eaf2-4366-8c13-ce50ab951f38", + "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d21a2069-23d5-4043-ad6d-64f6b644cb1a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d3df754e-997b-4cf9-97d4-70feb3120847", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4641,14 +4648,7 @@ "type": "mitigates" }, { - "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "40597f16-0963-4249-bf4c-ac93b7fb9807", + "dest-uuid": "f7827069-0bf2-4764-af4f-23fae0d181b7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4663,8 +4663,8 @@ "meta": { "external_id": "T1104", "refs": [ - "https://attack.mitre.org/mitigations/T1104", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/mitigations/T1104" ] }, "related": [ @@ -4745,11 +4745,11 @@ "meta": { "external_id": "T1178", "refs": [ + "https://adsecurity.org/?p=1640", "https://attack.mitre.org/mitigations/T1178", "https://technet.microsoft.com/library/cc755321.aspx", "https://technet.microsoft.com/library/cc794757.aspx", - "https://technet.microsoft.com/library/cc835085.aspx", - "https://adsecurity.org/?p=1640" + "https://technet.microsoft.com/library/cc835085.aspx" ] }, "related": [ @@ -4789,10 +4789,10 @@ "meta": { "external_id": "T1189", "refs": [ - "https://attack.mitre.org/mitigations/T1189", - "https://blogs.windows.com/msedgedev/2017/03/23/strengthening-microsoft-edge-sandbox/", "https://arstechnica.com/information-technology/2017/03/hack-that-escapes-vm-by-exploiting-edge-browser-fetches-105000-at-pwn2own/", + "https://attack.mitre.org/mitigations/T1189", "https://blogs.technet.microsoft.com/srd/2017/08/09/moving-beyond-emet-ii-windows-defender-exploit-guard/", + "https://blogs.windows.com/msedgedev/2017/03/23/strengthening-microsoft-edge-sandbox/", "https://en.wikipedia.org/wiki/Control-flow_integrity" ] }, @@ -4813,8 +4813,8 @@ "meta": { "external_id": "T1001", "refs": [ - "https://attack.mitre.org/mitigations/T1001", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/mitigations/T1001" ] }, "related": [ @@ -4855,11 +4855,11 @@ "meta": { "external_id": "T1020", "refs": [ - "https://attack.mitre.org/mitigations/T1020", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", - "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1020", + "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -4901,11 +4901,11 @@ "meta": { "external_id": "T1002", "refs": [ - "https://attack.mitre.org/mitigations/T1002", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1002", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -4926,18 +4926,18 @@ "meta": { "external_id": "T1003", "refs": [ - "https://attack.mitre.org/mitigations/T1003", - "https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material#a-nameesaebmaesae-administrative-forest-design-approach", - "https://technet.microsoft.com/en-us/library/dn408187.aspx", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", - "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", - "https://technet.microsoft.com/en-us/library/ee791851.aspx", - "https://technet.microsoft.com/en-us/itpro/windows/keep-secure/credential-guard", - "https://github.com/iadgov/Secure-Host-Baseline/tree/master/Credential%20Guard", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "https://adsecurity.org/?p=1729", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1003", + "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", + "https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material#a-nameesaebmaesae-administrative-forest-design-approach", + "https://github.com/iadgov/Secure-Host-Baseline/tree/master/Credential%20Guard", "https://support.microsoft.com/help/303972/how-to-grant-the-replicating-directory-changes-permission-for-the-micr", + "https://technet.microsoft.com/en-us/itpro/windows/keep-secure/credential-guard", + "https://technet.microsoft.com/en-us/library/dn408187.aspx", + "https://technet.microsoft.com/en-us/library/ee791851.aspx", "https://technet.microsoft.com/library/jj865668.aspx" ] }, @@ -4978,11 +4978,11 @@ "meta": { "external_id": "T1040", "refs": [ - "https://attack.mitre.org/mitigations/T1040", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1040", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -5003,11 +5003,11 @@ "meta": { "external_id": "T1050", "refs": [ - "https://attack.mitre.org/mitigations/T1050", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1050", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -5028,8 +5028,8 @@ "meta": { "external_id": "T1008", "refs": [ - "https://attack.mitre.org/mitigations/T1008", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/mitigations/T1008" ] }, "related": [ @@ -5049,11 +5049,11 @@ "meta": { "external_id": "T1009", "refs": [ - "https://attack.mitre.org/mitigations/T1009", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", - "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1009", + "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -5075,20 +5075,13 @@ "external_id": "M1009", "refs": [ "https://attack.mitre.org/mitigations/M1009", - "https://techcrunch.com/2016/06/14/apple-will-require-https-connections-for-ios-apps-by-the-end-of-2016/", - "https://developer.android.com/training/articles/security-config.html" + "https://developer.android.com/training/articles/security-config.html", + "https://techcrunch.com/2016/06/14/apple-will-require-https-connections-for-ios-apps-by-the-end-of-2016/" ] }, "related": [ { - "dest-uuid": "633baf01-6de4-4963-bb54-ff6c6357bed3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f58cd69a-e548-478b-9248-8a9af881dc34", + "dest-uuid": "393e8c12-a416-4575-ba90-19cc85656796", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5102,7 +5095,7 @@ "type": "mitigates" }, { - "dest-uuid": "393e8c12-a416-4575-ba90-19cc85656796", + "dest-uuid": "633baf01-6de4-4963-bb54-ff6c6357bed3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5122,6 +5115,13 @@ ], "type": "mitigates" }, + { + "dest-uuid": "f58cd69a-e548-478b-9248-8a9af881dc34", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "fb3fa94a-3aee-4ab0-b7e7-abdf0a51286d", "tags": [ @@ -5159,11 +5159,11 @@ "meta": { "external_id": "T1012", "refs": [ - "https://attack.mitre.org/mitigations/T1012", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1012", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -5184,8 +5184,8 @@ "meta": { "external_id": "T1102", "refs": [ - "https://attack.mitre.org/mitigations/T1102", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/mitigations/T1102" ] }, "related": [ @@ -5210,14 +5210,28 @@ }, "related": [ { - "dest-uuid": "8252f135-ed26-4ce1-ae61-f26e94429a19", + "dest-uuid": "29e07491-8947-43a3-8d4e-9a787c45f3d3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6", + "dest-uuid": "39dd7871-f59b-495f-a9a5-3cb8cc50c9b2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "73c26732-6422-4081-8b63-6d0ae93d449e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "77e30eee-fd48-40b4-99ec-73e97c158b58", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5230,6 +5244,13 @@ ], "type": "mitigates" }, + { + "dest-uuid": "8252f135-ed26-4ce1-ae61-f26e94429a19", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "acd0ba37-7ba9-4cc5-ac61-796586cd856d", "tags": [ @@ -5238,7 +5259,7 @@ "type": "mitigates" }, { - "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", + "dest-uuid": "aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5259,28 +5280,7 @@ "type": "mitigates" }, { - "dest-uuid": "29e07491-8947-43a3-8d4e-9a787c45f3d3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "73c26732-6422-4081-8b63-6d0ae93d449e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "39dd7871-f59b-495f-a9a5-3cb8cc50c9b2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "77e30eee-fd48-40b4-99ec-73e97c158b58", + "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5295,10 +5295,10 @@ "meta": { "external_id": "T1103", "refs": [ - "https://attack.mitre.org/mitigations/T1103", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm" + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1103" ] }, "related": [ @@ -5323,28 +5323,7 @@ }, "related": [ { - "dest-uuid": "cabe189c-a0e3-4965-a473-dcff00f17213", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "ee7ff928-801c-4f34-8a99-3df965e581a5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", + "dest-uuid": "035bb001-ab69-4a0b-9f6c-2de8b09e1b9d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5357,83 +5336,6 @@ ], "type": "mitigates" }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "428ca9f8-0e33-442a-be87-f869cb4cf73e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "99709758-2b96-48f2-a68a-ad7fbd828091", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "ad255bfe-a9e6-4b52-a258-8d3462abe842", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "650c784b-7504-4df7-ab2c-4ea882384d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "a19e86f8-1c0a-4fea-8407-23b73d615776", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "b8902400-e6c5-4ba2-95aa-2d35b442b118", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "c3888c54-775d-4b2f-b759-75a2ececcbfd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "0ad7bc5c-235a-4048-944b-3b286676cb74", "tags": [ @@ -5442,7 +5344,7 @@ "type": "mitigates" }, { - "dest-uuid": "b9f5dbe2-4c55-4fc5-af2e-d42c1d182ec4", + "dest-uuid": "118f61a5-eb3e-4fb6-931f-2096647f4ecd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5455,6 +5357,13 @@ ], "type": "mitigates" }, + { + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "28abec6c-4443-4b03-8206-07f2e264a6b4", "tags": [ @@ -5463,35 +5372,56 @@ "type": "mitigates" }, { - "dest-uuid": "eec23884-3fa1-4d8a-ac50-6f104d51e235", + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "a6557c75-798f-42e4-be70-ab4502e0a3bc", + "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", + "dest-uuid": "3b3cbbe0-6ed3-4334-b543-3ddfd8c5642d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5", + "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", + "dest-uuid": "428ca9f8-0e33-442a-be87-f869cb4cf73e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "4b74a1d4-b0e9-4ef1-93f1-14ecc6e2f5b5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "4eeaf8a9-c86b-4954-a663-9555fb406466", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5504,6 +5434,125 @@ ], "type": "mitigates" }, + { + "dest-uuid": "54456690-84de-4538-9101-643e26437e09", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "59ff91cd-1430-4075-8563-e6f15f4f9ff5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "650c784b-7504-4df7-ab2c-4ea882384d1e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "6aabc5ec-eae6-422c-8311-38d45ee9838a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "6aac77c4-eaf2-4366-8c13-ce50ab951f38", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "79a4052e-1a89-4b09-aea6-51f1d11fe19c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "7bd9c723-2f78-4309-82c5-47cad406572b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "84e02621-8fdf-470f-bd58-993bb6a89d91", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "99709758-2b96-48f2-a68a-ad7fbd828091", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "9a60a291-8960-4387-8a4a-2ab5c18bb50b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "9c99724c-a483-4d60-ad9d-7f004e42e8e8", "tags": [ @@ -5511,6 +5560,69 @@ ], "type": "mitigates" }, + { + "dest-uuid": "a19e86f8-1c0a-4fea-8407-23b73d615776", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "a62a8db3-f23a-4d8f-afd6-9dbc77e7813b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "a6557c75-798f-42e4-be70-ab4502e0a3bc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ad255bfe-a9e6-4b52-a258-8d3462abe842", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "b0c74ef9-c61e-4986-88cb-78da98a355ec", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "b8902400-e6c5-4ba2-95aa-2d35b442b118", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "b9f5dbe2-4c55-4fc5-af2e-d42c1d182ec4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", "tags": [ @@ -5525,6 +5637,13 @@ ], "type": "mitigates" }, + { + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "c325b232-d5bc-4dde-a3ec-71f3db9e8adc", "tags": [ @@ -5533,98 +5652,7 @@ "type": "mitigates" }, { - "dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "9a60a291-8960-4387-8a4a-2ab5c18bb50b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "6aac77c4-eaf2-4366-8c13-ce50ab951f38", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "79a4052e-1a89-4b09-aea6-51f1d11fe19c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "4b74a1d4-b0e9-4ef1-93f1-14ecc6e2f5b5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "035bb001-ab69-4a0b-9f6c-2de8b09e1b9d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "84e02621-8fdf-470f-bd58-993bb6a89d91", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", + "dest-uuid": "c3888c54-775d-4b2f-b759-75a2ececcbfd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5638,133 +5666,14 @@ "type": "mitigates" }, { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "dest-uuid": "cabe189c-a0e3-4965-a473-dcff00f17213", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "4eeaf8a9-c86b-4954-a663-9555fb406466", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "118f61a5-eb3e-4fb6-931f-2096647f4ecd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "7bd9c723-2f78-4309-82c5-47cad406572b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "a62a8db3-f23a-4d8f-afd6-9dbc77e7813b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "54456690-84de-4538-9101-643e26437e09", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "59ff91cd-1430-4075-8563-e6f15f4f9ff5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "b0c74ef9-c61e-4986-88cb-78da98a355ec", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f7827069-0bf2-4764-af4f-23fae0d181b7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "6aabc5ec-eae6-422c-8311-38d45ee9838a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "3b3cbbe0-6ed3-4334-b543-3ddfd8c5642d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f7c0689c-4dbd-489b-81be-7cb7c7079ade", + "dest-uuid": "cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5778,7 +5687,98 @@ "type": "mitigates" }, { - "dest-uuid": "cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f", + "dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ee7ff928-801c-4f34-8a99-3df965e581a5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "eec23884-3fa1-4d8a-ac50-6f104d51e235", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f7827069-0bf2-4764-af4f-23fae0d181b7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f7c0689c-4dbd-489b-81be-7cb7c7079ade", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5793,8 +5793,8 @@ "meta": { "external_id": "T1013", "refs": [ - "https://attack.mitre.org/mitigations/T1013", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599" + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://attack.mitre.org/mitigations/T1013" ] }, "related": [ @@ -5818,6 +5818,153 @@ ] }, "related": [ + { + "dest-uuid": "035bb001-ab69-4a0b-9f6c-2de8b09e1b9d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "0ad7bc5c-235a-4048-944b-3b286676cb74", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "0bf78622-e8d2-41da-a857-731472d61a92", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "1608f3e1-598a-42f4-a01a-2e252e81728f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "1cfcb312-b8d7-47a4-b560-4b16cc677292", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "1e9eb839-294b-48cc-b0d3-c45555a2a004", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "27960489-4e7f-461d-a62a-f5c0cb521e4a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "2bce5b30-7014-4a5d-ade7-12913fe6ac36", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "3298ce88-1628-43b1-87d9-0b5336b193d7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "3986e7fd-a8e9-4ecb-bfc6-55920855912b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "3fc01293-ef5e-41c6-86ce-61f10706b64a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "435dfb86-2697-4867-85b5-2fef496c0517", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "52759bf1-fe12-4052-ace6-c5b0cf7dd7fd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "56ff457d-5e39-492b-974c-dfd2b8603ffe", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "7c46b364-8496-4234-8a56-f7e6727e21e1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "7d77a07d-02fe-4e88-8bd9-e9c008c01bf0", "tags": [ @@ -5832,6 +5979,13 @@ ], "type": "mitigates" }, + { + "dest-uuid": "b39d03cb-7b98-41c4-a878-c40c1a913dc0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a", "tags": [ @@ -5839,62 +5993,6 @@ ], "type": "mitigates" }, - { - "dest-uuid": "2bce5b30-7014-4a5d-ade7-12913fe6ac36", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d273434a-448e-4598-8e14-607f4a0d5e27", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "0ad7bc5c-235a-4048-944b-3b286676cb74", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "3986e7fd-a8e9-4ecb-bfc6-55920855912b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "7c46b364-8496-4234-8a56-f7e6727e21e1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "ee7ff928-801c-4f34-8a99-3df965e581a5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "3298ce88-1628-43b1-87d9-0b5336b193d7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "cabe189c-a0e3-4965-a473-dcff00f17213", "tags": [ @@ -5903,7 +6001,21 @@ "type": "mitigates" }, { - "dest-uuid": "1608f3e1-598a-42f4-a01a-2e252e81728f", + "dest-uuid": "cc1e737c-236c-4e3b-83ba-32039a626ef8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d0613359-5781-4fd2-b5be-c269270be1f6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d273434a-448e-4598-8e14-607f4a0d5e27", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5917,70 +6029,7 @@ "type": "mitigates" }, { - "dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "56ff457d-5e39-492b-974c-dfd2b8603ffe", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "1e9eb839-294b-48cc-b0d3-c45555a2a004", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "b39d03cb-7b98-41c4-a878-c40c1a913dc0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "435dfb86-2697-4867-85b5-2fef496c0517", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f2877f7f-9a4c-4251-879f-1224e3006bee", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "035bb001-ab69-4a0b-9f6c-2de8b09e1b9d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "52759bf1-fe12-4052-ace6-c5b0cf7dd7fd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", + "dest-uuid": "ee7ff928-801c-4f34-8a99-3df965e581a5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5994,56 +6043,7 @@ "type": "mitigates" }, { - "dest-uuid": "27960489-4e7f-461d-a62a-f5c0cb521e4a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "cc1e737c-236c-4e3b-83ba-32039a626ef8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "1cfcb312-b8d7-47a4-b560-4b16cc677292", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "0bf78622-e8d2-41da-a857-731472d61a92", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "3fc01293-ef5e-41c6-86ce-61f10706b64a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d0613359-5781-4fd2-b5be-c269270be1f6", + "dest-uuid": "f2877f7f-9a4c-4251-879f-1224e3006bee", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6062,41 +6062,6 @@ ] }, "related": [ - { - "dest-uuid": "b7dc639b-24cd-482d-a7f1-8897eda21023", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "768dce68-8d0d-477a-b01d-0eea98b963a1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "435dfb86-2697-4867-85b5-2fef496c0517", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "8d7bd4f5-3a89-4453-9c82-2c8894d5655e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "3fc01293-ef5e-41c6-86ce-61f10706b64a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", "tags": [ @@ -6104,34 +6069,6 @@ ], "type": "mitigates" }, - { - "dest-uuid": "f303a39a-6255-4b89-aecc-18c4d8ca7163", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "6add2ab5-2711-4e9d-87c8-7a0be8531530", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "7b211ac6-c815-4189-93a9-ab415deca926", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "92a78814-b191-47ca-909c-1ccfe3777414", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "1df0326d-2fbc-4d08-a16b-48365f1e742d", "tags": [ @@ -6140,7 +6077,56 @@ "type": "mitigates" }, { - "dest-uuid": "ba8e391f-14b5-496f-81f2-2d5ecd646c1c", + "dest-uuid": "1f9c2bae-b441-4f66-a8af-b65946ee72f2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "3fc01293-ef5e-41c6-86ce-61f10706b64a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "435dfb86-2697-4867-85b5-2fef496c0517", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "6add2ab5-2711-4e9d-87c8-7a0be8531530", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "768dce68-8d0d-477a-b01d-0eea98b963a1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "7b211ac6-c815-4189-93a9-ab415deca926", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "8d7bd4f5-3a89-4453-9c82-2c8894d5655e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "92a78814-b191-47ca-909c-1ccfe3777414", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6154,7 +6140,21 @@ "type": "mitigates" }, { - "dest-uuid": "1f9c2bae-b441-4f66-a8af-b65946ee72f2", + "dest-uuid": "b7dc639b-24cd-482d-a7f1-8897eda21023", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ba8e391f-14b5-496f-81f2-2d5ecd646c1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f303a39a-6255-4b89-aecc-18c4d8ca7163", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6169,13 +6169,13 @@ "meta": { "external_id": "T1015", "refs": [ - "https://attack.mitre.org/mitigations/T1015", - "https://technet.microsoft.com/en-us/library/cc732713.aspx", - "https://technet.microsoft.com/en-us/library/cc731150.aspx", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", - "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1015", + "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", + "https://technet.microsoft.com/en-us/library/cc731150.aspx", + "https://technet.microsoft.com/en-us/library/cc732713.aspx", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -6229,8 +6229,8 @@ "external_id": "T1051", "refs": [ "https://attack.mitre.org/mitigations/T1051", - "https://www.acunetix.com/websitesecurity/webserver-security/", - "https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-123.pdf" + "https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-123.pdf", + "https://www.acunetix.com/websitesecurity/webserver-security/" ] }, "related": [ @@ -6277,24 +6277,24 @@ "meta": { "external_id": "T1107", "refs": [ - "https://attack.mitre.org/mitigations/T1107", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1107", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, "related": [ { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "56fca983-1cf1-4fd1-bda0-5e170a37ab59", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "56fca983-1cf1-4fd1-bda0-5e170a37ab59", + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6314,84 +6314,14 @@ }, "related": [ { - "dest-uuid": "dfefe2ed-4389-4318-8762-f0272b350a1b", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "ffeb0780-356e-4261-b036-cfb6bd234335", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "818302b2-d640-477b-bf88-873120ce85c4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "a257ed11-ff3b-4216-8c9d-3938ef57064c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "94cb00a4-b295-4d06-aa2b-5653b9c1be9c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "dd901512-6e37-4155-943b-453e3777b125", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "8cdeb020-e31e-4f88-a582-f53dcfbda819", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6405,231 +6335,7 @@ "type": "mitigates" }, { - "dest-uuid": "cacc40da-4c9e-462c-80d5-fd70a178b12d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "e0232cb0-ded5-4c2e-9dc7-2893142a5c11", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "92a78814-b191-47ca-909c-1ccfe3777414", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "c8e87b83-edbb-48d4-9295-4974897525b7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "804c042c-cfe6-449e-bc1a-ba0a998a70db", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "18d4ab39-12ed-4a16-9fdb-ae311bba4a0f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "544b0346-29ad-41e1-a808-501bb4193f47", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "57a3d31a-d04f-4663-b2da-7df8ec3f8c9d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "c23b740b-a42b-47a1-aec2-9d48ddd547ff", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "2acf44aa-542f-4366-b4eb-55ef5747759c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "6a5848a8-6201-4a2c-8a6a-ca5af8c6f3df", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "810aa4ad-61c9-49cb-993f-daa06199421d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "e99ec083-abdd-48de-ad87-4dbf6f8ba2a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "e49920b0-6c54-40c1-9571-73723653205f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "51a14c76-dd3b-440b-9c20-2bf91d25a814", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "51dea151-0898-4a45-967c-3ebee0420484", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "b2d03cea-aec1-45ca-9744-9ee583c1e1cc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "3298ce88-1628-43b1-87d9-0b5336b193d7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "514ede4c-78b3-4d78-a38b-daddf6217a79", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "aa8bfbc9-78dc-41a4-a03b-7453e0fdccda", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "70857657-bd0b-4695-ad3e-b13f92cac1b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "6836813e-8ec8-4375-b459-abb388cb1a35", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "c4ad009b-6e13-4419-8d21-918a1652de02", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "4eb28bed-d11a-4641-9863-c2ac017d910a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "c0a384a4-9a25-40e1-97b6-458388474bc8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d157f9d2-d09a-4efa-bb2a-64963f94e253", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "2ba5aa71-9d15-4b22-b726-56af06d9ad2f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "cf1c2504-433f-4c4e-a1f8-91de45a0318c", + "dest-uuid": "0c4b4fda-9062-47da-98b9-ceae2dcf052a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6643,7 +6349,84 @@ "type": "mitigates" }, { - "dest-uuid": "74d2a63f-3c7b-4852-92da-02d8fbab16da", + "dest-uuid": "0fff2797-19cb-41ea-a5f1-8a9303b8158e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "106c0cf6-bf73-4601-9aa8-0945c2715ec5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "1126cab1-c700-412f-a510-61f4937bb096", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "144e007b-e638-431d-a894-45d90c54ab90", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "18d4ab39-12ed-4a16-9fdb-ae311bba4a0f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "1f9c2bae-b441-4f66-a8af-b65946ee72f2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "2acf44aa-542f-4366-b4eb-55ef5747759c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "2ba5aa71-9d15-4b22-b726-56af06d9ad2f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6664,168 +6447,14 @@ "type": "mitigates" }, { - "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", + "dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "144e007b-e638-431d-a894-45d90c54ab90", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "8f104855-e5b7-4077-b1f5-bc3103b41abe", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "106c0cf6-bf73-4601-9aa8-0945c2715ec5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "86850eff-2729-40c3-b85e-c4af26da4a2d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d456de47-a16f-4e46-8980-e67478a12dcb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "77532a55-c283-4cd2-bc5d-2d0b65e9d88c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "0c4b4fda-9062-47da-98b9-ceae2dcf052a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "e906ae4d-1d3a-4675-be23-22f7311c0da4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "53bfc8bf-8f76-4cd7-8958-49a884ddb3ee", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "cff94884-3b1c-4987-a70b-6d5643c621c3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "6b57dc31-b814-4a03-8706-28bc20d739c4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "e0033c16-a07e-48aa-8204-7c3ca669998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "8faedf87-dceb-4c35-b2a2-7286f59a3bc3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "7ad38ef1-381a-406d-872a-38b136eb5ecc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "1f9c2bae-b441-4f66-a8af-b65946ee72f2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "56e0d8b8-3e25-49dd-9050-3aa252f5aa92", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "8565825b-21c8-4518-b75e-cbc4c717a156", + "dest-uuid": "3298ce88-1628-43b1-87d9-0b5336b193d7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6839,7 +6468,7 @@ "type": "mitigates" }, { - "dest-uuid": "0fff2797-19cb-41ea-a5f1-8a9303b8158e", + "dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6853,56 +6482,56 @@ "type": "mitigates" }, { - "dest-uuid": "f232fa7a-025c-4d43-abc7-318e81a73d65", + "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "70d81154-b187-45f9-8ec5-295d01255979", + "dest-uuid": "4eb28bed-d11a-4641-9863-c2ac017d910a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "a542bac9-7bc1-4da7-9a09-96f69e23cc21", + "dest-uuid": "514ede4c-78b3-4d78-a38b-daddf6217a79", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "677569f9-a8b0-459e-ab24-7f18091fa7bf", + "dest-uuid": "51a14c76-dd3b-440b-9c20-2bf91d25a814", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "9e8b28c9-35fe-48ac-a14d-e6cc032dcbcd", + "dest-uuid": "51dea151-0898-4a45-967c-3ebee0420484", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e", + "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "890c9858-598c-401d-a4d5-c67ebcdd703a", + "dest-uuid": "53bfc8bf-8f76-4cd7-8958-49a884ddb3ee", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "a1b52199-c8c5-438a-9ded-656f1d0888c6", + "dest-uuid": "544b0346-29ad-41e1-a808-501bb4193f47", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6916,28 +6545,112 @@ "type": "mitigates" }, { - "dest-uuid": "970cdb5c-02fb-4c38-b17e-d6327cf3c810", + "dest-uuid": "56e0d8b8-3e25-49dd-9050-3aa252f5aa92", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "1126cab1-c700-412f-a510-61f4937bb096", + "dest-uuid": "573ad264-1371-4ae0-8482-d2673b719dba", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "ed2e45f9-d338-4eb2-8ce5-3a2e03323bc1", + "dest-uuid": "57a3d31a-d04f-4663-b2da-7df8ec3f8c9d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "d4bdbdea-eaec-4071-b4f9-5105e12ea4b6", + "dest-uuid": "5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "5d2be8b9-d24c-4e98-83bf-2f5f79477163", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "62dfd1ca-52d5-483c-a84b-d6e80bf94b7b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "677569f9-a8b0-459e-ab24-7f18091fa7bf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "6836813e-8ec8-4375-b459-abb388cb1a35", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "6a5848a8-6201-4a2c-8a6a-ca5af8c6f3df", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "6b57dc31-b814-4a03-8706-28bc20d739c4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "70857657-bd0b-4695-ad3e-b13f92cac1b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "70d81154-b187-45f9-8ec5-295d01255979", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "74d2a63f-3c7b-4852-92da-02d8fbab16da", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "77532a55-c283-4cd2-bc5d-2d0b65e9d88c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "7ad38ef1-381a-406d-872a-38b136eb5ecc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6958,35 +6671,308 @@ "type": "mitigates" }, { - "dest-uuid": "5d2be8b9-d24c-4e98-83bf-2f5f79477163", + "dest-uuid": "804c042c-cfe6-449e-bc1a-ba0a998a70db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5", + "dest-uuid": "810aa4ad-61c9-49cb-993f-daa06199421d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "62dfd1ca-52d5-483c-a84b-d6e80bf94b7b", + "dest-uuid": "818302b2-d640-477b-bf88-873120ce85c4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", + "dest-uuid": "8565825b-21c8-4518-b75e-cbc4c717a156", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "573ad264-1371-4ae0-8482-d2673b719dba", + "dest-uuid": "86850eff-2729-40c3-b85e-c4af26da4a2d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "890c9858-598c-401d-a4d5-c67ebcdd703a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "8cdeb020-e31e-4f88-a582-f53dcfbda819", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "8f104855-e5b7-4077-b1f5-bc3103b41abe", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "8faedf87-dceb-4c35-b2a2-7286f59a3bc3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "92a78814-b191-47ca-909c-1ccfe3777414", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "94cb00a4-b295-4d06-aa2b-5653b9c1be9c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "970cdb5c-02fb-4c38-b17e-d6327cf3c810", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "9e8b28c9-35fe-48ac-a14d-e6cc032dcbcd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "a1b52199-c8c5-438a-9ded-656f1d0888c6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "a257ed11-ff3b-4216-8c9d-3938ef57064c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "a542bac9-7bc1-4da7-9a09-96f69e23cc21", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "aa8bfbc9-78dc-41a4-a03b-7453e0fdccda", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "b2d03cea-aec1-45ca-9744-9ee583c1e1cc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "c0a384a4-9a25-40e1-97b6-458388474bc8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "c23b740b-a42b-47a1-aec2-9d48ddd547ff", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "c4ad009b-6e13-4419-8d21-918a1652de02", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "c8e87b83-edbb-48d4-9295-4974897525b7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "cacc40da-4c9e-462c-80d5-fd70a178b12d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "cf1c2504-433f-4c4e-a1f8-91de45a0318c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "cff94884-3b1c-4987-a70b-6d5643c621c3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d157f9d2-d09a-4efa-bb2a-64963f94e253", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d456de47-a16f-4e46-8980-e67478a12dcb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d4bdbdea-eaec-4071-b4f9-5105e12ea4b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "dd901512-6e37-4155-943b-453e3777b125", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "dfefe2ed-4389-4318-8762-f0272b350a1b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "e0033c16-a07e-48aa-8204-7c3ca669998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "e0232cb0-ded5-4c2e-9dc7-2893142a5c11", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "e49920b0-6c54-40c1-9571-73723653205f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "e906ae4d-1d3a-4675-be23-22f7311c0da4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "e99ec083-abdd-48de-ad87-4dbf6f8ba2a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7000,7 +6986,14 @@ "type": "mitigates" }, { - "dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48", + "dest-uuid": "ed2e45f9-d338-4eb2-8ce5-3a2e03323bc1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f232fa7a-025c-4d43-abc7-318e81a73d65", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7019,6 +7012,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" + }, + { + "dest-uuid": "ffeb0780-356e-4261-b036-cfb6bd234335", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" } ], "uuid": "93e7968a-9074-4eac-8ae9-9f5200ec3317", @@ -7029,13 +7029,13 @@ "meta": { "external_id": "T1108", "refs": [ - "https://attack.mitre.org/mitigations/T1108", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", - "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", - "https://technet.microsoft.com/en-us/library/ee791851.aspx", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/mitigations/T1108", + "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", + "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, "related": [ @@ -7060,14 +7060,14 @@ }, "related": [ { - "dest-uuid": "791481f8-e96a-41be-b089-a088763083d4", + "dest-uuid": "10d5f3b7-6be6-4da5-9a77-0f1e2bbfcc44", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "10d5f3b7-6be6-4da5-9a77-0f1e2bbfcc44", + "dest-uuid": "791481f8-e96a-41be-b089-a088763083d4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7082,20 +7082,20 @@ "meta": { "external_id": "T1019", "refs": [ - "https://attack.mitre.org/mitigations/T1019", - "http://www.trustedcomputinggroup.org/wp-content/uploads/Trusted-Platform-Module-Summary_04292008.pdf" + "http://www.trustedcomputinggroup.org/wp-content/uploads/Trusted-Platform-Module-Summary_04292008.pdf", + "https://attack.mitre.org/mitigations/T1019" ] }, "related": [ { - "dest-uuid": "6856ddd6-2df3-4379-8b87-284603c189c3", + "dest-uuid": "16ab6452-c3c1-497c-a47d-206018ca1ada", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "16ab6452-c3c1-497c-a47d-206018ca1ada", + "dest-uuid": "6856ddd6-2df3-4379-8b87-284603c189c3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7122,7 +7122,7 @@ "type": "mitigates" }, { - "dest-uuid": "fe926152-f431-4baf-956c-4ad3cb0bf23b", + "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7136,7 +7136,7 @@ "type": "mitigates" }, { - "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", + "dest-uuid": "fe926152-f431-4baf-956c-4ad3cb0bf23b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7151,11 +7151,11 @@ "meta": { "external_id": "T1022", "refs": [ - "https://attack.mitre.org/mitigations/T1022", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", - "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1022", + "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -7176,13 +7176,13 @@ "meta": { "external_id": "T1023", "refs": [ - "https://attack.mitre.org/mitigations/T1023", - "https://www.stigviewer.com/stig/windows_server_2008_r2_member_server/2015-06-25/finding/V-26482", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", - "https://technet.microsoft.com/en-us/library/ee791851.aspx" + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1023", + "https://technet.microsoft.com/en-us/library/ee791851.aspx", + "https://www.stigviewer.com/stig/windows_server_2008_r2_member_server/2015-06-25/finding/V-26482" ] }, "related": [ @@ -7226,20 +7226,6 @@ ] }, "related": [ - { - "dest-uuid": "ffeb0780-356e-4261-b036-cfb6bd234335", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "72b5ef57-325c-411b-93ca-a3ca6fa17e31", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "03259939-0b57-482f-8eb5-87c0e0d54334", "tags": [ @@ -7247,90 +7233,6 @@ ], "type": "mitigates" }, - { - "dest-uuid": "aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "61afc315-860c-4364-825d-0d62b2e91edc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "4eb28bed-d11a-4641-9863-c2ac017d910a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "39a130e1-6ab7-434a-8bd2-418e7d9d6427", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "543fceb5-cb92-40cb-aacf-6913d4db58bc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d456de47-a16f-4e46-8980-e67478a12dcb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "565275d5-fcc3-4b66-b4e7-928e4cac6b8c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "dce31a00-1e90-4655-b0f9-e2e71a748a87", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "eb125d40-0b2d-41ac-a71a-3229241c2cd3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "17cc750b-e95b-4d7d-9dde-49e0de24148c", "tags": [ @@ -7339,7 +7241,7 @@ "type": "mitigates" }, { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7352,6 +7254,83 @@ ], "type": "mitigates" }, + { + "dest-uuid": "39a130e1-6ab7-434a-8bd2-418e7d9d6427", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "4eb28bed-d11a-4641-9863-c2ac017d910a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "543fceb5-cb92-40cb-aacf-6913d4db58bc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "565275d5-fcc3-4b66-b4e7-928e4cac6b8c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "61afc315-860c-4364-825d-0d62b2e91edc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "72b5ef57-325c-411b-93ca-a3ca6fa17e31", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "b83e166d-13d7-4b52-8677-dff90c548fd7", "tags": [ @@ -7360,7 +7339,28 @@ "type": "mitigates" }, { - "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", + "dest-uuid": "d456de47-a16f-4e46-8980-e67478a12dcb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "dce31a00-1e90-4655-b0f9-e2e71a748a87", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "eb125d40-0b2d-41ac-a71a-3229241c2cd3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ffeb0780-356e-4261-b036-cfb6bd234335", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7379,62 +7379,6 @@ ] }, "related": [ - { - "dest-uuid": "9e8b28c9-35fe-48ac-a14d-e6cc032dcbcd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "70d81154-b187-45f9-8ec5-295d01255979", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "67720091-eee3-4d2d-ae16-8264567f6f5b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "ca1a3f50-5ebd-41f8-8320-2c7d6a6e88be", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "c1b11bf7-c68e-4fbf-a95b-28efbe7953bb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "9fa07bef-9c81-421e-a8e5-ad4366c5a925", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "0ca7beef-9bbc-4e35-97cf-437384ddce6a", "tags": [ @@ -7442,20 +7386,6 @@ ], "type": "mitigates" }, - { - "dest-uuid": "c23b740b-a42b-47a1-aec2-9d48ddd547ff", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "42fe883a-21ea-4cfb-b94a-78b6476dcc83", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", "tags": [ @@ -7463,12 +7393,82 @@ ], "type": "mitigates" }, + { + "dest-uuid": "42fe883a-21ea-4cfb-b94a-78b6476dcc83", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "67720091-eee3-4d2d-ae16-8264567f6f5b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "70d81154-b187-45f9-8ec5-295d01255979", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "7c93aa74-4bc0-4a9e-90ea-f25f86301566", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" + }, + { + "dest-uuid": "9e8b28c9-35fe-48ac-a14d-e6cc032dcbcd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "9fa07bef-9c81-421e-a8e5-ad4366c5a925", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "c1b11bf7-c68e-4fbf-a95b-28efbe7953bb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "c23b740b-a42b-47a1-aec2-9d48ddd547ff", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ca1a3f50-5ebd-41f8-8320-2c7d6a6e88be", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" } ], "uuid": "2c2ad92a-d710-41ab-a996-1db143bb4808", @@ -7491,7 +7491,7 @@ "type": "mitigates" }, { - "dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84", + "dest-uuid": "5095a853-299c-4876-abd7-ac0050fb5462", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7512,7 +7512,14 @@ "type": "mitigates" }, { - "dest-uuid": "5095a853-299c-4876-abd7-ac0050fb5462", + "dest-uuid": "6c174520-beea-43d9-aac6-28fb77f3e446", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "b8cfed42-6a8a-4989-ad72-541af74475ec", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7533,14 +7540,7 @@ "type": "mitigates" }, { - "dest-uuid": "6c174520-beea-43d9-aac6-28fb77f3e446", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "b8cfed42-6a8a-4989-ad72-541af74475ec", + "dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7580,7 +7580,14 @@ }, "related": [ { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7594,35 +7601,42 @@ "type": "mitigates" }, { - "dest-uuid": "772bc7a8-a157-42cc-8728-d648e25c7fe7", + "dest-uuid": "06c00069-771a-4d57-8ef5-d3718c1a8771", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "69e5226d-05dc-4f15-95d7-44f5ed78d06e", + "dest-uuid": "09b130a2-a77e-4af0-a361-f46f9aad1345", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "2169ba87-1146-4fc7-a118-12b72251db7e", + "dest-uuid": "0fff2797-19cb-41ea-a5f1-8a9303b8158e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "c23b740b-a42b-47a1-aec2-9d48ddd547ff", + "dest-uuid": "1126cab1-c700-412f-a510-61f4937bb096", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7636,91 +7650,7 @@ "type": "mitigates" }, { - "dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "800f9819-7007-4540-a520-40e655876800", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "7b50a1d3-4ca7-45d1-989d-a6503f04bfe1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "6be14413-578e-46c1-8304-310762b3ecd5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "6856ddd6-2df3-4379-8b87-284603c189c3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d456de47-a16f-4e46-8980-e67478a12dcb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f232fa7a-025c-4d43-abc7-318e81a73d65", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d157f9d2-d09a-4efa-bb2a-64963f94e253", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "7610cada-1499-41a4-b3dd-46467b68d177", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "4ffc1794-ec3b-45be-9e52-42dbcb2af2de", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "28abec6c-4443-4b03-8206-07f2e264a6b4", + "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7734,21 +7664,70 @@ "type": "mitigates" }, { - "dest-uuid": "b39d03cb-7b98-41c4-a878-c40c1a913dc0", + "dest-uuid": "1b7b1806-7746-41a1-a35d-e48dae25ddba", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "7f0ca133-88c4-40c6-a62f-b3083a7fbc2e", + "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "51a14c76-dd3b-440b-9c20-2bf91d25a814", + "dest-uuid": "1f9c2bae-b441-4f66-a8af-b65946ee72f2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "2169ba87-1146-4fc7-a118-12b72251db7e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "24769ab5-14bd-4f4e-a752-cfb185da53ee", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "28170e17-8384-415c-8486-2e6b294cb803", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "28abec6c-4443-4b03-8206-07f2e264a6b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "2dbbdcd5-92cf-44c0-aea2-fe24783a6bc3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "2edd9d6a-5674-4326-a600-ba56de467286", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7762,7 +7741,245 @@ "type": "mitigates" }, { - "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", + "dest-uuid": "327f3cc5-eea1-42d4-a6cd-ed34b7ce8f61", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "341e222a-a6e3-4f6f-b69c-831d792b1580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "34e793de-0274-4982-9c1a-246ed1c19dee", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "35187df2-31ed-43b6-a1f5-2f1d3d58d3f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "3fc01293-ef5e-41c6-86ce-61f10706b64a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "435dfb86-2697-4867-85b5-2fef496c0517", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "457c7820-d331-465a-915e-42f85500ccc4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "4a5b7ade-8bb5-4853-84ed-23f262002665", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "4d2a5b3e-340d-4600-9123-309dd63c9bf8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "4fd8a28b-4b3a-4cd6-a8cf-85ba5f824a7f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "4ffc1794-ec3b-45be-9e52-42dbcb2af2de", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "51a14c76-dd3b-440b-9c20-2bf91d25a814", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "51dea151-0898-4a45-967c-3ebee0420484", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "565275d5-fcc3-4b66-b4e7-928e4cac6b8c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "65917ae0-b854-4139-83fe-bf2441cf0196", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "67720091-eee3-4d2d-ae16-8264567f6f5b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "677569f9-a8b0-459e-ab24-7f18091fa7bf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "6856ddd6-2df3-4379-8b87-284603c189c3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "68a0c5ed-bee2-4513-830d-5b0d650139bd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "69e5226d-05dc-4f15-95d7-44f5ed78d06e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "6add2ab5-2711-4e9d-87c8-7a0be8531530", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "6be14413-578e-46c1-8304-310762b3ecd5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "7610cada-1499-41a4-b3dd-46467b68d177", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "768dce68-8d0d-477a-b01d-0eea98b963a1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "772bc7a8-a157-42cc-8728-d648e25c7fe7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7775,6 +7992,139 @@ ], "type": "mitigates" }, + { + "dest-uuid": "7b50a1d3-4ca7-45d1-989d-a6503f04bfe1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "7f0ca133-88c4-40c6-a62f-b3083a7fbc2e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "800f9819-7007-4540-a520-40e655876800", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "804c042c-cfe6-449e-bc1a-ba0a998a70db", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "818302b2-d640-477b-bf88-873120ce85c4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "86850eff-2729-40c3-b85e-c4af26da4a2d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "8a2f40cf-8325-47f9-96e4-b1ca4c7389bd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "8cdeb020-e31e-4f88-a582-f53dcfbda819", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "92a78814-b191-47ca-909c-1ccfe3777414", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "94cb00a4-b295-4d06-aa2b-5653b9c1be9c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "9e80ddfb-ce32-4961-a778-ca6a10cfae72", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "a009cb25-4801-4116-9105-80a91cf15c1b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "a1b52199-c8c5-438a-9ded-656f1d0888c6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "a257ed11-ff3b-4216-8c9d-3938ef57064c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "a542bac9-7bc1-4da7-9a09-96f69e23cc21", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "acd0ba37-7ba9-4cc5-ac61-796586cd856d", "tags": [ @@ -7790,434 +8140,14 @@ "type": "mitigates" }, { - "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", + "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "e74de37c-a829-446c-937d-56a44f0e9306", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "9e80ddfb-ce32-4961-a778-ca6a10cfae72", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "94cb00a4-b295-4d06-aa2b-5653b9c1be9c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d4b96d2c-1032-4b22-9235-2b5b649d0605", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "341e222a-a6e3-4f6f-b69c-831d792b1580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "c16e5409-ee53-4d79-afdc-4099dc9292df", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "2dbbdcd5-92cf-44c0-aea2-fe24783a6bc3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "1b7b1806-7746-41a1-a35d-e48dae25ddba", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f3d95a1f-bba2-44ce-9af7-37866cd63fd0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "86850eff-2729-40c3-b85e-c4af26da4a2d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "51dea151-0898-4a45-967c-3ebee0420484", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "8a2f40cf-8325-47f9-96e4-b1ca4c7389bd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "b8017880-4b1e-42de-ad10-ae7ac6705166", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "677569f9-a8b0-459e-ab24-7f18091fa7bf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "fc74ba38-dc98-461f-8611-b3dbf9978e3d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "4d2a5b3e-340d-4600-9123-309dd63c9bf8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "65917ae0-b854-4139-83fe-bf2441cf0196", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "ffe742ed-9100-4686-9e00-c331da544787", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f2877f7f-9a4c-4251-879f-1224e3006bee", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "a1b52199-c8c5-438a-9ded-656f1d0888c6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d50955c2-272d-4ac8-95da-10c29dda1c48", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "dfefe2ed-4389-4318-8762-f0272b350a1b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "1f9c2bae-b441-4f66-a8af-b65946ee72f2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "6add2ab5-2711-4e9d-87c8-7a0be8531530", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "34e793de-0274-4982-9c1a-246ed1c19dee", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d245808a-7086-4310-984a-a84aaaa43f8f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "2edd9d6a-5674-4326-a600-ba56de467286", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "67720091-eee3-4d2d-ae16-8264567f6f5b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f44731de-ea9f-406d-9b83-30ecbb9b4392", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "327f3cc5-eea1-42d4-a6cd-ed34b7ce8f61", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "ebb42bbe-62d7-47d7-a55f-3b08b61d792d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "68a0c5ed-bee2-4513-830d-5b0d650139bd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "457c7820-d331-465a-915e-42f85500ccc4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f5bb433e-bdf6-4781-84bc-35e97e43be89", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "8cdeb020-e31e-4f88-a582-f53dcfbda819", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "768dce68-8d0d-477a-b01d-0eea98b963a1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "a009cb25-4801-4116-9105-80a91cf15c1b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "ca1a3f50-5ebd-41f8-8320-2c7d6a6e88be", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f8ef3a62-3f44-40a4-abca-761ab235c436", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "09b130a2-a77e-4af0-a361-f46f9aad1345", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "ea016b56-ae0e-47fe-967a-cc0ad51af67f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "35187df2-31ed-43b6-a1f5-2f1d3d58d3f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "e906ae4d-1d3a-4675-be23-22f7311c0da4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "435dfb86-2697-4867-85b5-2fef496c0517", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "06c00069-771a-4d57-8ef5-d3718c1a8771", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "92a78814-b191-47ca-909c-1ccfe3777414", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "e0033c16-a07e-48aa-8204-7c3ca669998c", + "dest-uuid": "b39d03cb-7b98-41c4-a878-c40c1a913dc0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -8231,189 +8161,14 @@ "type": "mitigates" }, { - "dest-uuid": "3fc01293-ef5e-41c6-86ce-61f10706b64a", + "dest-uuid": "b8017880-4b1e-42de-ad10-ae7ac6705166", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "0fff2797-19cb-41ea-a5f1-8a9303b8158e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "a542bac9-7bc1-4da7-9a09-96f69e23cc21", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "565275d5-fcc3-4b66-b4e7-928e4cac6b8c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "4fd8a28b-4b3a-4cd6-a8cf-85ba5f824a7f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f303a39a-6255-4b89-aecc-18c4d8ca7163", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "fdc47f44-dd32-4b99-af5f-209f556f63c2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "e01be9c5-e763-4caf-aeb7-000b416aef67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f9e9365a-9ca2-4d9c-8e7c-050d73d1101a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "804c042c-cfe6-449e-bc1a-ba0a998a70db", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d273434a-448e-4598-8e14-607f4a0d5e27", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "a257ed11-ff3b-4216-8c9d-3938ef57064c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "24769ab5-14bd-4f4e-a752-cfb185da53ee", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "c3bce4f4-9795-46c6-976e-8676300bbc39", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "fa44a152-ac48-441e-a524-dd7b04b8adcd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "4a5b7ade-8bb5-4853-84ed-23f262002665", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "28170e17-8384-415c-8486-2e6b294cb803", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "1126cab1-c700-412f-a510-61f4937bb096", + "dest-uuid": "c16e5409-ee53-4d79-afdc-4099dc9292df", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -8427,7 +8182,154 @@ "type": "mitigates" }, { - "dest-uuid": "818302b2-d640-477b-bf88-873120ce85c4", + "dest-uuid": "c23b740b-a42b-47a1-aec2-9d48ddd547ff", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "c3bce4f4-9795-46c6-976e-8676300bbc39", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ca1a3f50-5ebd-41f8-8320-2c7d6a6e88be", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d157f9d2-d09a-4efa-bb2a-64963f94e253", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d245808a-7086-4310-984a-a84aaaa43f8f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d273434a-448e-4598-8e14-607f4a0d5e27", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d456de47-a16f-4e46-8980-e67478a12dcb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d4b96d2c-1032-4b22-9235-2b5b649d0605", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d50955c2-272d-4ac8-95da-10c29dda1c48", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "dfefe2ed-4389-4318-8762-f0272b350a1b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "e0033c16-a07e-48aa-8204-7c3ca669998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "e01be9c5-e763-4caf-aeb7-000b416aef67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "e74de37c-a829-446c-937d-56a44f0e9306", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "e906ae4d-1d3a-4675-be23-22f7311c0da4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ea016b56-ae0e-47fe-967a-cc0ad51af67f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ebb42bbe-62d7-47d7-a55f-3b08b61d792d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -8439,6 +8341,104 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" + }, + { + "dest-uuid": "f232fa7a-025c-4d43-abc7-318e81a73d65", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f2877f7f-9a4c-4251-879f-1224e3006bee", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f303a39a-6255-4b89-aecc-18c4d8ca7163", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f3d95a1f-bba2-44ce-9af7-37866cd63fd0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f44731de-ea9f-406d-9b83-30ecbb9b4392", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f5bb433e-bdf6-4781-84bc-35e97e43be89", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f8ef3a62-3f44-40a4-abca-761ab235c436", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f9e9365a-9ca2-4d9c-8e7c-050d73d1101a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "fa44a152-ac48-441e-a524-dd7b04b8adcd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "fc74ba38-dc98-461f-8611-b3dbf9978e3d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "fdc47f44-dd32-4b99-af5f-209f556f63c2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ffe742ed-9100-4686-9e00-c331da544787", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" } ], "uuid": "9bb9e696-bff8-4ae1-9454-961fc7d91d5f", @@ -8449,8 +8449,8 @@ "meta": { "external_id": "T1026", "refs": [ - "https://attack.mitre.org/mitigations/T1026", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/mitigations/T1026" ] }, "related": [ @@ -8495,28 +8495,7 @@ }, "related": [ { - "dest-uuid": "3731fbcd-0e43-47ae-ae6c-d15e510f0d42", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "c8e87b83-edbb-48d4-9295-4974897525b7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "7610cada-1499-41a4-b3dd-46467b68d177", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -8529,76 +8508,6 @@ ], "type": "mitigates" }, - { - "dest-uuid": "f3d95a1f-bba2-44ce-9af7-37866cd63fd0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "51dea151-0898-4a45-967c-3ebee0420484", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "44dca04b-808d-46ca-b25f-d85236d4b9f8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "633a100c-b2c9-41bf-9be5-905c1b16c825", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "6831414d-bb70-42b7-8030-d4e06b2660c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "1365fe3b-0f50-455d-b4da-266ce31c23b0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "8187bd2a-866f-4457-9009-86b0ddedffa3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "6add2ab5-2711-4e9d-87c8-7a0be8531530", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", "tags": [ @@ -8606,20 +8515,6 @@ ], "type": "mitigates" }, - { - "dest-uuid": "51ea26b1-ff1e-4faa-b1a0-1114cd298c87", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "106c0cf6-bf73-4601-9aa8-0945c2715ec5", "tags": [ @@ -8628,105 +8523,21 @@ "type": "mitigates" }, { - "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", + "dest-uuid": "11f29a39-0942-4d62-92b6-fe236cf3066e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "8c4aef43-48d5-49aa-b2af-c0cd58d30c3d", + "dest-uuid": "1365fe3b-0f50-455d-b4da-266ce31c23b0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "ce73ea43-8e77-47ba-9c11-5e9c9c58b9ff", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "613d08bc-e8f4-4791-80b0-c8b974340dfd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "64196062-5210-42c3-9a02-563a0d1797ef", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "8f504411-cb96-4dac-a537-8d2bb7679c59", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "435dfb86-2697-4867-85b5-2fef496c0517", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "c615231b-f253-4f58-9d47-d5b4cbdb6839", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "70e52b04-2a0c-4cea-9d18-7149f1df9dc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "b83e166d-13d7-4b52-8677-dff90c548fd7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "72b74d71-8169-42aa-92e0-e7b04b9f5a08", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "b8c5c9dd-a662-479d-9428-ae745872537c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "9b99b83a-1aac-4e29-b975-b374950551a3", + "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -8740,28 +8551,7 @@ "type": "mitigates" }, { - "dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "e01be9c5-e763-4caf-aeb7-000b416aef67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "11f29a39-0942-4d62-92b6-fe236cf3066e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "28abec6c-4443-4b03-8206-07f2e264a6b4", + "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -8775,7 +8565,21 @@ "type": "mitigates" }, { - "dest-uuid": "c0df6533-30ee-4a4a-9c6d-17af5abdf0b2", + "dest-uuid": "28abec6c-4443-4b03-8206-07f2e264a6b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -8789,7 +8593,182 @@ "type": "mitigates" }, { - "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", + "dest-uuid": "3731fbcd-0e43-47ae-ae6c-d15e510f0d42", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "435dfb86-2697-4867-85b5-2fef496c0517", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "44dca04b-808d-46ca-b25f-d85236d4b9f8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "51dea151-0898-4a45-967c-3ebee0420484", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "51ea26b1-ff1e-4faa-b1a0-1114cd298c87", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "613d08bc-e8f4-4791-80b0-c8b974340dfd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "633a100c-b2c9-41bf-9be5-905c1b16c825", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "64196062-5210-42c3-9a02-563a0d1797ef", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "67720091-eee3-4d2d-ae16-8264567f6f5b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "6831414d-bb70-42b7-8030-d4e06b2660c9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "6add2ab5-2711-4e9d-87c8-7a0be8531530", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "70e52b04-2a0c-4cea-9d18-7149f1df9dc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "72b74d71-8169-42aa-92e0-e7b04b9f5a08", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "7610cada-1499-41a4-b3dd-46467b68d177", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "8187bd2a-866f-4457-9009-86b0ddedffa3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "8c4aef43-48d5-49aa-b2af-c0cd58d30c3d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "8f504411-cb96-4dac-a537-8d2bb7679c59", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "9b99b83a-1aac-4e29-b975-b374950551a3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "b83e166d-13d7-4b52-8677-dff90c548fd7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "b8c5c9dd-a662-479d-9428-ae745872537c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "c0df6533-30ee-4a4a-9c6d-17af5abdf0b2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "c615231b-f253-4f58-9d47-d5b4cbdb6839", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "c8e87b83-edbb-48d4-9295-4974897525b7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ce73ea43-8e77-47ba-9c11-5e9c9c58b9ff", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -8810,14 +8789,35 @@ "type": "mitigates" }, { - "dest-uuid": "67720091-eee3-4d2d-ae16-8264567f6f5b", + "dest-uuid": "e01be9c5-e763-4caf-aeb7-000b416aef67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f3d95a1f-bba2-44ce-9af7-37866cd63fd0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -8837,21 +8837,7 @@ }, "related": [ { - "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "ac9e6b22-11bf-45d7-9181-c1cb08360931", + "dest-uuid": "0bf78622-e8d2-41da-a857-731472d61a92", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -8865,14 +8851,14 @@ "type": "mitigates" }, { - "dest-uuid": "92a78814-b191-47ca-909c-1ccfe3777414", + "dest-uuid": "2bce5b30-7014-4a5d-ade7-12913fe6ac36", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "0bf78622-e8d2-41da-a857-731472d61a92", + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -8886,7 +8872,7 @@ "type": "mitigates" }, { - "dest-uuid": "2bce5b30-7014-4a5d-ade7-12913fe6ac36", + "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -8898,6 +8884,20 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" + }, + { + "dest-uuid": "92a78814-b191-47ca-909c-1ccfe3777414", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ac9e6b22-11bf-45d7-9181-c1cb08360931", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" } ], "uuid": "20a2baeb-98c2-4901-bad7-dc62d0a03dea", @@ -8908,10 +8908,10 @@ "meta": { "external_id": "T1209", "refs": [ - "https://attack.mitre.org/mitigations/T1209", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1209", "https://docs.microsoft.com/windows-server/networking/windows-time-service/windows-time-service-tools-and-settings" ] }, @@ -8932,8 +8932,8 @@ "meta": { "external_id": "T1029", "refs": [ - "https://attack.mitre.org/mitigations/T1029", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/mitigations/T1029" ] }, "related": [ @@ -8958,21 +8958,7 @@ }, "related": [ { - "dest-uuid": "389735f1-f21c-4208-b8f0-f8031e7169b8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "dfefe2ed-4389-4318-8762-f0272b350a1b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", + "dest-uuid": "01327cde-66c4-4123-bf34-5f258d59457b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -8993,14 +8979,28 @@ "type": "mitigates" }, { - "dest-uuid": "e0232cb0-ded5-4c2e-9dc7-2893142a5c11", + "dest-uuid": "389735f1-f21c-4208-b8f0-f8031e7169b8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "01327cde-66c4-4123-bf34-5f258d59457b", + "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "dfefe2ed-4389-4318-8762-f0272b350a1b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "e0232cb0-ded5-4c2e-9dc7-2893142a5c11", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9020,28 +9020,7 @@ }, "related": [ { - "dest-uuid": "6e6845c2-347a-4a6f-a2d1-b74a18ebd352", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f0589bc3-a6ae-425a-a3d5-5659bfee07f4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "b8017880-4b1e-42de-ad10-ae7ac6705166", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "fc74ba38-dc98-461f-8611-b3dbf9978e3d", + "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9055,14 +9034,14 @@ "type": "mitigates" }, { - "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "d245808a-7086-4310-984a-a84aaaa43f8f", + "dest-uuid": "6e6845c2-347a-4a6f-a2d1-b74a18ebd352", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9076,7 +9055,28 @@ "type": "mitigates" }, { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "dest-uuid": "b8017880-4b1e-42de-ad10-ae7ac6705166", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d245808a-7086-4310-984a-a84aaaa43f8f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f0589bc3-a6ae-425a-a3d5-5659bfee07f4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "fc74ba38-dc98-461f-8611-b3dbf9978e3d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9095,6 +9095,13 @@ ] }, "related": [ + { + "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "a3e1e6c5-9c74-4fc0-a16c-a9d228c17829", "tags": [ @@ -9115,13 +9122,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" - }, - { - "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" } ], "uuid": "2995bc22-2851-4345-ad19-4e7e295be264", @@ -9132,14 +9132,14 @@ "meta": { "external_id": "T1034", "refs": [ - "https://attack.mitre.org/mitigations/T1034", "http://msdn.microsoft.com/en-us/library/ms682425", - "https://msdn.microsoft.com/en-us/library/ff919712.aspx", - "https://skanthak.homepage.t-online.de/sentinel.html", + "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", - "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", - "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx" + "https://attack.mitre.org/mitigations/T1034", + "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", + "https://msdn.microsoft.com/en-us/library/ff919712.aspx", + "https://skanthak.homepage.t-online.de/sentinel.html" ] }, "related": [ @@ -9159,11 +9159,11 @@ "meta": { "external_id": "T1035", "refs": [ - "https://attack.mitre.org/mitigations/T1035", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1035", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -9184,15 +9184,15 @@ "meta": { "external_id": "T1053", "refs": [ - "https://attack.mitre.org/mitigations/T1053", - "https://github.com/mattifestation/PowerSploit", - "https://technet.microsoft.com/library/jj852168.aspx", - "https://technet.microsoft.com/library/dn221960.aspx", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", - "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", - "https://technet.microsoft.com/en-us/library/ee791851.aspx" + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1053", + "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", + "https://github.com/mattifestation/PowerSploit", + "https://technet.microsoft.com/en-us/library/ee791851.aspx", + "https://technet.microsoft.com/library/dn221960.aspx", + "https://technet.microsoft.com/library/jj852168.aspx" ] }, "related": [ @@ -9216,13 +9216,6 @@ ] }, "related": [ - { - "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119", "tags": [ @@ -9231,7 +9224,7 @@ "type": "mitigates" }, { - "dest-uuid": "b2d03cea-aec1-45ca-9744-9ee583c1e1cc", + "dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9245,7 +9238,14 @@ "type": "mitigates" }, { - "dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c", + "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "b2d03cea-aec1-45ca-9744-9ee583c1e1cc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9264,6 +9264,13 @@ ] }, "related": [ + { + "dest-uuid": "01327cde-66c4-4123-bf34-5f258d59457b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "035bb001-ab69-4a0b-9f6c-2de8b09e1b9d", "tags": [ @@ -9271,139 +9278,6 @@ ], "type": "mitigates" }, - { - "dest-uuid": "52759bf1-fe12-4052-ace6-c5b0cf7dd7fd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "0bda01d5-4c1d-4062-8ee2-6872334383c3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "808e6329-ca91-4b87-ac2d-8eadc5f8f327", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "b8017880-4b1e-42de-ad10-ae7ac6705166", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "2bee5ffb-7a7a-4119-b1f2-158151b19ac0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "b77cf5f3-6060-475d-bd60-40ccbf28fdc2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "650c784b-7504-4df7-ab2c-4ea882384d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "451a9977-d255-43c9-b431-66de80130c8c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "7d751199-05fa-4a72-920f-85df4506c76c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "4ffc1794-ec3b-45be-9e52-42dbcb2af2de", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "38eb0c22-6caf-46ce-8869-5964bd735858", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "59ff91cd-1430-4075-8563-e6f15f4f9ff5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "1c2fd73a-e634-44ed-b1b5-9e7cf7404e9f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "0ad7bc5c-235a-4048-944b-3b286676cb74", "tags": [ @@ -9412,28 +9286,7 @@ "type": "mitigates" }, { - "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "c675646d-e204-4aa8-978d-e3d6d65885c4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "435dfb86-2697-4867-85b5-2fef496c0517", + "dest-uuid": "0bda01d5-4c1d-4062-8ee2-6872334383c3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9447,28 +9300,7 @@ "type": "mitigates" }, { - "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "01327cde-66c4-4123-bf34-5f258d59457b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "a19e86f8-1c0a-4fea-8407-23b73d615776", + "dest-uuid": "0df05477-c572-4ed6-88a9-47c581f548f7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9482,7 +9314,7 @@ "type": "mitigates" }, { - "dest-uuid": "d74c4a7e-ffbf-432f-9365-7ebf1f787cab", + "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9496,35 +9328,14 @@ "type": "mitigates" }, { - "dest-uuid": "cabe189c-a0e3-4965-a473-dcff00f17213", + "dest-uuid": "1c2fd73a-e634-44ed-b1b5-9e7cf7404e9f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "79a4052e-1a89-4b09-aea6-51f1d11fe19c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "0df05477-c572-4ed6-88a9-47c581f548f7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d4bdbdea-eaec-4071-b4f9-5105e12ea4b6", + "dest-uuid": "2bee5ffb-7a7a-4119-b1f2-158151b19ac0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9537,6 +9348,111 @@ ], "type": "mitigates" }, + { + "dest-uuid": "36b2a1d7-e09e-49bf-b45e-477076c2ec01", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "38eb0c22-6caf-46ce-8869-5964bd735858", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "435dfb86-2697-4867-85b5-2fef496c0517", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "451a9977-d255-43c9-b431-66de80130c8c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "4ffc1794-ec3b-45be-9e52-42dbcb2af2de", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "52759bf1-fe12-4052-ace6-c5b0cf7dd7fd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "59ff91cd-1430-4075-8563-e6f15f4f9ff5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "650c784b-7504-4df7-ab2c-4ea882384d1e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "79a4052e-1a89-4b09-aea6-51f1d11fe19c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "7d751199-05fa-4a72-920f-85df4506c76c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "808e6329-ca91-4b87-ac2d-8eadc5f8f327", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "8868cb5b-d575-4a60-acb2-07d37389a2fd", "tags": [ @@ -9545,7 +9461,56 @@ "type": "mitigates" }, { - "dest-uuid": "36b2a1d7-e09e-49bf-b45e-477076c2ec01", + "dest-uuid": "8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "a19e86f8-1c0a-4fea-8407-23b73d615776", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "b77cf5f3-6060-475d-bd60-40ccbf28fdc2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "b8017880-4b1e-42de-ad10-ae7ac6705166", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "c675646d-e204-4aa8-978d-e3d6d65885c4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9558,12 +9523,47 @@ ], "type": "mitigates" }, + { + "dest-uuid": "cabe189c-a0e3-4965-a473-dcff00f17213", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d4bdbdea-eaec-4071-b4f9-5105e12ea4b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d74c4a7e-ffbf-432f-9365-7ebf1f787cab", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "ee7ff928-801c-4f34-8a99-3df965e581a5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" + }, + { + "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" } ], "uuid": "20f6a9df-37c4-4e20-9e47-025983b1b39d", @@ -9574,10 +9574,10 @@ "meta": { "external_id": "T1037", "refs": [ - "https://attack.mitre.org/mitigations/T1037", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm" + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1037" ] }, "related": [ @@ -9602,7 +9602,7 @@ }, "related": [ { - "dest-uuid": "8f504411-cb96-4dac-a537-8d2bb7679c59", + "dest-uuid": "086952c4-5b90-4185-b573-02bad8e11953", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9616,14 +9616,14 @@ "type": "mitigates" }, { - "dest-uuid": "d3046a90-580c-4004-8208-66915bc29830", + "dest-uuid": "8f504411-cb96-4dac-a537-8d2bb7679c59", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "086952c4-5b90-4185-b573-02bad8e11953", + "dest-uuid": "d3046a90-580c-4004-8208-66915bc29830", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9638,11 +9638,11 @@ "meta": { "external_id": "T1093", "refs": [ - "https://attack.mitre.org/mitigations/T1093", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", - "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1093", + "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -9668,14 +9668,14 @@ }, "related": [ { - "dest-uuid": "aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6", + "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "f0589bc3-a6ae-425a-a3d5-5659bfee07f4", + "dest-uuid": "46944654-fcc1-4f63-9dad-628102376586", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9689,14 +9689,14 @@ "type": "mitigates" }, { - "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", + "dest-uuid": "aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "46944654-fcc1-4f63-9dad-628102376586", + "dest-uuid": "f0589bc3-a6ae-425a-a3d5-5659bfee07f4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9732,11 +9732,11 @@ "meta": { "external_id": "T1045", "refs": [ - "https://attack.mitre.org/mitigations/T1045", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1045", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -9830,21 +9830,7 @@ }, "related": [ { - "dest-uuid": "8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "a19e86f8-1c0a-4fea-8407-23b73d615776", + "dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9858,14 +9844,14 @@ "type": "mitigates" }, { - "dest-uuid": "e6415f09-df0e-48de-9aba-928c902b7549", + "dest-uuid": "40597f16-0963-4249-bf4c-ac93b7fb9807", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "a3e1e6c5-9c74-4fc0-a16c-a9d228c17829", + "dest-uuid": "8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9879,14 +9865,28 @@ "type": "mitigates" }, { - "dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec", + "dest-uuid": "a19e86f8-1c0a-4fea-8407-23b73d615776", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "40597f16-0963-4249-bf4c-ac93b7fb9807", + "dest-uuid": "a3e1e6c5-9c74-4fc0-a16c-a9d228c17829", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "e6415f09-df0e-48de-9aba-928c902b7549", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9901,11 +9901,11 @@ "meta": { "external_id": "T1057", "refs": [ - "https://attack.mitre.org/mitigations/T1057", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1057", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -9926,13 +9926,13 @@ "meta": { "external_id": "T1087", "refs": [ - "https://attack.mitre.org/mitigations/T1087", - "https://www.stigviewer.com/stig/microsoft_windows_server_2012_member_server/2013-07-25/finding/WN12-CC-000077", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", - "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", - "https://technet.microsoft.com/en-us/library/ee791851.aspx" + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1087", + "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", + "https://technet.microsoft.com/en-us/library/ee791851.aspx", + "https://www.stigviewer.com/stig/microsoft_windows_server_2012_member_server/2013-07-25/finding/WN12-CC-000077" ] }, "related": [ @@ -9954,8 +9954,8 @@ "refs": [ "https://attack.mitre.org/mitigations/T1078", "https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material#a-nameesaebmaesae-administrative-forest-design-approach", - "https://technet.microsoft.com/en-us/library/dn535501.aspx", "https://technet.microsoft.com/en-us/library/dn487450.aspx", + "https://technet.microsoft.com/en-us/library/dn535501.aspx", "https://www.us-cert.gov/ncas/alerts/TA13-175A" ] }, @@ -9976,8 +9976,8 @@ "meta": { "external_id": "T1079", "refs": [ - "https://attack.mitre.org/mitigations/T1079", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/mitigations/T1079" ] }, "related": [ @@ -9997,11 +9997,11 @@ "meta": { "external_id": "T1112", "refs": [ - "https://attack.mitre.org/mitigations/T1112", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1112", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -10022,8 +10022,8 @@ "meta": { "external_id": "T1131", "refs": [ - "https://attack.mitre.org/mitigations/T1131", "http://docplayer.net/20839173-Analysis-of-malicious-security-support-provider-dlls.html", + "https://attack.mitre.org/mitigations/T1131", "https://technet.microsoft.com/en-us/library/dn408187.aspx" ] }, @@ -10044,11 +10044,11 @@ "meta": { "external_id": "T1113", "refs": [ - "https://attack.mitre.org/mitigations/T1113", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1113", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -10069,11 +10069,11 @@ "meta": { "external_id": "T1114", "refs": [ - "https://attack.mitre.org/mitigations/T1114", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", - "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1114", + "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -10114,11 +10114,11 @@ "meta": { "external_id": "T1115", "refs": [ - "https://attack.mitre.org/mitigations/T1115", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", - "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1115", + "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -10159,10 +10159,10 @@ "meta": { "external_id": "T1116", "refs": [ - "https://attack.mitre.org/mitigations/T1116", "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", - "https://technet.microsoft.com/en-us/library/cc733026.aspx", - "https://securelist.com/why-you-shouldnt-completely-trust-files-signed-with-digital-certificates/68593/" + "https://attack.mitre.org/mitigations/T1116", + "https://securelist.com/why-you-shouldnt-completely-trust-files-signed-with-digital-certificates/68593/", + "https://technet.microsoft.com/en-us/library/cc733026.aspx" ] }, "related": [ @@ -10182,11 +10182,11 @@ "meta": { "external_id": "T1119", "refs": [ - "https://attack.mitre.org/mitigations/T1119", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", - "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1119", + "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -10208,8 +10208,8 @@ "external_id": "T1221", "refs": [ "https://attack.mitre.org/mitigations/T1221", - "https://support.office.com/article/enable-or-disable-macros-in-office-files-12b036fd-d140-4e74-b45e-16fed1a7e5c6", - "https://forum.anomali.com/t/credential-harvesting-and-malicious-file-delivery-using-microsoft-office-template-injection/2104" + "https://forum.anomali.com/t/credential-harvesting-and-malicious-file-delivery-using-microsoft-office-template-injection/2104", + "https://support.office.com/article/enable-or-disable-macros-in-office-files-12b036fd-d140-4e74-b45e-16fed1a7e5c6" ] }, "related": [ @@ -10229,11 +10229,11 @@ "meta": { "external_id": "T1123", "refs": [ - "https://attack.mitre.org/mitigations/T1123", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1123", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -10254,8 +10254,8 @@ "meta": { "external_id": "T1132", "refs": [ - "https://attack.mitre.org/mitigations/T1132", - "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" + "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf", + "https://attack.mitre.org/mitigations/T1132" ] }, "related": [ @@ -10275,11 +10275,11 @@ "meta": { "external_id": "T1125", "refs": [ - "https://attack.mitre.org/mitigations/T1125", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", - "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1125", + "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -10313,9 +10313,9 @@ "meta": { "external_id": "T1172", "refs": [ + "http://www.slideshare.net/MatthewDunwoody1/no-easy-breach-derby-con-2016", "https://attack.mitre.org/mitigations/T1172", - "https://www.fireeye.com/blog/threat-research/2017/03/apt29_domain_frontin.html", - "http://www.slideshare.net/MatthewDunwoody1/no-easy-breach-derby-con-2016" + "https://www.fireeye.com/blog/threat-research/2017/03/apt29_domain_frontin.html" ] }, "related": [ @@ -10335,10 +10335,10 @@ "meta": { "external_id": "T1182", "refs": [ - "https://attack.mitre.org/mitigations/T1182", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm" + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1182" ] }, "related": [ @@ -10510,14 +10510,14 @@ }, "related": [ { - "dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf", + "dest-uuid": "56ff457d-5e39-492b-974c-dfd2b8603ffe", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "56ff457d-5e39-492b-974c-dfd2b8603ffe", + "dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -10653,8 +10653,8 @@ "meta": { "external_id": "T1176", "refs": [ - "https://attack.mitre.org/mitigations/T1176", - "http://www.technospot.net/blogs/block-chrome-extensions-using-google-chrome-group-policy-settings/" + "http://www.technospot.net/blogs/block-chrome-extensions-using-google-chrome-group-policy-settings/", + "https://attack.mitre.org/mitigations/T1176" ] }, "related": [ @@ -10674,12 +10674,12 @@ "meta": { "external_id": "T1186", "refs": [ - "https://attack.mitre.org/mitigations/T1186", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", - "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", - "https://www.iad.gov/iad/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", - "https://technet.microsoft.com/en-us/library/ee791851.aspx" + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://attack.mitre.org/mitigations/T1186", + "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", + "https://technet.microsoft.com/en-us/library/ee791851.aspx", + "https://www.iad.gov/iad/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm" ] }, "related": [ @@ -10700,10 +10700,10 @@ "external_id": "T1177", "refs": [ "https://attack.mitre.org/mitigations/T1177", - "https://technet.microsoft.com/library/dn408187.aspx", - "https://docs.microsoft.com/windows/access-protection/credential-guard/credential-guard-manage", "https://docs.microsoft.com/windows/access-protection/credential-guard/credential-guard-how-it-works", - "https://msdn.microsoft.com/library/windows/desktop/ff919712.aspx" + "https://docs.microsoft.com/windows/access-protection/credential-guard/credential-guard-manage", + "https://msdn.microsoft.com/library/windows/desktop/ff919712.aspx", + "https://technet.microsoft.com/library/dn408187.aspx" ] }, "related": [ @@ -10724,8 +10724,8 @@ "external_id": "T1187", "refs": [ "https://attack.mitre.org/mitigations/T1187", - "https://www.us-cert.gov/ncas/current-activity/2017/01/16/SMB-Security-Best-Practices", - "https://www.us-cert.gov/ncas/alerts/TA17-293A" + "https://www.us-cert.gov/ncas/alerts/TA17-293A", + "https://www.us-cert.gov/ncas/current-activity/2017/01/16/SMB-Security-Best-Practices" ] }, "related": [ @@ -10745,10 +10745,10 @@ "meta": { "external_id": "T1197", "refs": [ - "https://attack.mitre.org/mitigations/T1197", "https://arstechnica.com/information-technology/2007/05/malware-piggybacks-on-windows-background-intelligent-transfer-service/", - "https://www.symantec.com/connect/blogs/malware-update-windows-update", - "https://msdn.microsoft.com/library/windows/desktop/bb968799.aspx" + "https://attack.mitre.org/mitigations/T1197", + "https://msdn.microsoft.com/library/windows/desktop/bb968799.aspx", + "https://www.symantec.com/connect/blogs/malware-update-windows-update" ] }, "related": [ @@ -10808,11 +10808,11 @@ "meta": { "external_id": "T1496", "refs": [ - "https://attack.mitre.org/mitigations/T1496", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1496", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -10833,13 +10833,13 @@ "meta": { "external_id": "T1488", "refs": [ - "https://attack.mitre.org/mitigations/T1488", - "https://www.ready.gov/business/implementation/IT", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", - "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", - "https://technet.microsoft.com/en-us/library/ee791851.aspx" + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1488", + "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", + "https://technet.microsoft.com/en-us/library/ee791851.aspx", + "https://www.ready.gov/business/implementation/IT" ] }, "related": [ @@ -10851,14 +10851,14 @@ "type": "mitigates" }, { - "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", + "dest-uuid": "b82f7d37-b826-4ec9-9391-8e121c78aed7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "b82f7d37-b826-4ec9-9391-8e121c78aed7", + "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -10897,48 +10897,6 @@ ] }, "related": [ - { - "dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d4b96d2c-1032-4b22-9235-2b5b649d0605", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "327f3cc5-eea1-42d4-a6cd-ed34b7ce8f61", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "7decb26c-715c-40cf-b7e0-026f7d7cc215", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "b8017880-4b1e-42de-ad10-ae7ac6705166", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "06c00069-771a-4d57-8ef5-d3718c1a8771", "tags": [ @@ -10946,41 +10904,6 @@ ], "type": "mitigates" }, - { - "dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "fa44a152-ac48-441e-a524-dd7b04b8adcd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "954a1639-f2d6-407d-aef3-4917622ca493", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "e01be9c5-e763-4caf-aeb7-000b416aef67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119", "tags": [ @@ -10989,42 +10912,7 @@ "type": "mitigates" }, { - "dest-uuid": "d245808a-7086-4310-984a-a84aaaa43f8f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "2dbbdcd5-92cf-44c0-aea2-fe24783a6bc3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "e74de37c-a829-446c-937d-56a44f0e9306", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "8a2f40cf-8325-47f9-96e4-b1ca4c7389bd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", + "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11037,27 +10925,6 @@ ], "type": "mitigates" }, - { - "dest-uuid": "4ffc1794-ec3b-45be-9e52-42dbcb2af2de", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "1608f3e1-598a-42f4-a01a-2e252e81728f", "tags": [ @@ -11066,7 +10933,77 @@ "type": "mitigates" }, { - "dest-uuid": "ae7f3575-0a5e-427e-991b-fe03ad44c754", + "dest-uuid": "1d24cdee-9ea2-4189-b08e-af110bf2435d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "2dbbdcd5-92cf-44c0-aea2-fe24783a6bc3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "327f3cc5-eea1-42d4-a6cd-ed34b7ce8f61", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "3298ce88-1628-43b1-87d9-0b5336b193d7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "4ffc1794-ec3b-45be-9e52-42dbcb2af2de", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "51dea151-0898-4a45-967c-3ebee0420484", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "54a649ff-439a-41a4-9856-8d144a2551ba", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11080,14 +11017,56 @@ "type": "mitigates" }, { - "dest-uuid": "cff94884-3b1c-4987-a70b-6d5643c621c3", + "dest-uuid": "7decb26c-715c-40cf-b7e0-026f7d7cc215", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "1d24cdee-9ea2-4189-b08e-af110bf2435d", + "dest-uuid": "8a2f40cf-8325-47f9-96e4-b1ca4c7389bd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "92a78814-b191-47ca-909c-1ccfe3777414", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "954a1639-f2d6-407d-aef3-4917622ca493", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "a009cb25-4801-4116-9105-80a91cf15c1b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ae7f3575-0a5e-427e-991b-fe03ad44c754", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11108,56 +11087,56 @@ "type": "mitigates" }, { - "dest-uuid": "54a649ff-439a-41a4-9856-8d144a2551ba", + "dest-uuid": "b8017880-4b1e-42de-ad10-ae7ac6705166", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "3298ce88-1628-43b1-87d9-0b5336b193d7", + "dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "92a78814-b191-47ca-909c-1ccfe3777414", + "dest-uuid": "cff94884-3b1c-4987-a70b-6d5643c621c3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "51dea151-0898-4a45-967c-3ebee0420484", + "dest-uuid": "d245808a-7086-4310-984a-a84aaaa43f8f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c", + "dest-uuid": "d4b96d2c-1032-4b22-9235-2b5b649d0605", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "fc74ba38-dc98-461f-8611-b3dbf9978e3d", + "dest-uuid": "e01be9c5-e763-4caf-aeb7-000b416aef67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "a009cb25-4801-4116-9105-80a91cf15c1b", + "dest-uuid": "e74de37c-a829-446c-937d-56a44f0e9306", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11169,6 +11148,27 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" + }, + { + "dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "fa44a152-ac48-441e-a524-dd7b04b8adcd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "fc74ba38-dc98-461f-8611-b3dbf9978e3d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" } ], "uuid": "b045d015-6bed-4490-bd38-56b41ece59a0", @@ -11204,7 +11204,7 @@ }, "related": [ { - "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", + "dest-uuid": "1ce03c65-5946-4ac9-9d4d-66db87e024bd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11218,7 +11218,7 @@ "type": "mitigates" }, { - "dest-uuid": "ca9d3402-ada3-484d-876a-d717bd6e05f2", + "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11232,14 +11232,14 @@ "type": "mitigates" }, { - "dest-uuid": "1ce03c65-5946-4ac9-9d4d-66db87e024bd", + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "dest-uuid": "ca9d3402-ada3-484d-876a-d717bd6e05f2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11279,7 +11279,7 @@ }, "related": [ { - "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", + "dest-uuid": "27f483c6-6666-44fa-8532-ffd5fc7dab38", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11293,42 +11293,7 @@ "type": "mitigates" }, { - "dest-uuid": "a0464539-e1b7-4455-a355-12495987c300", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "b332a960-3c04-495a-827f-f17a5daed3a6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "fd339382-bfec-4bf0-8d47-1caedc9e7e57", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "dfe29258-ce59-421c-9dee-e85cb9fa90cd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "ef771e03-e080-43b4-a619-ac6f84899884", + "dest-uuid": "2d646840-f6f5-4619-a5a8-29c8316bbac5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11342,21 +11307,7 @@ "type": "mitigates" }, { - "dest-uuid": "667e5707-3843-4da8-bd34-88b922526f0d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "2d646840-f6f5-4619-a5a8-29c8316bbac5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "88932a8c-3a17-406f-9431-1da3ff19f6d6", + "dest-uuid": "3b0b604f-10db-41a0-b54c-493124d455b9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11370,21 +11321,21 @@ "type": "mitigates" }, { - "dest-uuid": "c5089859-b21f-40a3-8be4-63e381b8b1c0", + "dest-uuid": "667e5707-3843-4da8-bd34-88b922526f0d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "f1c3d071-0c24-483d-aca0-e8b8496ce468", + "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "3b0b604f-10db-41a0-b54c-493124d455b9", + "dest-uuid": "88932a8c-3a17-406f-9431-1da3ff19f6d6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11397,6 +11348,27 @@ ], "type": "mitigates" }, + { + "dest-uuid": "a0464539-e1b7-4455-a355-12495987c300", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "b332a960-3c04-495a-827f-f17a5daed3a6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "c5089859-b21f-40a3-8be4-63e381b8b1c0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "d3bc5020-f6a2-41c0-8ccb-5e563101b60c", "tags": [ @@ -11405,7 +11377,35 @@ "type": "mitigates" }, { - "dest-uuid": "27f483c6-6666-44fa-8532-ffd5fc7dab38", + "dest-uuid": "dfe29258-ce59-421c-9dee-e85cb9fa90cd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ef771e03-e080-43b4-a619-ac6f84899884", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f1c3d071-0c24-483d-aca0-e8b8496ce468", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "fd339382-bfec-4bf0-8d47-1caedc9e7e57", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11424,13 +11424,6 @@ ] }, "related": [ - { - "dest-uuid": "c5089859-b21f-40a3-8be4-63e381b8b1c0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "46d818a5-67fa-4585-a7fc-ecf15376c8d5", "tags": [ @@ -11444,6 +11437,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" + }, + { + "dest-uuid": "c5089859-b21f-40a3-8be4-63e381b8b1c0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" } ], "uuid": "8ccd428d-39da-4e8f-a55b-d48ea1d56e58", @@ -11459,105 +11459,7 @@ }, "related": [ { - "dest-uuid": "327f3cc5-eea1-42d4-a6cd-ed34b7ce8f61", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "804c042c-cfe6-449e-bc1a-ba0a998a70db", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "0ad7bc5c-235a-4048-944b-3b286676cb74", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "7610cada-1499-41a4-b3dd-46467b68d177", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "a009cb25-4801-4116-9105-80a91cf15c1b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "79a4052e-1a89-4b09-aea6-51f1d11fe19c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "ac9e6b22-11bf-45d7-9181-c1cb08360931", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "e0033c16-a07e-48aa-8204-7c3ca669998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "51dea151-0898-4a45-967c-3ebee0420484", + "dest-uuid": "035bb001-ab69-4a0b-9f6c-2de8b09e1b9d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11571,35 +11473,28 @@ "type": "mitigates" }, { - "dest-uuid": "92a78814-b191-47ca-909c-1ccfe3777414", + "dest-uuid": "0ad7bc5c-235a-4048-944b-3b286676cb74", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "650c784b-7504-4df7-ab2c-4ea882384d1e", + "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", + "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "56ff457d-5e39-492b-974c-dfd2b8603ffe", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "8a2f40cf-8325-47f9-96e4-b1ca4c7389bd", + "dest-uuid": "327f3cc5-eea1-42d4-a6cd-ed34b7ce8f61", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11612,48 +11507,6 @@ ], "type": "mitigates" }, - { - "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "772bc7a8-a157-42cc-8728-d648e25c7fe7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "800f9819-7007-4540-a520-40e655876800", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "56e0d8b8-3e25-49dd-9050-3aa252f5aa92", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f8ef3a62-3f44-40a4-abca-761ab235c436", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", "tags": [ @@ -11662,56 +11515,7 @@ "type": "mitigates" }, { - "dest-uuid": "767dbf9e-df3f-45cb-8998-4903ab5f80c0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "ee7ff928-801c-4f34-8a99-3df965e581a5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "ca205a36-c1ad-488b-aa6c-ab34bdd3a36b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "035bb001-ab69-4a0b-9f6c-2de8b09e1b9d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "e01be9c5-e763-4caf-aeb7-000b416aef67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "a19e86f8-1c0a-4fea-8407-23b73d615776", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "9fa07bef-9c81-421e-a8e5-ad4366c5a925", + "dest-uuid": "51dea151-0898-4a45-967c-3ebee0420484", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11725,21 +11529,21 @@ "type": "mitigates" }, { - "dest-uuid": "c3bce4f4-9795-46c6-976e-8676300bbc39", + "dest-uuid": "56e0d8b8-3e25-49dd-9050-3aa252f5aa92", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", + "dest-uuid": "56ff457d-5e39-492b-974c-dfd2b8603ffe", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27", + "dest-uuid": "5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11753,7 +11557,7 @@ "type": "mitigates" }, { - "dest-uuid": "8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5", + "dest-uuid": "650c784b-7504-4df7-ab2c-4ea882384d1e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11767,7 +11571,203 @@ "type": "mitigates" }, { - "dest-uuid": "5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5", + "dest-uuid": "7610cada-1499-41a4-b3dd-46467b68d177", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "767dbf9e-df3f-45cb-8998-4903ab5f80c0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "772bc7a8-a157-42cc-8728-d648e25c7fe7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "79a4052e-1a89-4b09-aea6-51f1d11fe19c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "800f9819-7007-4540-a520-40e655876800", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "804c042c-cfe6-449e-bc1a-ba0a998a70db", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "8a2f40cf-8325-47f9-96e4-b1ca4c7389bd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "92a78814-b191-47ca-909c-1ccfe3777414", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "9fa07bef-9c81-421e-a8e5-ad4366c5a925", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "a009cb25-4801-4116-9105-80a91cf15c1b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "a19e86f8-1c0a-4fea-8407-23b73d615776", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ac9e6b22-11bf-45d7-9181-c1cb08360931", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "c3bce4f4-9795-46c6-976e-8676300bbc39", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ca205a36-c1ad-488b-aa6c-ab34bdd3a36b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "e0033c16-a07e-48aa-8204-7c3ca669998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "e01be9c5-e763-4caf-aeb7-000b416aef67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ee7ff928-801c-4f34-8a99-3df965e581a5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f8ef3a62-3f44-40a4-abca-761ab235c436", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11787,42 +11787,14 @@ }, "related": [ { - "dest-uuid": "2204c371-6100-4ae0-82f3-25c07c29772a", + "dest-uuid": "039bc59c-ecc7-4997-b2b4-4ab728bd91aa", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "82f04b1e-5371-4a6f-be06-411f0f43b483", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "62adb627-f647-498e-b4cc-41499361bacb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f981d199-2720-467e-9dc9-eea04dbe05cf", + "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11836,56 +11808,14 @@ "type": "mitigates" }, { - "dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a", + "dest-uuid": "2204c371-6100-4ae0-82f3-25c07c29772a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "ef771e03-e080-43b4-a619-ac6f84899884", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "dd818ea5-adf5-41c7-93b5-f3b839a219fb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "351c0927-2fc1-4a2c-ad84-cbbee7eb8172", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "3b0b604f-10db-41a0-b54c-493124d455b9", + "dest-uuid": "27f483c6-6666-44fa-8532-ffd5fc7dab38", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11899,7 +11829,77 @@ "type": "mitigates" }, { - "dest-uuid": "c4b96c0b-cb58-497a-a1c2-bb447d79d692", + "dest-uuid": "2bb20118-e6c0-41dc-a07c-283ea4dd0fb8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "2f0e8d80-4b8b-4f4a-b5cc-132afe7e057d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "351c0927-2fc1-4a2c-ad84-cbbee7eb8172", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "351ddf79-2d3a-41b4-9bef-82ea5d3ccd69", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "3b0b604f-10db-41a0-b54c-493124d455b9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "3dd58c80-4c2e-458c-9503-1b2cd273c4d2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "52eff1c7-dd30-4121-b762-24ae6fa61bbb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "62adb627-f647-498e-b4cc-41499361bacb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11913,21 +11913,63 @@ "type": "mitigates" }, { - "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", + "dest-uuid": "702055ac-4e54-4ae9-9527-e23a38e0b160", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "dest-uuid": "73c26732-6422-4081-8b63-6d0ae93d449e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", + "dest-uuid": "77e30eee-fd48-40b4-99ec-73e97c158b58", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "786f488c-cb1f-4602-89c5-86d982ee326b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "8197f026-64da-4700-93b9-b55ba55f3b31", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "82f04b1e-5371-4a6f-be06-411f0f43b483", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "8c7862ff-3449-4ac6-b0fd-ac1298a822a5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "8e27551a-5080-4148-a584-c64348212e4f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11947,27 +11989,6 @@ ], "type": "mitigates" }, - { - "dest-uuid": "77e30eee-fd48-40b4-99ec-73e97c158b58", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d9e88203-2b5d-405f-a406-2933b1e3d7e4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d731c21e-f27d-4756-b418-0e2aaabd6d63", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "948a447c-d783-4ba0-8516-a64140fcacd5", "tags": [ @@ -11976,7 +11997,7 @@ "type": "mitigates" }, { - "dest-uuid": "d1f1337e-aea7-454c-86bd-482a98ffaf62", + "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11996,118 +12017,6 @@ ], "type": "mitigates" }, - { - "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "702055ac-4e54-4ae9-9527-e23a38e0b160", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "786f488c-cb1f-4602-89c5-86d982ee326b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "73c26732-6422-4081-8b63-6d0ae93d449e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "e399430e-30b7-48c5-b70a-f44dc8c175cb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "3dd58c80-4c2e-458c-9503-1b2cd273c4d2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "039bc59c-ecc7-4997-b2b4-4ab728bd91aa", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "2bb20118-e6c0-41dc-a07c-283ea4dd0fb8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "52eff1c7-dd30-4121-b762-24ae6fa61bbb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "8c7862ff-3449-4ac6-b0fd-ac1298a822a5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d3bc5020-f6a2-41c0-8ccb-5e563101b60c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "27f483c6-6666-44fa-8532-ffd5fc7dab38", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "8e27551a-5080-4148-a584-c64348212e4f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "8197f026-64da-4700-93b9-b55ba55f3b31", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "b327a9c0-e709-495c-aa6e-00b042136e2b", "tags": [ @@ -12116,14 +12025,7 @@ "type": "mitigates" }, { - "dest-uuid": "e083305c-49e7-4c87-aae8-9689213bffbe", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "351ddf79-2d3a-41b4-9bef-82ea5d3ccd69", + "dest-uuid": "c4b96c0b-cb58-497a-a1c2-bb447d79d692", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -12137,7 +12039,105 @@ "type": "mitigates" }, { - "dest-uuid": "2f0e8d80-4b8b-4f4a-b5cc-132afe7e057d", + "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d1f1337e-aea7-454c-86bd-482a98ffaf62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d3bc5020-f6a2-41c0-8ccb-5e563101b60c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d731c21e-f27d-4756-b418-0e2aaabd6d63", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d9e88203-2b5d-405f-a406-2933b1e3d7e4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "dd818ea5-adf5-41c7-93b5-f3b839a219fb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "e083305c-49e7-4c87-aae8-9689213bffbe", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "e399430e-30b7-48c5-b70a-f44dc8c175cb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ef771e03-e080-43b4-a619-ac6f84899884", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f981d199-2720-467e-9dc9-eea04dbe05cf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -12163,27 +12163,6 @@ ], "type": "mitigates" }, - { - "dest-uuid": "9c306d8d-cde7-4b4c-b6e8-d0bb16caca36", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "246fd3c7-f5e3-466d-8787-4c13d9e3b61c", "tags": [ @@ -12192,28 +12171,7 @@ "type": "mitigates" }, { - "dest-uuid": "fe926152-f431-4baf-956c-4ad3cb0bf23b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "68f7e3a1-f09f-4164-9a62-16b648a0dd5a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", + "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -12233,6 +12191,34 @@ ], "type": "mitigates" }, + { + "dest-uuid": "68f7e3a1-f09f-4164-9a62-16b648a0dd5a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "9c306d8d-cde7-4b4c-b6e8-d0bb16caca36", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", "tags": [ @@ -12241,7 +12227,21 @@ "type": "mitigates" }, { - "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "fe926152-f431-4baf-956c-4ad3cb0bf23b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -12260,55 +12260,6 @@ ] }, "related": [ - { - "dest-uuid": "73c26732-6422-4081-8b63-6d0ae93d449e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d1f1337e-aea7-454c-86bd-482a98ffaf62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "a8c31121-852b-46bd-9ba4-674ae5afe7ad", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "a0464539-e1b7-4455-a355-12495987c300", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "0c71033e-401e-4b97-9309-7a7c95e43a5d", "tags": [ @@ -12317,21 +12268,14 @@ "type": "mitigates" }, { - "dest-uuid": "cde2cb84-455e-410c-8aa9-086f2788bcd2", + "dest-uuid": "351ddf79-2d3a-41b4-9bef-82ea5d3ccd69", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "667e5707-3843-4da8-bd34-88b922526f0d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "6f86d346-f092-4abc-80df-8558a90c426a", + "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -12351,6 +12295,41 @@ ], "type": "mitigates" }, + { + "dest-uuid": "667e5707-3843-4da8-bd34-88b922526f0d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "6f86d346-f092-4abc-80df-8558a90c426a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "73c26732-6422-4081-8b63-6d0ae93d449e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "8197f026-64da-4700-93b9-b55ba55f3b31", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "82f04b1e-5371-4a6f-be06-411f0f43b483", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "8c7862ff-3449-4ac6-b0fd-ac1298a822a5", "tags": [ @@ -12366,7 +12345,28 @@ "type": "mitigates" }, { - "dest-uuid": "8197f026-64da-4700-93b9-b55ba55f3b31", + "dest-uuid": "a0464539-e1b7-4455-a355-12495987c300", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "a64a820a-cb21-471f-920c-506a2ff04fa5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "a8c31121-852b-46bd-9ba4-674ae5afe7ad", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -12380,21 +12380,21 @@ "type": "mitigates" }, { - "dest-uuid": "82f04b1e-5371-4a6f-be06-411f0f43b483", + "dest-uuid": "cde2cb84-455e-410c-8aa9-086f2788bcd2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "351ddf79-2d3a-41b4-9bef-82ea5d3ccd69", + "dest-uuid": "d1f1337e-aea7-454c-86bd-482a98ffaf62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "a64a820a-cb21-471f-920c-506a2ff04fa5", + "dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -12413,34 +12413,6 @@ ] }, "related": [ - { - "dest-uuid": "667e5707-3843-4da8-bd34-88b922526f0d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "633baf01-6de4-4963-bb54-ff6c6357bed3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "dfe29258-ce59-421c-9dee-e85cb9fa90cd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "2204c371-6100-4ae0-82f3-25c07c29772a", "tags": [ @@ -12448,27 +12420,6 @@ ], "type": "mitigates" }, - { - "dest-uuid": "a8c31121-852b-46bd-9ba4-674ae5afe7ad", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "73c26732-6422-4081-8b63-6d0ae93d449e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d1f1337e-aea7-454c-86bd-482a98ffaf62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "39dd7871-f59b-495f-a9a5-3cb8cc50c9b2", "tags": [ @@ -12482,6 +12433,55 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" + }, + { + "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "633baf01-6de4-4963-bb54-ff6c6357bed3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "667e5707-3843-4da8-bd34-88b922526f0d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "73c26732-6422-4081-8b63-6d0ae93d449e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "a8c31121-852b-46bd-9ba4-674ae5afe7ad", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d1f1337e-aea7-454c-86bd-482a98ffaf62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "dfe29258-ce59-421c-9dee-e85cb9fa90cd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" } ], "uuid": "649f7268-4c12-483b-ac84-4b7bca9fe2ee", @@ -12520,11 +12520,11 @@ "meta": { "external_id": "T1014", "refs": [ - "https://attack.mitre.org/mitigations/T1014", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", - "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1014", + "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -12550,77 +12550,7 @@ }, "related": [ { - "dest-uuid": "b2001907-166b-4d71-bb3c-9d26c871de09", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "3d1b9d7e-3921-4d25-845a-7d9f15c0da44", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "7c93aa74-4bc0-4a9e-90ea-f25f86301566", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "2c4d4e92-0ccf-4a97-b54c-86d662988a53", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "cc89ecbd-3d33-4a41-bcca-001e702d18fd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "bd369cd9-abb8-41ce-b5bb-fff23ee86c00", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f5bb433e-bdf6-4781-84bc-35e97e43be89", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "315f51f0-6b03-4c1e-bfb2-84740afb8e21", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "c16e5409-ee53-4d79-afdc-4099dc9292df", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "9c306d8d-cde7-4b4c-b6e8-d0bb16caca36", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "c23b740b-a42b-47a1-aec2-9d48ddd547ff", + "dest-uuid": "09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -12634,7 +12564,35 @@ "type": "mitigates" }, { - "dest-uuid": "52759bf1-fe12-4052-ace6-c5b0cf7dd7fd", + "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "16ab6452-c3c1-497c-a47d-206018ca1ada", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "191cc6af-1bb2-4344-ab5f-28e496638720", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "2c4d4e92-0ccf-4a97-b54c-86d662988a53", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "315f51f0-6b03-4c1e-bfb2-84740afb8e21", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -12647,6 +12605,34 @@ ], "type": "mitigates" }, + { + "dest-uuid": "327f3cc5-eea1-42d4-a6cd-ed34b7ce8f61", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "389735f1-f21c-4208-b8f0-f8031e7169b8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "3d1b9d7e-3921-4d25-845a-7d9f15c0da44", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "3f18edba-28f4-4bb9-82c3-8aa60dcac5f7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", "tags": [ @@ -12661,13 +12647,6 @@ ], "type": "mitigates" }, - { - "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "435dfb86-2697-4867-85b5-2fef496c0517", "tags": [ @@ -12676,63 +12655,7 @@ "type": "mitigates" }, { - "dest-uuid": "389735f1-f21c-4208-b8f0-f8031e7169b8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "ee7ff928-801c-4f34-8a99-3df965e581a5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "fe926152-f431-4baf-956c-4ad3cb0bf23b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "92a78814-b191-47ca-909c-1ccfe3777414", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "bf147104-abf9-4221-95d1-e81585859441", + "dest-uuid": "52759bf1-fe12-4052-ace6-c5b0cf7dd7fd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -12746,14 +12669,14 @@ "type": "mitigates" }, { - "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", + "dest-uuid": "791481f8-e96a-41be-b089-a088763083d4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "8d7bd4f5-3a89-4453-9c82-2c8894d5655e", + "dest-uuid": "7c93aa74-4bc0-4a9e-90ea-f25f86301566", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -12767,14 +12690,28 @@ "type": "mitigates" }, { - "dest-uuid": "3f18edba-28f4-4bb9-82c3-8aa60dcac5f7", + "dest-uuid": "8d7bd4f5-3a89-4453-9c82-2c8894d5655e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "16ab6452-c3c1-497c-a47d-206018ca1ada", + "dest-uuid": "92a78814-b191-47ca-909c-1ccfe3777414", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "9c306d8d-cde7-4b4c-b6e8-d0bb16caca36", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -12788,7 +12725,63 @@ "type": "mitigates" }, { - "dest-uuid": "791481f8-e96a-41be-b089-a088763083d4", + "dest-uuid": "aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "b2001907-166b-4d71-bb3c-9d26c871de09", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "bd369cd9-abb8-41ce-b5bb-fff23ee86c00", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "bf147104-abf9-4221-95d1-e81585859441", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "c16e5409-ee53-4d79-afdc-4099dc9292df", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "c23b740b-a42b-47a1-aec2-9d48ddd547ff", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "cc89ecbd-3d33-4a41-bcca-001e702d18fd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -12809,14 +12802,21 @@ "type": "mitigates" }, { - "dest-uuid": "327f3cc5-eea1-42d4-a6cd-ed34b7ce8f61", + "dest-uuid": "ee7ff928-801c-4f34-8a99-3df965e581a5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "191cc6af-1bb2-4344-ab5f-28e496638720", + "dest-uuid": "f5bb433e-bdf6-4781-84bc-35e97e43be89", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "fe926152-f431-4baf-956c-4ad3cb0bf23b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -12835,20 +12835,6 @@ ] }, "related": [ - { - "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "bd369cd9-abb8-41ce-b5bb-fff23ee86c00", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "191cc6af-1bb2-4344-ab5f-28e496638720", "tags": [ @@ -12869,6 +12855,20 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" + }, + { + "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "bd369cd9-abb8-41ce-b5bb-fff23ee86c00", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" } ], "uuid": "15437c6d-b998-4a36-be41-4ace3d54d266", @@ -12903,146 +12903,6 @@ ] }, "related": [ - { - "dest-uuid": "cabe189c-a0e3-4965-a473-dcff00f17213", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "954a1639-f2d6-407d-aef3-4917622ca493", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "0c4b4fda-9062-47da-98b9-ceae2dcf052a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "91ce1ede-107f-4d8b-bf4c-735e8789c94b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "435dfb86-2697-4867-85b5-2fef496c0517", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "2d3f5b3c-54ca-4f4d-bb1f-849346d31230", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f870408c-b1cd-49c7-a5c7-0ef0fc496cc6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "11f29a39-0942-4d62-92b6-fe236cf3066e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "389735f1-f21c-4208-b8f0-f8031e7169b8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "e5cc9e7a-e61a-46a1-b869-55fb6eab058e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f232fa7a-025c-4d43-abc7-318e81a73d65", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "890c9858-598c-401d-a4d5-c67ebcdd703a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "6add2ab5-2711-4e9d-87c8-7a0be8531530", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "b0c74ef9-c61e-4986-88cb-78da98a355ec", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "8982a661-d84c-48c0-b4ec-1db29c6cf3bc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "035bb001-ab69-4a0b-9f6c-2de8b09e1b9d", "tags": [ @@ -13050,90 +12910,6 @@ ], "type": "mitigates" }, - { - "dest-uuid": "a62a8db3-f23a-4d8f-afd6-9dbc77e7813b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "a2029942-0a85-4947-b23c-ca434698171d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "544b0346-29ad-41e1-a808-501bb4193f47", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "6a3be63a-64c5-4678-a036-03ff8fc35300", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "cca0ccb6-a068-4574-a722-b1556f86833a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "20138b9d-1aac-4a26-8654-a36b6bbf2bba", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "6aac77c4-eaf2-4366-8c13-ce50ab951f38", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d3df754e-997b-4cf9-97d4-70feb3120847", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", "tags": [ @@ -13142,56 +12918,7 @@ "type": "mitigates" }, { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "dd43c543-bb85-4a6f-aa6e-160d90d06a49", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "ba8e391f-14b5-496f-81f2-2d5ecd646c1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "7ad38ef1-381a-406d-872a-38b136eb5ecc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "92a78814-b191-47ca-909c-1ccfe3777414", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "dest-uuid": "0c4b4fda-9062-47da-98b9-ceae2dcf052a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -13205,7 +12932,266 @@ "type": "mitigates" }, { - "dest-uuid": "f6ad61ee-65f3-4bd0-a3f5-2f0accb36317", + "dest-uuid": "11f29a39-0942-4d62-92b6-fe236cf3066e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "20138b9d-1aac-4a26-8654-a36b6bbf2bba", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "2d3f5b3c-54ca-4f4d-bb1f-849346d31230", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "389735f1-f21c-4208-b8f0-f8031e7169b8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "435dfb86-2697-4867-85b5-2fef496c0517", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "544b0346-29ad-41e1-a808-501bb4193f47", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "6a3be63a-64c5-4678-a036-03ff8fc35300", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "6aac77c4-eaf2-4366-8c13-ce50ab951f38", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "6add2ab5-2711-4e9d-87c8-7a0be8531530", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "7ad38ef1-381a-406d-872a-38b136eb5ecc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "890c9858-598c-401d-a4d5-c67ebcdd703a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "8982a661-d84c-48c0-b4ec-1db29c6cf3bc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "91ce1ede-107f-4d8b-bf4c-735e8789c94b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "92a78814-b191-47ca-909c-1ccfe3777414", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "954a1639-f2d6-407d-aef3-4917622ca493", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "a2029942-0a85-4947-b23c-ca434698171d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "a62a8db3-f23a-4d8f-afd6-9dbc77e7813b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "b0c74ef9-c61e-4986-88cb-78da98a355ec", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ba8e391f-14b5-496f-81f2-2d5ecd646c1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "cabe189c-a0e3-4965-a473-dcff00f17213", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "cca0ccb6-a068-4574-a722-b1556f86833a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "cff94884-3b1c-4987-a70b-6d5643c621c3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d3df754e-997b-4cf9-97d4-70feb3120847", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "dd43c543-bb85-4a6f-aa6e-160d90d06a49", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "e5cc9e7a-e61a-46a1-b869-55fb6eab058e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -13219,7 +13205,21 @@ "type": "mitigates" }, { - "dest-uuid": "cff94884-3b1c-4987-a70b-6d5643c621c3", + "dest-uuid": "f232fa7a-025c-4d43-abc7-318e81a73d65", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f6ad61ee-65f3-4bd0-a3f5-2f0accb36317", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f870408c-b1cd-49c7-a5c7-0ef0fc496cc6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -13320,34 +13320,6 @@ ] }, "related": [ - { - "dest-uuid": "b8017880-4b1e-42de-ad10-ae7ac6705166", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "435dfb86-2697-4867-85b5-2fef496c0517", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "b2d03cea-aec1-45ca-9744-9ee583c1e1cc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119", "tags": [ @@ -13356,182 +13328,7 @@ "type": "mitigates" }, { - "dest-uuid": "3120b9fa-23b8-4500-ae73-09494f607b7d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "92a78814-b191-47ca-909c-1ccfe3777414", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "b6075259-dba3-44e9-87c7-e954f37ec0d5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "6151cbea-819b-455a-9fa6-99a1cc58797d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "4ffc1794-ec3b-45be-9e52-42dbcb2af2de", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "7b211ac6-c815-4189-93a9-ab415deca926", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "315f51f0-6b03-4c1e-bfb2-84740afb8e21", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "2edd9d6a-5674-4326-a600-ba56de467286", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f2877f7f-9a4c-4251-879f-1224e3006bee", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d245808a-7086-4310-984a-a84aaaa43f8f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d50955c2-272d-4ac8-95da-10c29dda1c48", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "4d2a5b3e-340d-4600-9123-309dd63c9bf8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d273434a-448e-4598-8e14-607f4a0d5e27", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d4bdbdea-eaec-4071-b4f9-5105e12ea4b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "9e09ddb2-1746-4448-9cad-7f8b41777d6d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "fdc47f44-dd32-4b99-af5f-209f556f63c2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "c1b11bf7-c68e-4fbf-a95b-28efbe7953bb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "4579d9c9-d5b9-45e0-9848-0104637b579f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "c23b740b-a42b-47a1-aec2-9d48ddd547ff", + "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -13545,14 +13342,49 @@ "type": "mitigates" }, { - "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", + "dest-uuid": "1d24cdee-9ea2-4189-b08e-af110bf2435d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "fc74ba38-dc98-461f-8611-b3dbf9978e3d", + "dest-uuid": "1eaebf46-e361-4437-bc23-d5d65a3b92e3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "2edd9d6a-5674-4326-a600-ba56de467286", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "3120b9fa-23b8-4500-ae73-09494f607b7d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "315f51f0-6b03-4c1e-bfb2-84740afb8e21", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "341e222a-a6e3-4f6f-b69c-831d792b1580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -13573,105 +13405,42 @@ "type": "mitigates" }, { - "dest-uuid": "ffe742ed-9100-4686-9e00-c331da544787", + "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "b77cf5f3-6060-475d-bd60-40ccbf28fdc2", + "dest-uuid": "435dfb86-2697-4867-85b5-2fef496c0517", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84", + "dest-uuid": "4579d9c9-d5b9-45e0-9848-0104637b579f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "dest-uuid": "4d2a5b3e-340d-4600-9123-309dd63c9bf8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "341e222a-a6e3-4f6f-b69c-831d792b1580", + "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "ae7f3575-0a5e-427e-991b-fe03ad44c754", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f303a39a-6255-4b89-aecc-18c4d8ca7163", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "1eaebf46-e361-4437-bc23-d5d65a3b92e3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "1d24cdee-9ea2-4189-b08e-af110bf2435d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f232fa7a-025c-4d43-abc7-318e81a73d65", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "a257ed11-ff3b-4216-8c9d-3938ef57064c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "6add2ab5-2711-4e9d-87c8-7a0be8531530", + "dest-uuid": "4ffc1794-ec3b-45be-9e52-42dbcb2af2de", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -13684,6 +13453,111 @@ ], "type": "mitigates" }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "6151cbea-819b-455a-9fa6-99a1cc58797d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "6add2ab5-2711-4e9d-87c8-7a0be8531530", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "7b211ac6-c815-4189-93a9-ab415deca926", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "92a78814-b191-47ca-909c-1ccfe3777414", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "9e09ddb2-1746-4448-9cad-7f8b41777d6d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "a257ed11-ff3b-4216-8c9d-3938ef57064c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ae7f3575-0a5e-427e-991b-fe03ad44c754", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "b2d03cea-aec1-45ca-9744-9ee583c1e1cc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "b39d03cb-7b98-41c4-a878-c40c1a913dc0", "tags": [ @@ -13691,12 +13565,138 @@ ], "type": "mitigates" }, + { + "dest-uuid": "b6075259-dba3-44e9-87c7-e954f37ec0d5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "b77cf5f3-6060-475d-bd60-40ccbf28fdc2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "b8017880-4b1e-42de-ad10-ae7ac6705166", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "ba8e391f-14b5-496f-81f2-2d5ecd646c1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" + }, + { + "dest-uuid": "c1b11bf7-c68e-4fbf-a95b-28efbe7953bb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "c23b740b-a42b-47a1-aec2-9d48ddd547ff", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d245808a-7086-4310-984a-a84aaaa43f8f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d273434a-448e-4598-8e14-607f4a0d5e27", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d4bdbdea-eaec-4071-b4f9-5105e12ea4b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d50955c2-272d-4ac8-95da-10c29dda1c48", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f232fa7a-025c-4d43-abc7-318e81a73d65", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f2877f7f-9a4c-4251-879f-1224e3006bee", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f303a39a-6255-4b89-aecc-18c4d8ca7163", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "fc74ba38-dc98-461f-8611-b3dbf9978e3d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "fdc47f44-dd32-4b99-af5f-209f556f63c2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ffe742ed-9100-4686-9e00-c331da544787", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" } ], "uuid": "90c218c3-fbf8-4830-98a7-e8cfb7eaa485", @@ -13707,8 +13707,8 @@ "meta": { "external_id": "T1208", "refs": [ - "https://attack.mitre.org/mitigations/T1208", - "https://adsecurity.org/?p=2293" + "https://adsecurity.org/?p=2293", + "https://attack.mitre.org/mitigations/T1208" ] }, "related": [ @@ -13733,21 +13733,7 @@ }, "related": [ { - "dest-uuid": "fb640c43-aa6b-431e-a961-a279010424ac", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "5909f20f-3c39-4795-be06-ef1ea40d350b", + "dest-uuid": "0af0ca99-357d-4ba1-805f-674fdfb7bef9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -13761,14 +13747,28 @@ "type": "mitigates" }, { - "dest-uuid": "8c41090b-aa47-4331-986b-8c9a51a91103", + "dest-uuid": "1988cc35-ced8-4dad-b2d1-7628488fa967", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "b82f7d37-b826-4ec9-9391-8e121c78aed7", + "dest-uuid": "2e114e45-2c50-404c-804a-3af9564d240e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "5909f20f-3c39-4795-be06-ef1ea40d350b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "8c41090b-aa47-4331-986b-8c9a51a91103", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -13782,14 +13782,7 @@ "type": "mitigates" }, { - "dest-uuid": "1988cc35-ced8-4dad-b2d1-7628488fa967", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "0af0ca99-357d-4ba1-805f-674fdfb7bef9", + "dest-uuid": "b82f7d37-b826-4ec9-9391-8e121c78aed7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -13803,7 +13796,14 @@ "type": "mitigates" }, { - "dest-uuid": "2e114e45-2c50-404c-804a-3af9564d240e", + "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "fb640c43-aa6b-431e-a961-a279010424ac", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -13818,11 +13818,11 @@ "meta": { "external_id": "T1036", "refs": [ - "https://attack.mitre.org/mitigations/T1036", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", - "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1036", + "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, @@ -13847,55 +13847,6 @@ ] }, "related": [ - { - "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "a127c32c-cbb0-4f9d-be07-881a792408ec", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "101c3a64-9ba5-46c9-b573-5c501053cbca", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f6fe9070-7a65-49ea-ae72-76292f42cebe", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "389735f1-f21c-4208-b8f0-f8031e7169b8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ @@ -13903,307 +13854,6 @@ ], "type": "mitigates" }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "6836813e-8ec8-4375-b459-abb388cb1a35", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "0a5231ec-41af-4a35-83d0-6bdf11f28c65", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "317fefa6-46c7-4062-adb6-2008cf6bcb41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "b46a801b-fd98-491c-a25a-bca25d6e3001", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d21a2069-23d5-4043-ad6d-64f6b644cb1a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "04ef4356-8926-45e2-9441-634b6f3dcecb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "31a0a2ac-c67c-4a7e-b9ed-6a96477d4e8e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "6be14413-578e-46c1-8304-310762b3ecd5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "543fceb5-cb92-40cb-aacf-6913d4db58bc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "ffeb0780-356e-4261-b036-cfb6bd234335", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "514ede4c-78b3-4d78-a38b-daddf6217a79", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "246fd3c7-f5e3-466d-8787-4c13d9e3b61c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "46944654-fcc1-4f63-9dad-628102376586", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "633a100c-b2c9-41bf-9be5-905c1b16c825", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "457c7820-d331-465a-915e-42f85500ccc4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "1ce03c65-5946-4ac9-9d4d-66db87e024bd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "37b11151-1776-4f8f-b328-30939fbf2ceb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "7b50a1d3-4ca7-45d1-989d-a6503f04bfe1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "c92e3d68-2349-49e4-a341-7edca2deff96", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "7d6f590f-544b-45b4-9a42-e0805f342af3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "4ff5d6a8-c062-4c68-a778-36fc5edd564f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "70e52b04-2a0c-4cea-9d18-7149f1df9dc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "cc89ecbd-3d33-4a41-bcca-001e702d18fd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "ffbcfdb0-de22-4106-9ed3-fc23c8a01407", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "7e7c2fba-7cca-486c-9582-4c1bb2851961", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "10ff21b9-5a01-4268-a1b5-3b55015f1847", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "bf96a5a3-3bce-43b7-8597-88545984c07b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "ce4b7013-640e-48a9-b501-d0025a95f4bf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "a1b52199-c8c5-438a-9ded-656f1d0888c6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "2cd950a6-16c4-404a-aa01-044322395107", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "0c2d00da-7742-49e7-9928-4514e5075d32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "09cd431f-eaf4-4d2a-acaf-2a7acfe7ed58", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "04ee0cb7-dac3-4c6c-9387-4c6aa096f4cf", "tags": [ @@ -14212,28 +13862,49 @@ "type": "mitigates" }, { - "dest-uuid": "818302b2-d640-477b-bf88-873120ce85c4", + "dest-uuid": "04ef4356-8926-45e2-9441-634b6f3dcecb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "b84903f0-c7d5-435d-a69e-de47cc3578c0", + "dest-uuid": "09cd431f-eaf4-4d2a-acaf-2a7acfe7ed58", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "8df54627-376c-487c-a09c-7d2b5620f56e", + "dest-uuid": "0a5231ec-41af-4a35-83d0-6bdf11f28c65", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "2892b9ee-ca9f-4723-b332-0dc6e843a8ae", + "dest-uuid": "0c2d00da-7742-49e7-9928-4514e5075d32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "101c3a64-9ba5-46c9-b573-5c501053cbca", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "10ff21b9-5a01-4268-a1b5-3b55015f1847", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -14247,84 +13918,14 @@ "type": "mitigates" }, { - "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "f792d02f-813d-402b-86a5-ab98cb391d3b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "808e6329-ca91-4b87-ac2d-8eadc5f8f327", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "6fb6408c-0db3-41d9-a3a1-a32e5f16454e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "72b5ef57-325c-411b-93ca-a3ca6fa17e31", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "4cbc6a62-9e34-4f94-8a19-5c1a11392a49", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "b83e166d-13d7-4b52-8677-dff90c548fd7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "ff25900d-76d5-449b-a351-8824e62fc81b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "c4ad009b-6e13-4419-8d21-918a1652de02", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "9b99b83a-1aac-4e29-b975-b374950551a3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "a6937325-9321-4e2e-bb2b-3ed2d40b2a9d", + "dest-uuid": "1ce03c65-5946-4ac9-9d4d-66db87e024bd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -14338,49 +13939,105 @@ "type": "mitigates" }, { - "dest-uuid": "58af3705-8740-4c68-9329-ec015a7013c2", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", + "dest-uuid": "246fd3c7-f5e3-466d-8787-4c13d9e3b61c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "ebbe170d-aa74-4946-8511-9921243415a3", + "dest-uuid": "2892b9ee-ca9f-4723-b332-0dc6e843a8ae", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "c48a67ee-b657-45c1-91bf-6cdbe27205f8", + "dest-uuid": "2cd950a6-16c4-404a-aa01-044322395107", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "7d57b371-10c2-45e5-b3cc-83a8fb380e4c", + "dest-uuid": "317fefa6-46c7-4062-adb6-2008cf6bcb41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "b5327dd1-6bf9-4785-a199-25bcbd1f4a9d", + "dest-uuid": "31a0a2ac-c67c-4a7e-b9ed-6a96477d4e8e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "37b11151-1776-4f8f-b328-30939fbf2ceb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "389735f1-f21c-4208-b8f0-f8031e7169b8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "457c7820-d331-465a-915e-42f85500ccc4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "46944654-fcc1-4f63-9dad-628102376586", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "4a5b7ade-8bb5-4853-84ed-23f262002665", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -14394,7 +14051,42 @@ "type": "mitigates" }, { - "dest-uuid": "6e3bd510-6b33-41a4-af80-2d80f3ee0071", + "dest-uuid": "4cbc6a62-9e34-4f94-8a19-5c1a11392a49", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "4ff5d6a8-c062-4c68-a778-36fc5edd564f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "514ede4c-78b3-4d78-a38b-daddf6217a79", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "543fceb5-cb92-40cb-aacf-6913d4db58bc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "58af3705-8740-4c68-9329-ec015a7013c2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "633a100c-b2c9-41bf-9be5-905c1b16c825", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -14408,7 +14100,315 @@ "type": "mitigates" }, { - "dest-uuid": "4a5b7ade-8bb5-4853-84ed-23f262002665", + "dest-uuid": "6836813e-8ec8-4375-b459-abb388cb1a35", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "6be14413-578e-46c1-8304-310762b3ecd5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "6e3bd510-6b33-41a4-af80-2d80f3ee0071", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "6fb6408c-0db3-41d9-a3a1-a32e5f16454e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "70e52b04-2a0c-4cea-9d18-7149f1df9dc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "72b5ef57-325c-411b-93ca-a3ca6fa17e31", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "7b50a1d3-4ca7-45d1-989d-a6503f04bfe1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "7d57b371-10c2-45e5-b3cc-83a8fb380e4c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "7d6f590f-544b-45b4-9a42-e0805f342af3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "7e7c2fba-7cca-486c-9582-4c1bb2851961", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "808e6329-ca91-4b87-ac2d-8eadc5f8f327", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "818302b2-d640-477b-bf88-873120ce85c4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "8df54627-376c-487c-a09c-7d2b5620f56e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "9b99b83a-1aac-4e29-b975-b374950551a3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "a127c32c-cbb0-4f9d-be07-881a792408ec", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "a1b52199-c8c5-438a-9ded-656f1d0888c6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "a6937325-9321-4e2e-bb2b-3ed2d40b2a9d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "b46a801b-fd98-491c-a25a-bca25d6e3001", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "b5327dd1-6bf9-4785-a199-25bcbd1f4a9d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "b83e166d-13d7-4b52-8677-dff90c548fd7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "b84903f0-c7d5-435d-a69e-de47cc3578c0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "bf96a5a3-3bce-43b7-8597-88545984c07b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "c48a67ee-b657-45c1-91bf-6cdbe27205f8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "c4ad009b-6e13-4419-8d21-918a1652de02", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "c92e3d68-2349-49e4-a341-7edca2deff96", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "cc89ecbd-3d33-4a41-bcca-001e702d18fd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ce4b7013-640e-48a9-b501-d0025a95f4bf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d21a2069-23d5-4043-ad6d-64f6b644cb1a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ebbe170d-aa74-4946-8511-9921243415a3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f6fe9070-7a65-49ea-ae72-76292f42cebe", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f792d02f-813d-402b-86a5-ab98cb391d3b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ff25900d-76d5-449b-a351-8824e62fc81b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ffbcfdb0-de22-4106-9ed3-fc23c8a01407", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ffeb0780-356e-4261-b036-cfb6bd234335", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -14434,34 +14434,6 @@ ], "type": "mitigates" }, - { - "dest-uuid": "edbe24e9-aec4-4994-ac75-6a6bc7f1ddd0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "8982a661-d84c-48c0-b4ec-1db29c6cf3bc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "59bd0dec-f8b2-4b9a-9141-37a1e6899761", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "cca0ccb6-a068-4574-a722-b1556f86833a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3", "tags": [ @@ -14469,90 +14441,6 @@ ], "type": "mitigates" }, - { - "dest-uuid": "c3c8c916-2f3c-4e71-94b2-240bdfc996f0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "ee7ff928-801c-4f34-8a99-3df965e581a5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "b83e166d-13d7-4b52-8677-dff90c548fd7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "861b8fd2-57f3-4ee1-ab5d-c19c3b8c7a4a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "2d3f5b3c-54ca-4f4d-bb1f-849346d31230", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "2c4d4e92-0ccf-4a97-b54c-86d662988a53", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "74d2a63f-3c7b-4852-92da-02d8fbab16da", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d519cfd5-f3a8-43a9-a846-ed0bb40672b1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "315f51f0-6b03-4c1e-bfb2-84740afb8e21", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "a62a8db3-f23a-4d8f-afd6-9dbc77e7813b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "52759bf1-fe12-4052-ace6-c5b0cf7dd7fd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "10ffac09-e42d-4f56-ab20-db94c67d76ff", "tags": [ @@ -14560,34 +14448,6 @@ ], "type": "mitigates" }, - { - "dest-uuid": "acd0ba37-7ba9-4cc5-ac61-796586cd856d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "94cb00a4-b295-4d06-aa2b-5653b9c1be9c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", "tags": [ @@ -14595,27 +14455,6 @@ ], "type": "mitigates" }, - { - "dest-uuid": "723e3a2b-ca0d-4daa-ada8-82ea35d3733a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "c5e31fb5-fcbd-48a4-af8c-5a6ed5b932e5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "6a5848a8-6201-4a2c-8a6a-ca5af8c6f3df", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "28170e17-8384-415c-8486-2e6b294cb803", "tags": [ @@ -14623,12 +14462,173 @@ ], "type": "mitigates" }, + { + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "2c4d4e92-0ccf-4a97-b54c-86d662988a53", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "2d3f5b3c-54ca-4f4d-bb1f-849346d31230", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "315f51f0-6b03-4c1e-bfb2-84740afb8e21", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "52759bf1-fe12-4052-ace6-c5b0cf7dd7fd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "59bd0dec-f8b2-4b9a-9141-37a1e6899761", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "6a5848a8-6201-4a2c-8a6a-ca5af8c6f3df", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "723e3a2b-ca0d-4daa-ada8-82ea35d3733a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "74d2a63f-3c7b-4852-92da-02d8fbab16da", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "861b8fd2-57f3-4ee1-ab5d-c19c3b8c7a4a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "8982a661-d84c-48c0-b4ec-1db29c6cf3bc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "94cb00a4-b295-4d06-aa2b-5653b9c1be9c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "a62a8db3-f23a-4d8f-afd6-9dbc77e7813b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "acd0ba37-7ba9-4cc5-ac61-796586cd856d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "b83e166d-13d7-4b52-8677-dff90c548fd7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "c3c8c916-2f3c-4e71-94b2-240bdfc996f0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "c5e31fb5-fcbd-48a4-af8c-5a6ed5b932e5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "c615231b-f253-4f58-9d47-d5b4cbdb6839", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" + }, + { + "dest-uuid": "cca0ccb6-a068-4574-a722-b1556f86833a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d519cfd5-f3a8-43a9-a846-ed0bb40672b1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "edbe24e9-aec4-4994-ac75-6a6bc7f1ddd0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ee7ff928-801c-4f34-8a99-3df965e581a5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" } ], "uuid": "b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067", @@ -14644,77 +14644,14 @@ }, "related": [ { - "dest-uuid": "f9e9365a-9ca2-4d9c-8e7c-050d73d1101a", + "dest-uuid": "04ef4356-8926-45e2-9441-634b6f3dcecb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "ae7f3575-0a5e-427e-991b-fe03ad44c754", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "37b11151-1776-4f8f-b328-30939fbf2ceb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "b0c74ef9-c61e-4986-88cb-78da98a355ec", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "6e6845c2-347a-4a6f-a2d1-b74a18ebd352", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "5ad95aaa-49c1-4784-821d-2e83f47b079b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "723e3a2b-ca0d-4daa-ada8-82ea35d3733a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "35187df2-31ed-43b6-a1f5-2f1d3d58d3f1", + "dest-uuid": "0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -14727,13 +14664,6 @@ ], "type": "mitigates" }, - { - "dest-uuid": "4fd8a28b-4b3a-4cd6-a8cf-85ba5f824a7f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "10ff21b9-5a01-4268-a1b5-3b55015f1847", "tags": [ @@ -14742,14 +14672,14 @@ "type": "mitigates" }, { - "dest-uuid": "960c3c86-1480-4d72-b4e0-8c242e84a5c5", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "fc74ba38-dc98-461f-8611-b3dbf9978e3d", + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -14762,6 +14692,69 @@ ], "type": "mitigates" }, + { + "dest-uuid": "35187df2-31ed-43b6-a1f5-2f1d3d58d3f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "37b11151-1776-4f8f-b328-30939fbf2ceb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "4fd8a28b-4b3a-4cd6-a8cf-85ba5f824a7f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "5ad95aaa-49c1-4784-821d-2e83f47b079b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "6e6845c2-347a-4a6f-a2d1-b74a18ebd352", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "723e3a2b-ca0d-4daa-ada8-82ea35d3733a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "960c3c86-1480-4d72-b4e0-8c242e84a5c5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ @@ -14770,14 +14763,21 @@ "type": "mitigates" }, { - "dest-uuid": "d456de47-a16f-4e46-8980-e67478a12dcb", + "dest-uuid": "a0a189c8-d3bd-4991-bf6f-153d185ee373", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3", + "dest-uuid": "ae7f3575-0a5e-427e-991b-fe03ad44c754", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "b0c74ef9-c61e-4986-88cb-78da98a355ec", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -14798,7 +14798,14 @@ "type": "mitigates" }, { - "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", + "dest-uuid": "d245808a-7086-4310-984a-a84aaaa43f8f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d456de47-a16f-4e46-8980-e67478a12dcb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -14812,21 +14819,14 @@ "type": "mitigates" }, { - "dest-uuid": "a0a189c8-d3bd-4991-bf6f-153d185ee373", + "dest-uuid": "f9e9365a-9ca2-4d9c-8e7c-050d73d1101a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "d245808a-7086-4310-984a-a84aaaa43f8f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "04ef4356-8926-45e2-9441-634b6f3dcecb", + "dest-uuid": "fc74ba38-dc98-461f-8611-b3dbf9978e3d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -14853,28 +14853,7 @@ "type": "mitigates" }, { - "dest-uuid": "d245808a-7086-4310-984a-a84aaaa43f8f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "28abec6c-4443-4b03-8206-07f2e264a6b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "a6557c75-798f-42e4-be70-ab4502e0a3bc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "6856ddd6-2df3-4379-8b87-284603c189c3", + "dest-uuid": "16ab6452-c3c1-497c-a47d-206018ca1ada", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -14888,21 +14867,7 @@ "type": "mitigates" }, { - "dest-uuid": "fc74ba38-dc98-461f-8611-b3dbf9978e3d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "565275d5-fcc3-4b66-b4e7-928e4cac6b8c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "16ab6452-c3c1-497c-a47d-206018ca1ada", + "dest-uuid": "28abec6c-4443-4b03-8206-07f2e264a6b4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -14915,6 +14880,20 @@ ], "type": "mitigates" }, + { + "dest-uuid": "565275d5-fcc3-4b66-b4e7-928e4cac6b8c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "6856ddd6-2df3-4379-8b87-284603c189c3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "7f0ca133-88c4-40c6-a62f-b3083a7fbc2e", "tags": [ @@ -14922,6 +14901,27 @@ ], "type": "mitigates" }, + { + "dest-uuid": "a6557c75-798f-42e4-be70-ab4502e0a3bc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ae7f3575-0a5e-427e-991b-fe03ad44c754", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d245808a-7086-4310-984a-a84aaaa43f8f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "f5bb433e-bdf6-4781-84bc-35e97e43be89", "tags": [ @@ -14930,7 +14930,7 @@ "type": "mitigates" }, { - "dest-uuid": "ae7f3575-0a5e-427e-991b-fe03ad44c754", + "dest-uuid": "fc74ba38-dc98-461f-8611-b3dbf9978e3d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -14945,9 +14945,9 @@ "meta": { "external_id": "T1064", "refs": [ + "https://arstechnica.com/information-technology/2017/03/hack-that-escapes-vm-by-exploiting-edge-browser-fetches-105000-at-pwn2own/", "https://attack.mitre.org/mitigations/T1064", - "https://cloudblogs.microsoft.com/microsoftsecure/2016/03/22/new-feature-in-office-2016-can-block-macros-and-help-prevent-infection/", - "https://arstechnica.com/information-technology/2017/03/hack-that-escapes-vm-by-exploiting-edge-browser-fetches-105000-at-pwn2own/" + "https://cloudblogs.microsoft.com/microsoftsecure/2016/03/22/new-feature-in-office-2016-can-block-macros-and-help-prevent-infection/" ] }, "related": [ @@ -14967,21 +14967,21 @@ "meta": { "external_id": "T1067", "refs": [ - "https://attack.mitre.org/mitigations/T1067", "http://www.trustedcomputinggroup.org/wp-content/uploads/Trusted-Platform-Module-Summary_04292008.pdf", + "https://attack.mitre.org/mitigations/T1067", "https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process" ] }, "related": [ { - "dest-uuid": "1b7b1806-7746-41a1-a35d-e48dae25ddba", + "dest-uuid": "02fefddc-fb1b-423f-a76b-7552dd211d4d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "02fefddc-fb1b-423f-a76b-7552dd211d4d", + "dest-uuid": "1b7b1806-7746-41a1-a35d-e48dae25ddba", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15017,24 +15017,24 @@ "meta": { "external_id": "T1099", "refs": [ - "https://attack.mitre.org/mitigations/T1099", - "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html", - "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx", + "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599", + "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm", + "https://attack.mitre.org/mitigations/T1099", "https://technet.microsoft.com/en-us/library/ee791851.aspx" ] }, "related": [ { - "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", + "dest-uuid": "128c55d3-aeba-469f-bd3e-c8996ab4112a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "128c55d3-aeba-469f-bd3e-c8996ab4112a", + "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15191,8 +15191,8 @@ "meta": { "external_id": "T1148", "refs": [ - "https://attack.mitre.org/mitigations/T1148", - "http://www.akyl.net/securing-bashhistory-file-make-sure-your-linux-system-users-won%E2%80%99t-hide-or-delete-their-bashhistory" + "http://www.akyl.net/securing-bashhistory-file-make-sure-your-linux-system-users-won%E2%80%99t-hide-or-delete-their-bashhistory", + "https://attack.mitre.org/mitigations/T1148" ] }, "related": [ @@ -15217,13 +15217,6 @@ ] }, "related": [ - { - "dest-uuid": "8c41090b-aa47-4331-986b-8c9a51a91103", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "0cfe31a7-81fc-472c-bc45-e2808d1066a3", "tags": [ @@ -15237,6 +15230,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" + }, + { + "dest-uuid": "8c41090b-aa47-4331-986b-8c9a51a91103", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" } ], "uuid": "5d8507c4-603e-4fe1-8a4a-b8241f58734b", @@ -15313,182 +15313,14 @@ }, "related": [ { - "dest-uuid": "0a241b6c-7bb2-48f9-98f7-128145b4d27f", + "dest-uuid": "0458aab9-ad42-4eac-9e22-706a95bafee2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "a0e6614a-7740-4b24-bd65-f1bde09fc365", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "24286c33-d4a4-4419-85c2-1d094a896c26", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "36aa137f-5166-41f8-b2f0-a4cfa1b4133e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "2b5aa86b-a0df-4382-848d-30abea443327", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "2339cf19-8f1e-48f7-8a91-0262ba547b6f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "bed04f7d-e48a-4e76-bd0f-4c57fe31fc46", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "34b3f738-bd64-40e5-a112-29b0542bc8bf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "19401639-28d0-4c3c-adcc-bc2ba22f6421", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "0ff59227-8aa8-4c09-bf1f-925605bd07ea", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "937e4772-8441-4e4a-8bf0-8d447d667e23", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "6c2957f9-502a-478c-b1dd-d626c0659413", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "16cdd21f-da65-4e4f-bc04-dd7d198c7b26", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "ae797531-3219-49a4-bccf-324ad7a4c7b2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "84ae8255-b4f4-4237-b5c5-e717405a9701", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "274770e0-2612-4ccf-a678-ef8e7bad365d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "6e561441-8431-4773-a9b8-ccf28ef6a968", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "bbc3cba7-84ae-410d-b18b-16750731dfa2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "69f897fd-12a9-4c89-ad6a-46d2f3c38262", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "84771bc3-f6a0-403e-b144-01af70e5fda0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "baf60e1a-afe5-4d31-830f-1b1ba2351884", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "a51eb150-93b1-484b-a503-e51453b127a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "edadea33-549c-4ed1-9783-8f5a5853cbdf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "b1ccd744-3f78-4a0e-9bb2-2002057f7928", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "67073dde-d720-45ae-83da-b12d5e73ca3b", + "dest-uuid": "09312b1a-c3c6-4b45-9844-3ccc78e5d82f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15502,63 +15334,7 @@ "type": "mitigates" }, { - "dest-uuid": "c071d8c1-3b3a-4f22-9407-ca4e96921069", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "34ab90a3-05f6-4259-8f21-621081fdaba5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "7e3beebd-8bfe-4e7b-a892-e44ab06a75f9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "1cec9319-743b-4840-bb65-431547bce82a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "60c4b628-4807-4b0b-bbf5-fdac8643c337", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "bc76d0a4-db11-4551-9ac4-01a469cfb161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "ec4be82f-940c-4dcb-87fe-2bbdd17c692f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "e196b5c5-8118-4a1c-ab8a-936586ce3db5", + "dest-uuid": "0a241b6c-7bb2-48f9-98f7-128145b4d27f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15572,42 +15348,7 @@ "type": "mitigates" }, { - "dest-uuid": "39cc9f64-cf74-4a48-a4d8-fe98c54a02e0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "91177e6d-b616-4a03-ba4b-f3b32f7dda75", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "e7cbc1de-1f79-48ee-abfd-da1241c65a15", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "5282dd9a-d26d-4e16-88b7-7c0f4553daf4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "212306d8-efa4-44c9-8c2d-ed3d2e224aa0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "65013dd2-bc61-43e3-afb5-a14c4fa7437a", + "dest-uuid": "0ff59227-8aa8-4c09-bf1f-925605bd07ea", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15621,42 +15362,70 @@ "type": "mitigates" }, { - "dest-uuid": "ce0687a0-e692-4b77-964a-0784a8e54ff1", + "dest-uuid": "16cdd21f-da65-4e4f-bc04-dd7d198c7b26", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4", + "dest-uuid": "17fd695c-b88c-455a-a3d1-43b6cb728532", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "55fc4df0-b42c-479a-b860-7a6761bcaad0", + "dest-uuid": "19401639-28d0-4c3c-adcc-bc2ba22f6421", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "c2f59d25-87fe-44aa-8f83-e8e59d077bf5", + "dest-uuid": "197ef1b9-e764-46c3-b96c-23f77985dc81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "7807d3a4-a885-4639-a786-c1ed41484970", + "dest-uuid": "1cec9319-743b-4840-bb65-431547bce82a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "cc723aff-ec88-40e3-a224-5af9fd983cc4", + "dest-uuid": "212306d8-efa4-44c9-8c2d-ed3d2e224aa0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "2339cf19-8f1e-48f7-8a91-0262ba547b6f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "24286c33-d4a4-4419-85c2-1d094a896c26", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "274770e0-2612-4ccf-a678-ef8e7bad365d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "2b5aa86b-a0df-4382-848d-30abea443327", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15670,14 +15439,56 @@ "type": "mitigates" }, { - "dest-uuid": "810d8072-afb6-4a56-9ee7-86379ac4a6f3", + "dest-uuid": "31fe0ba2-62fd-4fd9-9293-4043d84f7fe9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "b85f6ce5-81e8-4f36-aff2-3df9d02a9c9d", + "dest-uuid": "34ab90a3-05f6-4259-8f21-621081fdaba5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "34b3f738-bd64-40e5-a112-29b0542bc8bf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "36aa137f-5166-41f8-b2f0-a4cfa1b4133e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "39cc9f64-cf74-4a48-a4d8-fe98c54a02e0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "3ee16395-03f0-4690-a32e-69ce9ada0f9e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15698,42 +15509,63 @@ "type": "mitigates" }, { - "dest-uuid": "e3b168bd-fcd7-439e-9382-2e6c2f63514d", + "dest-uuid": "5282dd9a-d26d-4e16-88b7-7c0f4553daf4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "db8f5003-3b20-48f0-9b76-123e44208120", + "dest-uuid": "5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", + "dest-uuid": "55fc4df0-b42c-479a-b860-7a6761bcaad0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", + "dest-uuid": "60c4b628-4807-4b0b-bbf5-fdac8643c337", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "31fe0ba2-62fd-4fd9-9293-4043d84f7fe9", + "dest-uuid": "65013dd2-bc61-43e3-afb5-a14c4fa7437a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "81033c3b-16a4-46e4-8fed-9b030dd03c4a", + "dest-uuid": "67073dde-d720-45ae-83da-b12d5e73ca3b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "69f897fd-12a9-4c89-ad6a-46d2f3c38262", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "6c2957f9-502a-478c-b1dd-d626c0659413", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "6e561441-8431-4773-a9b8-ccf28ef6a968", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15746,6 +15578,13 @@ ], "type": "mitigates" }, + { + "dest-uuid": "76551c52-b111-4884-bc47-ff3e728f0156", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "774ad5bb-2366-4c13-a8a9-65e50b292e7c", "tags": [ @@ -15753,6 +15592,13 @@ ], "type": "mitigates" }, + { + "dest-uuid": "7807d3a4-a885-4639-a786-c1ed41484970", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "79da0971-3147-4af6-a4f5-e8cd447cd795", "tags": [ @@ -15760,6 +15606,62 @@ ], "type": "mitigates" }, + { + "dest-uuid": "7e3beebd-8bfe-4e7b-a892-e44ab06a75f9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "81033c3b-16a4-46e4-8fed-9b030dd03c4a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "810d8072-afb6-4a56-9ee7-86379ac4a6f3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "84771bc3-f6a0-403e-b144-01af70e5fda0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "84ae8255-b4f4-4237-b5c5-e717405a9701", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "91177e6d-b616-4a03-ba4b-f3b32f7dda75", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "937e4772-8441-4e4a-8bf0-8d447d667e23", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "9d48cab2-7929-4812-ad22-f536665f0109", "tags": [ @@ -15768,21 +15670,56 @@ "type": "mitigates" }, { - "dest-uuid": "f4b843c1-7e92-4701-8fed-ce82f8be2636", + "dest-uuid": "a0e6614a-7740-4b24-bd65-f1bde09fc365", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "0458aab9-ad42-4eac-9e22-706a95bafee2", + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "09312b1a-c3c6-4b45-9844-3ccc78e5d82f", + "dest-uuid": "a51eb150-93b1-484b-a503-e51453b127a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ae797531-3219-49a4-bccf-324ad7a4c7b2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "b1ccd744-3f78-4a0e-9bb2-2002057f7928", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "b85f6ce5-81e8-4f36-aff2-3df9d02a9c9d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "baf60e1a-afe5-4d31-830f-1b1ba2351884", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "bbc3cba7-84ae-410d-b18b-16750731dfa2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15796,42 +15733,84 @@ "type": "mitigates" }, { - "dest-uuid": "3ee16395-03f0-4690-a32e-69ce9ada0f9e", + "dest-uuid": "bc76d0a4-db11-4551-9ac4-01a469cfb161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "f9cc4d06-775f-4ee1-b401-4e2cc0da30ba", + "dest-uuid": "bed04f7d-e48a-4e76-bd0f-4c57fe31fc46", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "76551c52-b111-4884-bc47-ff3e728f0156", + "dest-uuid": "c071d8c1-3b3a-4f22-9407-ca4e96921069", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "197ef1b9-e764-46c3-b96c-23f77985dc81", + "dest-uuid": "c2f59d25-87fe-44aa-8f83-e8e59d077bf5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", + "dest-uuid": "cc723aff-ec88-40e3-a224-5af9fd983cc4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "17fd695c-b88c-455a-a3d1-43b6cb728532", + "dest-uuid": "cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ce0687a0-e692-4b77-964a-0784a8e54ff1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "db8f5003-3b20-48f0-9b76-123e44208120", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "e196b5c5-8118-4a1c-ab8a-936586ce3db5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "e3b168bd-fcd7-439e-9382-2e6c2f63514d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "e7cbc1de-1f79-48ee-abfd-da1241c65a15", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ec4be82f-940c-4dcb-87fe-2bbdd17c692f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15843,6 +15822,27 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" + }, + { + "dest-uuid": "edadea33-549c-4ed1-9783-8f5a5853cbdf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f4b843c1-7e92-4701-8fed-ce82f8be2636", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f9cc4d06-775f-4ee1-b401-4e2cc0da30ba", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" } ], "uuid": "78bb71be-92b4-46de-acd6-5f998fedf1cc", @@ -15858,14 +15858,7 @@ }, "related": [ { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15878,20 +15871,6 @@ ], "type": "mitigates" }, - { - "dest-uuid": "6ff403bc-93e3-48be-8687-e102fdba8c88", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d3df754e-997b-4cf9-97d4-70feb3120847", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "6be14413-578e-46c1-8304-310762b3ecd5", "tags": [ @@ -15900,7 +15879,7 @@ "type": "mitigates" }, { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "dest-uuid": "6ff403bc-93e3-48be-8687-e102fdba8c88", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15914,28 +15893,7 @@ "type": "mitigates" }, { - "dest-uuid": "f6ad61ee-65f3-4bd0-a3f5-2f0accb36317", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "a62a8db3-f23a-4d8f-afd6-9dbc77e7813b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15948,6 +15906,13 @@ ], "type": "mitigates" }, + { + "dest-uuid": "a62a8db3-f23a-4d8f-afd6-9dbc77e7813b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ @@ -15956,7 +15921,42 @@ "type": "mitigates" }, { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d3df754e-997b-4cf9-97d4-70feb3120847", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "f6ad61ee-65f3-4bd0-a3f5-2f0accb36317", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15990,14 +15990,14 @@ "type": "mitigates" }, { - "dest-uuid": "e083305c-49e7-4c87-aae8-9689213bffbe", + "dest-uuid": "ccde43e4-78f9-4f32-b401-c081e7db71ea", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "ccde43e4-78f9-4f32-b401-c081e7db71ea", + "dest-uuid": "e083305c-49e7-4c87-aae8-9689213bffbe", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -16017,21 +16017,56 @@ }, "related": [ { - "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "10ff21b9-5a01-4268-a1b5-3b55015f1847", + "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", + "dest-uuid": "01327cde-66c4-4123-bf34-5f258d59457b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "04ef4356-8926-45e2-9441-634b6f3dcecb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "0c2d00da-7742-49e7-9928-4514e5075d32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "0c4b4fda-9062-47da-98b9-ceae2dcf052a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "0ca7beef-9bbc-4e35-97cf-437384ddce6a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "0cf55441-b176-4332-89e7-2c4c7799d0ff", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -16045,7 +16080,7 @@ "type": "mitigates" }, { - "dest-uuid": "8f104855-e5b7-4077-b1f5-bc3103b41abe", + "dest-uuid": "10ff21b9-5a01-4268-a1b5-3b55015f1847", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -16059,98 +16094,7 @@ "type": "mitigates" }, { - "dest-uuid": "767dbf9e-df3f-45cb-8998-4903ab5f80c0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "7d77a07d-02fe-4e88-8bd9-e9c008c01bf0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "bf96a5a3-3bce-43b7-8597-88545984c07b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "861b8fd2-57f3-4ee1-ab5d-c19c3b8c7a4a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "800f9819-7007-4540-a520-40e655876800", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "b0c74ef9-c61e-4986-88cb-78da98a355ec", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "f9e9365a-9ca2-4d9c-8e7c-050d73d1101a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "9e8b28c9-35fe-48ac-a14d-e6cc032dcbcd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "51dea151-0898-4a45-967c-3ebee0420484", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "8d7bd4f5-3a89-4453-9c82-2c8894d5655e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "cf1c2504-433f-4c4e-a1f8-91de45a0318c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "3986e7fd-a8e9-4ecb-bfc6-55920855912b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "341e222a-a6e3-4f6f-b69c-831d792b1580", + "dest-uuid": "144e007b-e638-431d-a894-45d90c54ab90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -16163,6 +16107,90 @@ ], "type": "mitigates" }, + { + "dest-uuid": "1f9c2bae-b441-4f66-a8af-b65946ee72f2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "27960489-4e7f-461d-a62a-f5c0cb521e4a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "28abec6c-4443-4b03-8206-07f2e264a6b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "2acf44aa-542f-4366-b4eb-55ef5747759c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "2edd9d6a-5674-4326-a600-ba56de467286", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "3298ce88-1628-43b1-87d9-0b5336b193d7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "341e222a-a6e3-4f6f-b69c-831d792b1580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "35187df2-31ed-43b6-a1f5-2f1d3d58d3f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "379809f6-2fac-42c1-bd2e-e9dee70b27f8", "tags": [ @@ -16171,14 +16199,35 @@ "type": "mitigates" }, { - "dest-uuid": "70857657-bd0b-4695-ad3e-b13f92cac1b4", + "dest-uuid": "389735f1-f21c-4208-b8f0-f8031e7169b8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "dest-uuid": "3986e7fd-a8e9-4ecb-bfc6-55920855912b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "435dfb86-2697-4867-85b5-2fef496c0517", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "46944654-fcc1-4f63-9dad-628102376586", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "4eb28bed-d11a-4641-9863-c2ac017d910a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -16191,6 +16240,20 @@ ], "type": "mitigates" }, + { + "dest-uuid": "51dea151-0898-4a45-967c-3ebee0420484", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "56e0d8b8-3e25-49dd-9050-3aa252f5aa92", "tags": [ @@ -16199,21 +16262,42 @@ "type": "mitigates" }, { - "dest-uuid": "a6557c75-798f-42e4-be70-ab4502e0a3bc", + "dest-uuid": "56ff457d-5e39-492b-974c-dfd2b8603ffe", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "e0033c16-a07e-48aa-8204-7c3ca669998c", + "dest-uuid": "573ad264-1371-4ae0-8482-d2673b719dba", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "mitigates" }, { - "dest-uuid": "ca1a3f50-5ebd-41f8-8320-2c7d6a6e88be", + "dest-uuid": "58af3705-8740-4c68-9329-ec015a7013c2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "5d2be8b9-d24c-4e98-83bf-2f5f79477163", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "62dfd1ca-52d5-483c-a84b-d6e80bf94b7b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -16226,6 +16310,13 @@ ], "type": "mitigates" }, + { + "dest-uuid": "70857657-bd0b-4695-ad3e-b13f92cac1b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "70d81154-b187-45f9-8ec5-295d01255979", "tags": [ @@ -16233,6 +16324,132 @@ ], "type": "mitigates" }, + { + "dest-uuid": "767dbf9e-df3f-45cb-8998-4903ab5f80c0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "77532a55-c283-4cd2-bc5d-2d0b65e9d88c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "7ad38ef1-381a-406d-872a-38b136eb5ecc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "7d77a07d-02fe-4e88-8bd9-e9c008c01bf0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "800f9819-7007-4540-a520-40e655876800", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "861b8fd2-57f3-4ee1-ab5d-c19c3b8c7a4a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "890c9858-598c-401d-a4d5-c67ebcdd703a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "8d7bd4f5-3a89-4453-9c82-2c8894d5655e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "8f104855-e5b7-4077-b1f5-bc3103b41abe", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "8faedf87-dceb-4c35-b2a2-7286f59a3bc3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "94cb00a4-b295-4d06-aa2b-5653b9c1be9c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "9e8b28c9-35fe-48ac-a14d-e6cc032dcbcd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "a6557c75-798f-42e4-be70-ab4502e0a3bc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "b0c74ef9-c61e-4986-88cb-78da98a355ec", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "b2001907-166b-4d71-bb3c-9d26c871de09", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "b46a801b-fd98-491c-a25a-bca25d6e3001", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, { "dest-uuid": "ba8e391f-14b5-496f-81f2-2d5ecd646c1c", "tags": [ @@ -16241,7 +16458,70 @@ "type": "mitigates" }, { - "dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf", + "dest-uuid": "bf96a5a3-3bce-43b7-8597-88545984c07b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "c4ad009b-6e13-4419-8d21-918a1652de02", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "ca1a3f50-5ebd-41f8-8320-2c7d6a6e88be", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "cf1c2504-433f-4c4e-a1f8-91de45a0318c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "cff94884-3b1c-4987-a70b-6d5643c621c3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "d456de47-a16f-4e46-8980-e67478a12dcb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "e0033c16-a07e-48aa-8204-7c3ca669998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + }, + { + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -16261,97 +16541,6 @@ ], "type": "mitigates" }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "389735f1-f21c-4208-b8f0-f8031e7169b8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "7ad38ef1-381a-406d-872a-38b136eb5ecc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "b46a801b-fd98-491c-a25a-bca25d6e3001", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "4eb28bed-d11a-4641-9863-c2ac017d910a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "58af3705-8740-4c68-9329-ec015a7013c2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "144e007b-e638-431d-a894-45d90c54ab90", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "890c9858-598c-401d-a4d5-c67ebcdd703a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "27960489-4e7f-461d-a62a-f5c0cb521e4a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "5d2be8b9-d24c-4e98-83bf-2f5f79477163", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "573ad264-1371-4ae0-8482-d2673b719dba", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "f005e783-57d4-4837-88ad-dbe7faee1c51", "tags": [ @@ -16359,69 +16548,6 @@ ], "type": "mitigates" }, - { - "dest-uuid": "3298ce88-1628-43b1-87d9-0b5336b193d7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "1f9c2bae-b441-4f66-a8af-b65946ee72f2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "04ef4356-8926-45e2-9441-634b6f3dcecb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "35187df2-31ed-43b6-a1f5-2f1d3d58d3f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "94cb00a4-b295-4d06-aa2b-5653b9c1be9c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "28abec6c-4443-4b03-8206-07f2e264a6b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "0ca7beef-9bbc-4e35-97cf-437384ddce6a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "435dfb86-2697-4867-85b5-2fef496c0517", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, { "dest-uuid": "f3d95a1f-bba2-44ce-9af7-37866cd63fd0", "tags": [ @@ -16430,133 +16556,7 @@ "type": "mitigates" }, { - "dest-uuid": "b2001907-166b-4d71-bb3c-9d26c871de09", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "01327cde-66c4-4123-bf34-5f258d59457b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "2edd9d6a-5674-4326-a600-ba56de467286", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "d456de47-a16f-4e46-8980-e67478a12dcb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "46944654-fcc1-4f63-9dad-628102376586", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "77532a55-c283-4cd2-bc5d-2d0b65e9d88c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "8faedf87-dceb-4c35-b2a2-7286f59a3bc3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "cff94884-3b1c-4987-a70b-6d5643c621c3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "2acf44aa-542f-4366-b4eb-55ef5747759c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "0c2d00da-7742-49e7-9928-4514e5075d32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "c4ad009b-6e13-4419-8d21-918a1652de02", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "0c4b4fda-9062-47da-98b9-ceae2dcf052a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "0cf55441-b176-4332-89e7-2c4c7799d0ff", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "62dfd1ca-52d5-483c-a84b-d6e80bf94b7b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "mitigates" - }, - { - "dest-uuid": "56ff457d-5e39-492b-974c-dfd2b8603ffe", + "dest-uuid": "f9e9365a-9ca2-4d9c-8e7c-050d73d1101a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -16567,5 +16567,5 @@ "value": "Audit - M1047" } ], - "version": 21 + "version": 22 } diff --git a/clusters/mitre-intrusion-set.json b/clusters/mitre-intrusion-set.json index cfdd11c..b041aea 100644 --- a/clusters/mitre-intrusion-set.json +++ b/clusters/mitre-intrusion-set.json @@ -15,11 +15,11 @@ "external_id": "G0130", "refs": [ "https://attack.mitre.org/groups/G0130", - "https://www.mandiant.com/resources/operation-saffron-rose", "https://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdf", "https://documents.trendmicro.com/assets/wp/wp-operation-woolen-goldfish.pdf", "https://iranthreats.github.io/resources/attribution-flying-rocket-kitten/", - "https://www.crowdstrike.com/blog/cat-scratch-fever-crowdstrike-tracks-newly-reported-iranian-actor-flying-kitten/" + "https://www.crowdstrike.com/blog/cat-scratch-fever-crowdstrike-tracks-newly-reported-iranian-actor-flying-kitten/", + "https://www.mandiant.com/resources/operation-saffron-rose" ], "synonyms": [ "Ajax Security Team", @@ -32,14 +32,7 @@ }, "related": [ { - "dest-uuid": "fbd727ea-c0dc-42a9-8448-9e12962d1ab5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -53,14 +46,14 @@ "type": "uses" }, { - "dest-uuid": "f6ad61ee-65f3-4bd0-a3f5-2f0accb36317", + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -74,14 +67,21 @@ "type": "uses" }, { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "dest-uuid": "f6ad61ee-65f3-4bd0-a3f5-2f0accb36317", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "fbd727ea-c0dc-42a9-8448-9e12962d1ab5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -105,21 +105,7 @@ }, "related": [ { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bdb27a1d-1844-42f1-a0c0-826027ae0326", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -140,7 +126,21 @@ "type": "uses" }, { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "dest-uuid": "bdb27a1d-1844-42f1-a0c0-826027ae0326", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -154,14 +154,14 @@ "type": "uses" }, { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -176,16 +176,16 @@ "meta": { "external_id": "G0027", "refs": [ + "http://arstechnica.com/security/2015/08/newly-discovered-chinese-hacking-group-hacked-100-websites-to-use-as-watering-holes/", "https://attack.mitre.org/groups/G0027", + "https://documents.trendmicro.com/assets/white_papers/wp-uncovering-DRBcontrol.pdf", + "https://research.nccgroup.com/2018/05/18/emissary-panda-a-potential-new-malicious-tool/", + "https://securelist.com/luckymouse-hits-national-data-center/86083/", + "https://thehackernews.com/2018/06/chinese-watering-hole-attack.html", + "https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/", "https://www.secureworks.com/research/bronze-union", "https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage", - "https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/", - "http://arstechnica.com/security/2015/08/newly-discovered-chinese-hacking-group-hacked-100-websites-to-use-as-watering-holes/", - "https://thehackernews.com/2018/06/chinese-watering-hole-attack.html", - "https://securelist.com/luckymouse-hits-national-data-center/86083/", - "https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html", - "https://documents.trendmicro.com/assets/white_papers/wp-uncovering-DRBcontrol.pdf", - "https://research.nccgroup.com/2018/05/18/emissary-panda-a-potential-new-malicious-tool/" + "https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html" ], "synonyms": [ "Threat Group-3390", @@ -200,189 +200,7 @@ }, "related": [ { - "dest-uuid": "834e0acd-d92a-4e38-bb14-dc4159d7cb32", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "c009560a-f097-45a3-8f9f-78ec1440a783", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a545456a-f9a7-47ad-9ea6-8b017def38d1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bd369cd9-abb8-41ce-b5bb-fff23ee86c00", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b63970b7-ddfb-4aee-97b1-80d335e033a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "506f6f49-7045-4156-9007-7474cb44ad6d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4eb28bed-d11a-4641-9863-c2ac017d910a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "26c87906-d750-42c5-946c-d4162c73fc7b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e066bf86-9cfb-407a-9d25-26fd5d91e360", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b07c2c47-fefb-4d7c-a69e-6a3296171f54", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ee16395-03f0-4690-a32e-69ce9ada0f9e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6e95feb1-78ee-48d3-b421-4d76663b5c49", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5a3a31fe-5a8f-48e1-bff0-a753e5b1be70", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -396,168 +214,7 @@ "type": "uses" }, { - "dest-uuid": "c3888c54-775d-4b2f-b759-75a2ececcbfd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "294e2560-bd48-44b2-9da2-833b5588ad11", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "56f46b17-8cfa-46c0-b501-dd52fef394e2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0a68f1f1-da74-4d28-8d9a-696c082706cc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cfc75b0d-e579-40ae-ad07-a1ce00d49a6c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "315f51f0-6b03-4c1e-bfb2-84740afb8e21", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "31fe0ba2-62fd-4fd9-9293-4043d84f7fe9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "88c621a7-aef9-4ae0-94e3-1fc87123eb24", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5e814485-012d-423d-b769-026bfed0f451", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9fa07bef-9c81-421e-a8e5-ad4366c5a925", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a750a9f6-0bde-4bb3-9aae-1e2786e9780c", + "dest-uuid": "03acae53-9b98-46f6-b204-16b930839055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -571,35 +228,14 @@ "type": "uses" }, { - "dest-uuid": "f3d95a1f-bba2-44ce-9af7-37866cd63fd0", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e45723a-31da-4a7e-aaa6-e01998a6788f", + "dest-uuid": "0a68f1f1-da74-4d28-8d9a-696c082706cc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -613,7 +249,35 @@ "type": "uses" }, { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -627,84 +291,42 @@ "type": "uses" }, { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "dest-uuid": "26c87906-d750-42c5-946c-d4162c73fc7b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "dest-uuid": "294e2560-bd48-44b2-9da2-833b5588ad11", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "9de2308e-7bed-43a3-8e58-f194b3586700", + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "359b00ad-9425-420b-bba5-6de8d600cbc0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "41868330-6ee2-4d0f-b743-9f2294c3c9b6", + "dest-uuid": "2e45723a-31da-4a7e-aaa6-e01998a6788f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -718,14 +340,63 @@ "type": "uses" }, { - "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "03acae53-9b98-46f6-b204-16b930839055", + "dest-uuid": "315f51f0-6b03-4c1e-bfb2-84740afb8e21", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "31fe0ba2-62fd-4fd9-9293-4043d84f7fe9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "359b00ad-9425-420b-bba5-6de8d600cbc0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ee16395-03f0-4690-a32e-69ce9ada0f9e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "41868330-6ee2-4d0f-b743-9f2294c3c9b6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -738,6 +409,195 @@ ], "type": "uses" }, + { + "dest-uuid": "4eb28bed-d11a-4641-9863-c2ac017d910a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "506f6f49-7045-4156-9007-7474cb44ad6d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "56f46b17-8cfa-46c0-b501-dd52fef394e2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5a3a31fe-5a8f-48e1-bff0-a753e5b1be70", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5e814485-012d-423d-b769-026bfed0f451", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6e95feb1-78ee-48d3-b421-4d76663b5c49", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "834e0acd-d92a-4e38-bb14-dc4159d7cb32", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "88c621a7-aef9-4ae0-94e3-1fc87123eb24", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9de2308e-7bed-43a3-8e58-f194b3586700", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9fa07bef-9c81-421e-a8e5-ad4366c5a925", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a545456a-f9a7-47ad-9ea6-8b017def38d1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a750a9f6-0bde-4bb3-9aae-1e2786e9780c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b07c2c47-fefb-4d7c-a69e-6a3296171f54", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ @@ -746,7 +606,133 @@ "type": "uses" }, { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", + "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b63970b7-ddfb-4aee-97b1-80d335e033a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bd369cd9-abb8-41ce-b5bb-fff23ee86c00", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c009560a-f097-45a3-8f9f-78ec1440a783", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c3888c54-775d-4b2f-b759-75a2ececcbfd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cfc75b0d-e579-40ae-ad07-a1ce00d49a6c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e066bf86-9cfb-407a-9d25-26fd5d91e360", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -760,7 +746,21 @@ "type": "uses" }, { - "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3d95a1f-bba2-44ce-9af7-37866cd63fd0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -775,8 +775,8 @@ "meta": { "external_id": "G0028", "refs": [ - "https://attack.mitre.org/groups/G0028", - "http://www.secureworks.com/resources/blog/living-off-the-land/" + "http://www.secureworks.com/resources/blog/living-off-the-land/", + "https://attack.mitre.org/groups/G0028" ], "synonyms": [ "Threat Group-1314", @@ -784,13 +784,6 @@ ] }, "related": [ - { - "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", "tags": [ @@ -799,7 +792,7 @@ "type": "uses" }, { - "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", + "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -825,6 +818,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "d519164e-f5fa-4b8c-a1fb-cf0172ad0983", @@ -835,9 +835,9 @@ "meta": { "external_id": "G0074", "refs": [ + "http://fortune.com/2017/09/06/hack-energy-grid-symantec/", "https://attack.mitre.org/groups/G0074", "https://www.dragos.com/threat/dymalloy/", - "http://fortune.com/2017/09/06/hack-energy-grid-symantec/", "https://www.secureworks.com/research/mcmd-malware-analysis", "https://www.secureworks.com/research/threat-profiles/iron-liberty", "https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group", @@ -868,9 +868,9 @@ "external_id": "G0030", "refs": [ "https://attack.mitre.org/groups/G0030", - "https://www.paloaltonetworks.com/resources/research/unit42-operation-lotus-blossom.html", + "https://securelist.com/the-spring-dragon-apt/70726/", "https://www.accenture.com/t20180127T003755Z_w_/us-en/_acnmedia/PDF-46/Accenture-Security-Dragonfish-Threat-Analysis.pdf", - "https://securelist.com/the-spring-dragon-apt/70726/" + "https://www.paloaltonetworks.com/resources/research/unit42-operation-lotus-blossom.html" ], "synonyms": [ "Lotus Blossom", @@ -879,6 +879,13 @@ ] }, "related": [ + { + "dest-uuid": "0f862b01-99da-47cc-9bdb-db4a86a95bb1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "32fafa69-fe3c-49db-afd4-aac2664bcf0d", "tags": [ @@ -892,13 +899,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "0f862b01-99da-47cc-9bdb-db4a86a95bb1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "88b7dbc2-32d3-4e31-af2f-3fc24e1582d7", @@ -909,10 +909,10 @@ "meta": { "external_id": "G0060", "refs": [ - "https://attack.mitre.org/groups/G0060", "http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-butler-daserf-backdoor-now-using-steganography/", - "https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses", + "https://attack.mitre.org/groups/G0060", "https://documents.trendmicro.com/assets/pdf/Operation-ENDTRADE-TICK-s-Multi-Stage-Backdoors-for-Attacking-Industries-and-Stealing-Classified-Data.pdf", + "https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses", "https://www.symantec.com/connect/blogs/tick-cyberespionage-group-zeros-japan" ], "synonyms": [ @@ -923,77 +923,14 @@ }, "related": [ { - "dest-uuid": "add6554a-815a-4ac3-9b22-9337b9661ab8", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "f3d95a1f-bba2-44ce-9af7-37866cd63fd0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f0fc920e-57a3-4af5-89be-9ea594c8b1ea", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "242f3da3-4425-4d11-8f5c-b842886da966", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "36ede314-7db4-4d09-b53d-81bbfbe5f6f8", + "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1014,21 +951,63 @@ "type": "uses" }, { - "dest-uuid": "ec9e00dd-0313-4d5b-8105-c20aa47abffc", + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "dest-uuid": "0c8465c0-d0b4-4670-992e-4eee8d7ff952", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "242f3da3-4425-4d11-8f5c-b842886da966", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "246fd3c7-f5e3-466d-8787-4c13d9e3b61c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1042,21 +1021,42 @@ "type": "uses" }, { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "dest-uuid": "36ede314-7db4-4d09-b53d-81bbfbe5f6f8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d2c7f8ad-3b50-4cfa-bbb1-799eff06fb40", + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1077,98 +1077,7 @@ "type": "uses" }, { - "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c9703cd3-141c-43a0-a926-380082be5d04", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ae676644-d2d2-41b7-af7e-9bed1b55898c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "dest-uuid": "7b211ac6-c815-4189-93a9-ab415deca926", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1181,76 +1090,6 @@ ], "type": "uses" }, - { - "dest-uuid": "0c8465c0-d0b4-4670-992e-4eee8d7ff952", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b6b3dfc7-9a81-43ff-ac04-698bad48973a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b07c2c47-fefb-4d7c-a69e-6a3296171f54", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "246fd3c7-f5e3-466d-8787-4c13d9e3b61c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bba595da-b73a-4354-aa6c-224d4de7cb4e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "8be7c69e-d8e3-4970-9668-61de08e508cc", "tags": [ @@ -1259,21 +1098,14 @@ "type": "uses" }, { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1287,7 +1119,105 @@ "type": "uses" }, { - "dest-uuid": "7b211ac6-c815-4189-93a9-ab415deca926", + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "add6554a-815a-4ac3-9b22-9337b9661ab8", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "ae676644-d2d2-41b7-af7e-9bed1b55898c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b07c2c47-fefb-4d7c-a69e-6a3296171f54", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b6b3dfc7-9a81-43ff-ac04-698bad48973a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bba595da-b73a-4354-aa6c-224d4de7cb4e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c9703cd3-141c-43a0-a926-380082be5d04", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d2c7f8ad-3b50-4cfa-bbb1-799eff06fb40", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1300,6 +1230,76 @@ ], "type": "uses" }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ec9e00dd-0313-4d5b-8105-c20aa47abffc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f0fc920e-57a3-4af5-89be-9ea594c8b1ea", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3d95a1f-bba2-44ce-9af7-37866cd63fd0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "f7827069-0bf2-4764-af4f-23fae0d181b7", "tags": [ @@ -1324,76 +1324,6 @@ ] }, "related": [ - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a6937325-9321-4e2e-bb2b-3ed2d40b2a9d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "835a79f1-842d-472d-b8f4-d54b545c341b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a5528622-3a8a-4633-86ce-8cdaf8423858", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f6ad61ee-65f3-4bd0-a3f5-2f0accb36317", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ @@ -1402,28 +1332,14 @@ "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "a5e91d50-24fa-44ec-9894-39a88f658cea", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1443,12 +1359,96 @@ ], "type": "uses" }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "835a79f1-842d-472d-b8f4-d54b545c341b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a5528622-3a8a-4633-86ce-8cdaf8423858", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a5e91d50-24fa-44ec-9894-39a88f658cea", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a6937325-9321-4e2e-bb2b-3ed2d40b2a9d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "c41a8b7c-3e42-4eee-b87d-ad8a100ee878", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f6ad61ee-65f3-4bd0-a3f5-2f0accb36317", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "8a831aaa-f3e0-47a3-bed8-a9ced744dd12", @@ -1460,17 +1460,17 @@ "external_id": "G0080", "refs": [ "https://attack.mitre.org/groups/G0080", + "https://blog.morphisec.com/cobalt-gang-2.0", "https://blog.talosintelligence.com/2018/07/multiple-cobalt-personality-disorder.html", - "https://www.ptsecurity.com/upload/corporate/ww-en/analytics/Cobalt-2017-eng.pdf", - "https://www.ptsecurity.com/upload/corporate/ww-en/analytics/Cobalt-Snatch-eng.pdf", + "https://crowdstrike.lookbookhq.com/global-threat-report-2018-web/cs-2018-global-threat-report", + "https://www.europol.europa.eu/newsroom/news/mastermind-behind-eur-1-billion-cyber-bank-robbery-arrested-in-spain", "https://www.group-ib.com/blog/cobalt", "https://www.proofpoint.com/us/threat-insight/post/microsoft-word-intruder-integrates-cve-2017-0199-utilized-cobalt-group-target", - "https://www.riskiq.com/blog/labs/cobalt-strike/", + "https://www.ptsecurity.com/upload/corporate/ww-en/analytics/Cobalt-2017-eng.pdf", + "https://www.ptsecurity.com/upload/corporate/ww-en/analytics/Cobalt-Snatch-eng.pdf", "https://www.riskiq.com/blog/labs/cobalt-group-spear-phishing-russian-banks/", - "https://www.europol.europa.eu/newsroom/news/mastermind-behind-eur-1-billion-cyber-bank-robbery-arrested-in-spain", - "https://www.secureworks.com/blog/cybercriminals-increasingly-trying-to-ensnare-the-big-financial-fish", - "https://crowdstrike.lookbookhq.com/global-threat-report-2018-web/cs-2018-global-threat-report", - "https://blog.morphisec.com/cobalt-gang-2.0" + "https://www.riskiq.com/blog/labs/cobalt-strike/", + "https://www.secureworks.com/blog/cybercriminals-increasingly-trying-to-ensnare-the-big-financial-fish" ], "synonyms": [ "Cobalt Group", @@ -1480,202 +1480,6 @@ ] }, "related": [ - { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bfd2738c-8b43-43c3-bc9f-d523c8e88bf4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "599cd7b5-37b5-4cdd-8174-2811531ce9d0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "eb125d40-0b2d-41ac-a71a-3229241c2cd3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d8d19e33-94fd-4aa3-b94a-08ee801a2153", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ebbe170d-aa74-4946-8511-9921243415a3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ @@ -1691,28 +1495,7 @@ "type": "uses" }, { - "dest-uuid": "bd369cd9-abb8-41ce-b5bb-fff23ee86c00", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4cbc6a62-9e34-4f94-8a19-5c1a11392a49", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", + "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1726,21 +1509,70 @@ "type": "uses" }, { - "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", + "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4cbc6a62-9e34-4f94-8a19-5c1a11392a49", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "599cd7b5-37b5-4cdd-8174-2811531ce9d0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1753,12 +1585,180 @@ ], "type": "uses" }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bd369cd9-abb8-41ce-b5bb-fff23ee86c00", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bfd2738c-8b43-43c3-bc9f-d523c8e88bf4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d8d19e33-94fd-4aa3-b94a-08ee801a2153", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "eb125d40-0b2d-41ac-a71a-3229241c2cd3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ebbe170d-aa74-4946-8511-9921243415a3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "dc6fe6ee-04c2-49be-ba3d-f38d2463c02a", @@ -1769,12 +1769,12 @@ "meta": { "external_id": "G0009", "refs": [ + "http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-black-vine-cyberespionage-group.pdf", "https://attack.mitre.org/groups/G0009", "https://blog.crowdstrike.com/deep-thought-chinese-targeting-national-security-think-tanks/", - "https://www.threatconnect.com/the-anthem-hack-all-roads-lead-to-china/", + "https://web.archive.org/web/20171017072306/https://icitech.org/icit-brief-chinas-espionage-dynasty-economic-death-by-a-thousand-cuts/", "https://www.rsa.com/content/dam/en/white-paper/rsa-incident-response-emerging-threat-profile-shell-crew.pdf", - "http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-black-vine-cyberespionage-group.pdf", - "https://web.archive.org/web/20171017072306/https://icitech.org/icit-brief-chinas-espionage-dynasty-economic-death-by-a-thousand-cuts/" + "https://www.threatconnect.com/the-anthem-hack-all-roads-lead-to-china/" ], "synonyms": [ "Deep Panda", @@ -1787,14 +1787,28 @@ }, "related": [ { - "dest-uuid": "066d25c1-71bd-4bd4-8ca7-edbba00063f4", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "0286e80e-b0ed-464f-ad62-beec8536d0cb", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { - "dest-uuid": "0286e80e-b0ed-464f-ad62-beec8536d0cb", + "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "066d25c1-71bd-4bd4-8ca7-edbba00063f4", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], @@ -1807,76 +1821,6 @@ ], "type": "similar" }, - { - "dest-uuid": "94379dec-5c87-49db-b36e-66abc0b81344", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b77b563c-34bb-4fb8-86a3-3694338f7b47", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "91000a8a-58cc-4aba-9ad0-993ad6302b86", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b0533c6e-8fea-4788-874f-b799cacc4b92", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "2e45723a-31da-4a7e-aaa6-e01998a6788f", "tags": [ @@ -1885,14 +1829,7 @@ "type": "uses" }, { - "dest-uuid": "fbb470da-1d44-4f29-bbb3-9efbe20f94a3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "96b08451-b27a-4ff6-893f-790e26393a8e", + "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1913,7 +1850,28 @@ "type": "uses" }, { - "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "91000a8a-58cc-4aba-9ad0-993ad6302b86", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "94379dec-5c87-49db-b36e-66abc0b81344", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "96b08451-b27a-4ff6-893f-790e26393a8e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1925,6 +1883,48 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "b0533c6e-8fea-4788-874f-b799cacc4b92", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b77b563c-34bb-4fb8-86a3-3694338f7b47", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "fbb470da-1d44-4f29-bbb3-9efbe20f94a3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "a653431d-6a5e-4600-8ad3-609b5af57064", @@ -1936,12 +1936,12 @@ "external_id": "G0102", "refs": [ "https://attack.mitre.org/groups/G0102", - "https://www.crowdstrike.com/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware/", "https://us-cert.cisa.gov/ncas/alerts/aa20-302a", + "https://www.crowdstrike.com/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware/", + "https://www.crowdstrike.com/blog/timelining-grim-spiders-big-game-hunting-tactics/", "https://www.crowdstrike.com/blog/wizard-spider-adversary-update/", - "https://www.fireeye.com/blog/threat-research/2020/10/kegtap-and-singlemalt-with-a-ransomware-chaser.html", "https://www.fireeye.com/blog/threat-research/2019/01/a-nasty-trick-from-credential-theft-malware-to-business-disruption.html", - "https://www.crowdstrike.com/blog/timelining-grim-spiders-big-game-hunting-tactics/" + "https://www.fireeye.com/blog/threat-research/2020/10/kegtap-and-singlemalt-with-a-ransomware-chaser.html" ], "synonyms": [ "Wizard Spider", @@ -1951,6 +1951,76 @@ ] }, "related": [ + { + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "00806466-754d-44ea-ad6f-0caf59cb8556", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "066b057c-944e-4cfc-b654-e3dfba04b926", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ @@ -1958,6 +2028,314 @@ ], "type": "uses" }, + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "32066e94-3112-48ca-b9eb-ba2b59d2f023", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3433a9e8-1c47-4320-b9bf-ed449061d1c3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "34e793de-0274-4982-9c1a-246ed1c19dee", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4dea7d8e-af94-4bfb-afe4-7ff54f59308b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "63c2a130-8a5b-452f-ad96-07cf0af12ffe", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "650c784b-7504-4df7-ab2c-4ea882384d1e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6836813e-8ec8-4375-b459-abb388cb1a35", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7dd95ff6-712e-4056-9626-312ea4ab4c5e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "981acc4c-2ede-4b56-be6e-fa1a75f37acf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "99fdf3b4-96ef-4ab9-b191-fc683441cad0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a020a61c-423f-4195-8c46-ba1d21abba37", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b77b563c-34bb-4fb8-86a3-3694338f7b47", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c9b99d03-ff11-4a48-95f0-82660d582c25", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e7cbc1de-1f79-48ee-abfd-da1241c65a15", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ @@ -1973,49 +2351,7 @@ "type": "uses" }, { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c9b99d03-ff11-4a48-95f0-82660d582c25", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "981acc4c-2ede-4b56-be6e-fa1a75f37acf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", + "dest-uuid": "f2877f7f-9a4c-4251-879f-1224e3006bee", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2028,230 +2364,6 @@ ], "type": "uses" }, - { - "dest-uuid": "60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "00806466-754d-44ea-ad6f-0caf59cb8556", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3433a9e8-1c47-4320-b9bf-ed449061d1c3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f2877f7f-9a4c-4251-879f-1224e3006bee", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b77b563c-34bb-4fb8-86a3-3694338f7b47", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a020a61c-423f-4195-8c46-ba1d21abba37", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "34e793de-0274-4982-9c1a-246ed1c19dee", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e7cbc1de-1f79-48ee-abfd-da1241c65a15", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6836813e-8ec8-4375-b459-abb388cb1a35", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4dea7d8e-af94-4bfb-afe4-7ff54f59308b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "f59508a6-3615-47c3-b493-6676e1a39a87", "tags": [ @@ -2259,76 +2371,6 @@ ], "type": "uses" }, - { - "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "066b057c-944e-4cfc-b654-e3dfba04b926", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "63c2a130-8a5b-452f-ad96-07cf0af12ffe", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "32066e94-3112-48ca-b9eb-ba2b59d2f023", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7dd95ff6-712e-4056-9626-312ea4ab4c5e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", "tags": [ @@ -2337,49 +2379,7 @@ "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "99fdf3b4-96ef-4ab9-b191-fc683441cad0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "650c784b-7504-4df7-ab2c-4ea882384d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2403,35 +2403,14 @@ }, "related": [ { - "dest-uuid": "9e71024e-817f-45b0-92a0-d886c30bc929", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "e1161124-f22e-487f-9d5f-ed8efc8dcd61", + "dest-uuid": "0db09158-6e48-4e7c-8ce7-2b10b9c0c039", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "66b1dcde-17a0-4c7b-95fa-b08d430c2131", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "166c0eca-02fd-424a-92c0-6b5106994d31", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2445,14 +2424,35 @@ "type": "uses" }, { - "dest-uuid": "0db09158-6e48-4e7c-8ce7-2b10b9c0c039", + "dest-uuid": "66b1dcde-17a0-4c7b-95fa-b08d430c2131", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "166c0eca-02fd-424a-92c0-6b5106994d31", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9e71024e-817f-45b0-92a0-d886c30bc929", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e1161124-f22e-487f-9d5f-ed8efc8dcd61", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2475,41 +2475,6 @@ ] }, "related": [ - { - "dest-uuid": "b3714d59-b61e-4713-903a-9b4f04ae7f3d", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "54e8672d-5338-4ad1-954a-a7c986bee530", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "359b00ad-9425-420b-bba5-6de8d600cbc0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0c8465c0-d0b4-4670-992e-4eee8d7ff952", "tags": [ @@ -2517,48 +2482,6 @@ ], "type": "uses" }, - { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b07c2c47-fefb-4d7c-a69e-6a3296171f54", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", "tags": [ @@ -2566,20 +2489,6 @@ ], "type": "uses" }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", "tags": [ @@ -2587,41 +2496,6 @@ ], "type": "uses" }, - { - "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "56f46b17-8cfa-46c0-b501-dd52fef394e2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "212306d8-efa4-44c9-8c2d-ed3d2e224aa0", "tags": [ @@ -2636,6 +2510,34 @@ ], "type": "uses" }, + { + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "359b00ad-9425-420b-bba5-6de8d600cbc0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "488da8ed-2887-4ef6-a39a-5b69bc6682c6", "tags": [ @@ -2643,12 +2545,110 @@ ], "type": "uses" }, + { + "dest-uuid": "54e8672d-5338-4ad1-954a-a7c986bee530", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "56f46b17-8cfa-46c0-b501-dd52fef394e2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "9755ecdc-deb0-40e6-af49-713cb0f8ed92", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b07c2c47-fefb-4d7c-a69e-6a3296171f54", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3714d59-b61e-4713-903a-9b4f04ae7f3d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8", @@ -2668,63 +2668,7 @@ }, "related": [ { - "dest-uuid": "ffeb0780-356e-4261-b036-cfb6bd234335", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cd25c1b4-935c-4f0e-ba8d-552f28bc4783", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2738,7 +2682,7 @@ "type": "uses" }, { - "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", + "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2752,56 +2696,7 @@ "type": "uses" }, { - "dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2814,6 +2709,55 @@ ], "type": "uses" }, + { + "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ @@ -2822,7 +2766,63 @@ "type": "uses" }, { - "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", + "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cd25c1b4-935c-4f0e-ba8d-552f28bc4783", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ffeb0780-356e-4261-b036-cfb6bd234335", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2839,8 +2839,8 @@ "refs": [ "https://attack.mitre.org/groups/G0081", "https://blog.trendmicro.com/trendlabs-security-intelligence/tropic-trooper-new-strategy/", - "https://researchcenter.paloaltonetworks.com/2016/11/unit42-tropic-trooper-targets-taiwanese-government-and-fossil-fuel-provider-with-poison-ivy/", "https://documents.trendmicro.com/assets/Tech-Brief-Tropic-Trooper-s-Back-USBferry-Attack-Targets-Air-gapped-Environments.pdf", + "https://researchcenter.paloaltonetworks.com/2016/11/unit42-tropic-trooper-targets-taiwanese-government-and-fossil-fuel-provider-with-poison-ivy/", "https://www.crowdstrike.com/blog/on-demand-webcast-crowdstrike-experts-on-covid-19-cybersecurity-challenges-and-recommendations/" ], "synonyms": [ @@ -2850,69 +2850,6 @@ ] }, "related": [ - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "75bba379-4ba1-467e-8c60-ec2b269ee984", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b42378e0-f147-496f-992a-26a49705395b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6836813e-8ec8-4375-b459-abb388cb1a35", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "64764dc6-a032-495f-8250-1e4c06bdc163", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ @@ -2920,125 +2857,6 @@ ], "type": "uses" }, - { - "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "fdc47f44-dd32-4b99-af5f-209f556f63c2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cb444a16-3ea5-4a91-88c6-f329adcb8af3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5dd649c0-bca4-488b-bd85-b180474ec62e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ @@ -3047,77 +2865,7 @@ "type": "uses" }, { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ec9e00dd-0313-4d5b-8105-c20aa47abffc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b8902400-e6c5-4ba2-95aa-2d35b442b118", + "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -3131,14 +2879,56 @@ "type": "uses" }, { - "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "a3e1e6c5-9c74-4fc0-a16c-a9d228c17829", + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -3151,6 +2941,160 @@ ], "type": "uses" }, + { + "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5dd649c0-bca4-488b-bd85-b180474ec62e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "64764dc6-a032-495f-8250-1e4c06bdc163", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6836813e-8ec8-4375-b459-abb388cb1a35", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "75bba379-4ba1-467e-8c60-ec2b269ee984", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a3e1e6c5-9c74-4fc0-a16c-a9d228c17829", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b42378e0-f147-496f-992a-26a49705395b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b8902400-e6c5-4ba2-95aa-2d35b442b118", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cb444a16-3ea5-4a91-88c6-f329adcb8af3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534", "tags": [ @@ -3158,12 +3102,68 @@ ], "type": "uses" }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ec9e00dd-0313-4d5b-8105-c20aa47abffc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "fdc47f44-dd32-4b99-af5f-209f556f63c2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "56319646-eb6e-41fc-ae53-aadfa7adb924", @@ -3174,14 +3174,14 @@ "meta": { "external_id": "G0032", "refs": [ + "https://adversary.crowdstrike.com/en-US/adversary/labyrinth-chollima/", "https://attack.mitre.org/groups/G0032", - "https://www.us-cert.gov/ncas/alerts/TA17-164A", + "https://blogs.microsoft.com/on-the-issues/2017/12/19/microsoft-facebook-disrupt-zinc-malware-attack-protect-customers-internet-ongoing-cyberthreats/", "https://home.treasury.gov/news/press-releases/sm774", "https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf", - "https://adversary.crowdstrike.com/en-US/adversary/labyrinth-chollima/", - "https://www.us-cert.gov/ncas/analysis-reports/AR19-100A", - "https://blogs.microsoft.com/on-the-issues/2017/12/19/microsoft-facebook-disrupt-zinc-malware-attack-protect-customers-internet-ongoing-cyberthreats/", - "https://www.secureworks.com/about/press/media-alert-secureworks-discovers-north-korean-cyber-threat-group-lazarus-spearphishing" + "https://www.secureworks.com/about/press/media-alert-secureworks-discovers-north-korean-cyber-threat-group-lazarus-spearphishing", + "https://www.us-cert.gov/ncas/alerts/TA17-164A", + "https://www.us-cert.gov/ncas/analysis-reports/AR19-100A" ], "synonyms": [ "Lazarus Group", @@ -3193,230 +3193,6 @@ ] }, "related": [ - { - "dest-uuid": "68391641-859f-4a9a-9a1e-3e5cf71ec376", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "506f6f49-7045-4156-9007-7474cb44ad6d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "457c7820-d331-465a-915e-42f85500ccc4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9dbdadb6-fdbf-490f-a35f-38762d06a0d2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "fb640c43-aa6b-431e-a961-a279010424ac", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7f4bbe05-1674-4087-8a16-8f1ad61b6152", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "aad11e34-02ca-4220-91cd-2ed420af4db3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ff73aa03-0090-4464-83ac-f89e233c02bc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e196b5c5-8118-4a1c-ab8a-936586ce3db5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "01dbc71d-0ee8-420d-abb4-3dfb6a4bf725", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3aef9463-9a7a-43ba-8957-a867e07c1e6a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a4657bc9-d22f-47d2-a7b7-dd6ec33f3dde", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f9cc4d06-775f-4ee1-b401-4e2cc0da30ba", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ @@ -3424,132 +3200,6 @@ ], "type": "uses" }, - { - "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c11ac61d-50f4-444f-85d8-6f006067f0de", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bd0536d7-b081-43ae-a773-cfb057c5b988", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "069af411-9b24-4e85-b26c-623d035bbe84", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "69f897fd-12a9-4c89-ad6a-46d2f3c38262", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e2d34c63-6f5a-41f5-86a2-e2380f27f858", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ @@ -3558,448 +3208,7 @@ "type": "uses" }, { - "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "677569f9-a8b0-459e-ab24-7f18091fa7bf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "19401639-28d0-4c3c-adcc-bc2ba22f6421", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "650c784b-7504-4df7-ab2c-4ea882384d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bbe5b322-e2af-4a5e-9625-a4e62bf84ed3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ee16395-03f0-4690-a32e-69ce9ada0f9e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e7cbc1de-1f79-48ee-abfd-da1241c65a15", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65013dd2-bc61-43e3-afb5-a14c4fa7437a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f6ad61ee-65f3-4bd0-a3f5-2f0accb36317", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e928333f-f3df-4039-9b8b-556c2add0e42", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "99709758-2b96-48f2-a68a-ad7fbd828091", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ffbdc1f-d2bf-41ab-91a2-c7b857e98079", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "fece06b7-d4b1-42cf-b81a-5323c917546e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "84e02621-8fdf-470f-bd58-993bb6a89d91", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3aa169f8-bbf6-44bb-b57d-7f6ada5c2128", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0715560d-4299-4e84-9e20-6e80ab57e4f2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3b0e52ce-517a-4614-a523-1bd5deef6c5e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "11e36d5b-6a92-4bf9-8eb7-85eb24f59e22", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "16040b1c-ed28-4850-9d8f-bb8b81c42092", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "212306d8-efa4-44c9-8c2d-ed3d2e224aa0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4933e63b-9b77-476e-ab29-761bc5b7d15a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "60c4b628-4807-4b0b-bbf5-fdac8643c337", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1f6e3702-7ca1-4582-b2e7-4591297d05a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "937e4772-8441-4e4a-8bf0-8d447d667e23", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9b325b06-35a1-457d-be46-a4ecc0b7ff0c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ebbe170d-aa74-4946-8511-9921243415a3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1b7b1806-7746-41a1-a35d-e48dae25ddba", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "41868330-6ee2-4d0f-b743-9f2294c3c9b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24b4ce59-eaac-4c8b-8634-9b093b7ccd92", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "454fe82d-6fd2-4ac6-91ab-28a33fe01369", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a04d9a4c-bb52-40bf-98ec-e350c2d6a862", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5a63f900-5e7e-4928-a746-dd4558e1df71", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "01dbc71d-0ee8-420d-abb4-3dfb6a4bf725", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4013,42 +3222,35 @@ "type": "uses" }, { - "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", + "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "c1b68a96-3c48-49ea-a6c0-9b27359f9c19", + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", + "dest-uuid": "069af411-9b24-4e85-b26c-623d035bbe84", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", + "dest-uuid": "0715560d-4299-4e84-9e20-6e80ab57e4f2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4061,6 +3263,104 @@ ], "type": "uses" }, + { + "dest-uuid": "11e36d5b-6a92-4bf9-8eb7-85eb24f59e22", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "16040b1c-ed28-4850-9d8f-bb8b81c42092", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "19401639-28d0-4c3c-adcc-bc2ba22f6421", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1b7b1806-7746-41a1-a35d-e48dae25ddba", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1f6e3702-7ca1-4582-b2e7-4591297d05a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "212306d8-efa4-44c9-8c2d-ed3d2e224aa0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "24b4ce59-eaac-4c8b-8634-9b093b7ccd92", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ @@ -4069,14 +3369,147 @@ "type": "uses" }, { - "dest-uuid": "f8774023-8021-4ece-9aca-383ac89d2759", + "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3aa169f8-bbf6-44bb-b57d-7f6ada5c2128", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3aef9463-9a7a-43ba-8957-a867e07c1e6a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3b0e52ce-517a-4614-a523-1bd5deef6c5e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ee16395-03f0-4690-a32e-69ce9ada0f9e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ffbdc1f-d2bf-41ab-91a2-c7b857e98079", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "41868330-6ee2-4d0f-b743-9f2294c3c9b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "454fe82d-6fd2-4ac6-91ab-28a33fe01369", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "457c7820-d331-465a-915e-42f85500ccc4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4933e63b-9b77-476e-ab29-761bc5b7d15a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4090,28 +3523,126 @@ "type": "uses" }, { - "dest-uuid": "9e7452df-5144-4b6e-b04a-b66dd4016747", + "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", + "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27", + "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "b1ccd744-3f78-4a0e-9bb2-2002057f7928", + "dest-uuid": "506f6f49-7045-4156-9007-7474cb44ad6d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5a63f900-5e7e-4928-a746-dd4558e1df71", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "60c4b628-4807-4b0b-bbf5-fdac8643c337", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "65013dd2-bc61-43e3-afb5-a14c4fa7437a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "650c784b-7504-4df7-ab2c-4ea882384d1e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "677569f9-a8b0-459e-ab24-7f18091fa7bf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "68391641-859f-4a9a-9a1e-3e5cf71ec376", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "69f897fd-12a9-4c89-ad6a-46d2f3c38262", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4125,21 +3656,49 @@ "type": "uses" }, { - "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "a1dd2dbd-1550-44bf-abcc-1a4c52e97719", + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "c325b232-d5bc-4dde-a3ec-71f3db9e8adc", + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7f4bbe05-1674-4087-8a16-8f1ad61b6152", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "84e02621-8fdf-470f-bd58-993bb6a89d91", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4153,7 +3712,21 @@ "type": "uses" }, { - "dest-uuid": "cc723aff-ec88-40e3-a224-5af9fd983cc4", + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "937e4772-8441-4e4a-8bf0-8d447d667e23", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4165,6 +3738,433 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "99709758-2b96-48f2-a68a-ad7fbd828091", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9b325b06-35a1-457d-be46-a4ecc0b7ff0c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9dbdadb6-fdbf-490f-a35f-38762d06a0d2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9e7452df-5144-4b6e-b04a-b66dd4016747", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a04d9a4c-bb52-40bf-98ec-e350c2d6a862", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a1dd2dbd-1550-44bf-abcc-1a4c52e97719", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a4657bc9-d22f-47d2-a7b7-dd6ec33f3dde", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "aad11e34-02ca-4220-91cd-2ed420af4db3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b1ccd744-3f78-4a0e-9bb2-2002057f7928", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bbe5b322-e2af-4a5e-9625-a4e62bf84ed3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bd0536d7-b081-43ae-a773-cfb057c5b988", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c11ac61d-50f4-444f-85d8-6f006067f0de", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c1b68a96-3c48-49ea-a6c0-9b27359f9c19", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c325b232-d5bc-4dde-a3ec-71f3db9e8adc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cc723aff-ec88-40e3-a224-5af9fd983cc4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e196b5c5-8118-4a1c-ab8a-936586ce3db5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e2d34c63-6f5a-41f5-86a2-e2380f27f858", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e7cbc1de-1f79-48ee-abfd-da1241c65a15", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e928333f-f3df-4039-9b8b-556c2add0e42", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ebbe170d-aa74-4946-8511-9921243415a3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f6ad61ee-65f3-4bd0-a3f5-2f0accb36317", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f8774023-8021-4ece-9aca-383ac89d2759", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f9cc4d06-775f-4ee1-b401-4e2cc0da30ba", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "fb640c43-aa6b-431e-a961-a279010424ac", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "fece06b7-d4b1-42cf-b81a-5323c917546e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ff73aa03-0090-4464-83ac-f89e233c02bc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "c93fccb1-e8e8-42cf-ae33-2ad1d183913a", @@ -4175,9 +4175,9 @@ "meta": { "external_id": "G0024", "refs": [ - "https://attack.mitre.org/groups/G0024", + "http://blog.cylance.com/puttering-into-the-future", "http://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf", - "http://blog.cylance.com/puttering-into-the-future" + "https://attack.mitre.org/groups/G0024" ], "synonyms": [ "Putter Panda", @@ -4194,14 +4194,14 @@ "type": "similar" }, { - "dest-uuid": "800bdfba-6d66-480f-9f45-15845c05cb5d", + "dest-uuid": "7bec698a-7e20-4fd3-bb6a-12787770fb1a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "800bdfba-6d66-480f-9f45-15845c05cb5d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4214,20 +4214,6 @@ ], "type": "uses" }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ @@ -4236,7 +4222,14 @@ "type": "uses" }, { - "dest-uuid": "7bec698a-7e20-4fd3-bb6a-12787770fb1a", + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4248,6 +4241,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "5ce5392a-3a6c-4e07-9df3-9b6a9159ac45", @@ -4258,8 +4258,8 @@ "meta": { "external_id": "G0029", "refs": [ - "https://attack.mitre.org/groups/G0029", - "http://researchcenter.paloaltonetworks.com/2016/01/scarlet-mimic-years-long-espionage-targets-minority-activists/" + "http://researchcenter.paloaltonetworks.com/2016/01/scarlet-mimic-years-long-espionage-targets-minority-activists/", + "https://attack.mitre.org/groups/G0029" ], "synonyms": [ "Scarlet Mimic" @@ -4273,20 +4273,6 @@ ], "type": "similar" }, - { - "dest-uuid": "dfb5fa9b-3051-4b97-8035-08f80aef945b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bb3c1098-d654-4620-bf40-694386d28921", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "463f68f1-5cde-4dc2-a831-68b73488f8f4", "tags": [ @@ -4301,12 +4287,26 @@ ], "type": "uses" }, + { + "dest-uuid": "bb3c1098-d654-4620-bf40-694386d28921", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "cb7bcf6f-085f-41db-81ee-4b68481661b5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "dfb5fa9b-3051-4b97-8035-08f80aef945b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "c5574ca0-d5a4-490a-b207-e4658e5fd1d7", @@ -4326,11 +4326,18 @@ }, "related": [ { - "dest-uuid": "5fc09923-fcff-4e81-9cae-4518ef31cf4d", + "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", "tags": [ - "estimative-language:likelihood-probability=\"likely\"" + "estimative-language:likelihood-probability=\"almost-certain\"" ], - "type": "similar" + "type": "uses" + }, + { + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" }, { "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", @@ -4339,20 +4346,6 @@ ], "type": "uses" }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", "tags": [ @@ -4361,12 +4354,19 @@ "type": "uses" }, { - "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, + { + "dest-uuid": "5fc09923-fcff-4e81-9cae-4518ef31cf4d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "tags": [ @@ -4375,14 +4375,14 @@ "type": "uses" }, { - "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4397,17 +4397,17 @@ "meta": { "external_id": "G0034", "refs": [ - "https://attack.mitre.org/groups/G0034", - "https://www.justice.gov/opa/press-release/file/1328521/download", - "https://www.gov.uk/government/news/uk-exposes-series-of-russian-cyber-attacks-against-olympic-and-paralympic-games", - "https://www.fireeye.com/blog/threat-research/2016/01/ukraine-and-sandworm-team.html", - "https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-january-voodoo-bear/", "https://2017-2021.state.gov/the-united-states-condemns-russian-cyber-attack-against-the-country-of-georgia//index.html", - "https://www.ncsc.gov.uk/news/ncsc-supports-sandworm-advisory", - "https://www.justice.gov/opa/page/file/1098481/download", + "https://attack.mitre.org/groups/G0034", "https://blog-assets.f-secure.com/wp-content/uploads/2019/10/15163408/BlackEnergy_Quedagh.pdf", - "https://www.infosecurity-magazine.com/news/microsoft-zero-day-traced-russian/", + "https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-january-voodoo-bear/", "https://www.dragos.com/resource/electrum/", + "https://www.fireeye.com/blog/threat-research/2016/01/ukraine-and-sandworm-team.html", + "https://www.gov.uk/government/news/uk-exposes-series-of-russian-cyber-attacks-against-olympic-and-paralympic-games", + "https://www.infosecurity-magazine.com/news/microsoft-zero-day-traced-russian/", + "https://www.justice.gov/opa/page/file/1098481/download", + "https://www.justice.gov/opa/press-release/file/1328521/download", + "https://www.ncsc.gov.uk/news/ncsc-supports-sandworm-advisory", "https://www.secureworks.com/research/threat-profiles/iron-viking" ], "synonyms": [ @@ -4421,83 +4421,6 @@ ] }, "related": [ - { - "dest-uuid": "f512de42-f76b-40d2-9923-59e7dbdfec35", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "b47250ec-2094-4d06-b658-11456e05fe89", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "feac86e4-6bb2-4ba0-ac99-806aeb0a776c", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "76551c52-b111-4884-bc47-ff3e728f0156", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e221eb77-1502-4129-af1d-fe1ad55e7ec6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "810d8072-afb6-4a56-9ee7-86379ac4a6f3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4eb28bed-d11a-4641-9863-c2ac017d910a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "baf60e1a-afe5-4d31-830f-1b1ba2351884", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ @@ -4506,168 +4429,91 @@ "type": "uses" }, { - "dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529", + "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "f9e9365a-9ca2-4d9c-8e7c-050d73d1101a", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", + "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27", + "dest-uuid": "051eaca1-958f-4091-9e5f-a9acd8f820b5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "dest-uuid": "0af0ca99-357d-4ba1-805f-674fdfb7bef9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "dest-uuid": "0cfe31a7-81fc-472c-bc45-e2808d1066a3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "11194d8b-fdce-45d2-8047-df15bb8f16bd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "dest-uuid": "16cdd21f-da65-4e4f-bc04-dd7d198c7b26", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e01be9c5-e763-4caf-aeb7-000b416aef67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3249e92a-870b-426d-8790-ba311c1abfb4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a0e6614a-7740-4b24-bd65-f1bde09fc365", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "308b3d68-a084-4dfb-885a-3125e1a9c1e8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4800d0f9-00aa-47cd-a4d2-92198585b8fd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b1ccd744-3f78-4a0e-9bb2-2002057f7928", + "dest-uuid": "212306d8-efa4-44c9-8c2d-ed3d2e224aa0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4681,7 +4527,63 @@ "type": "uses" }, { - "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2b5aa86b-a0df-4382-848d-30abea443327", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2d3f5b3c-54ca-4f4d-bb1f-849346d31230", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2eaa5319-5e1e-4dd7-bbc4-566fced3964a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "308b3d68-a084-4dfb-885a-3125e1a9c1e8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3249e92a-870b-426d-8790-ba311c1abfb4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4694,6 +4596,104 @@ ], "type": "uses" }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4800d0f9-00aa-47cd-a4d2-92198585b8fd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4bc31b94-045b-4752-8920-aebaebdb6470", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4eb28bed-d11a-4641-9863-c2ac017d910a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5719af9d-6b16-46f9-9b28-fb019541ddbb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "60c4b628-4807-4b0b-bbf5-fdac8643c337", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "65013dd2-bc61-43e3-afb5-a14c4fa7437a", "tags": [ @@ -4702,7 +4702,210 @@ "type": "uses" }, { - "dest-uuid": "2d3f5b3c-54ca-4f4d-bb1f-849346d31230", + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "69f897fd-12a9-4c89-ad6a-46d2f3c38262", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6ee2dc99-91ad-4534-a7d8-a649358c331f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7610cada-1499-41a4-b3dd-46467b68d177", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "76551c52-b111-4884-bc47-ff3e728f0156", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "810d8072-afb6-4a56-9ee7-86379ac4a6f3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9fa07bef-9c81-421e-a8e5-ad4366c5a925", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a0d774e4-bafc-4292-8651-3ec899391341", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a0e6614a-7740-4b24-bd65-f1bde09fc365", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b1ccd744-3f78-4a0e-9bb2-2002057f7928", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b350b47f-88fe-4921-8538-6d9c59bac84e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b47250ec-2094-4d06-b658-11456e05fe89", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "b52d6583-14a2-4ddc-8527-87fd2142558f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "baf60e1a-afe5-4d31-830f-1b1ba2351884", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bd369cd9-abb8-41ce-b5bb-fff23ee86c00", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4723,98 +4926,7 @@ "type": "uses" }, { - "dest-uuid": "7610cada-1499-41a4-b3dd-46467b68d177", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "212306d8-efa4-44c9-8c2d-ed3d2e224aa0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "11194d8b-fdce-45d2-8047-df15bb8f16bd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3b168bd-fcd7-439e-9382-2e6c2f63514d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6ee2dc99-91ad-4534-a7d8-a649358c331f", + "dest-uuid": "c675646d-e204-4aa8-978d-e3d6d65885c4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4828,42 +4940,7 @@ "type": "uses" }, { - "dest-uuid": "69f897fd-12a9-4c89-ad6a-46d2f3c38262", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9fa07bef-9c81-421e-a8e5-ad4366c5a925", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b350b47f-88fe-4921-8538-6d9c59bac84e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5719af9d-6b16-46f9-9b28-fb019541ddbb", + "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4877,133 +4954,35 @@ "type": "uses" }, { - "dest-uuid": "0cfe31a7-81fc-472c-bc45-e2808d1066a3", + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "60c4b628-4807-4b0b-bbf5-fdac8643c337", + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "0af0ca99-357d-4ba1-805f-674fdfb7bef9", + "dest-uuid": "e01be9c5-e763-4caf-aeb7-000b416aef67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2eaa5319-5e1e-4dd7-bbc4-566fced3964a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bd369cd9-abb8-41ce-b5bb-fff23ee86c00", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b52d6583-14a2-4ddc-8527-87fd2142558f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "051eaca1-958f-4091-9e5f-a9acd8f820b5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c675646d-e204-4aa8-978d-e3d6d65885c4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "16cdd21f-da65-4e4f-bc04-dd7d198c7b26", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e401d4fe-f0c9-44f0-98e6-f93487678808", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", + "dest-uuid": "e221eb77-1502-4129-af1d-fe1ad55e7ec6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5017,35 +4996,56 @@ "type": "uses" }, { - "dest-uuid": "4bc31b94-045b-4752-8920-aebaebdb6470", + "dest-uuid": "e3b168bd-fcd7-439e-9382-2e6c2f63514d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", + "dest-uuid": "e401d4fe-f0c9-44f0-98e6-f93487678808", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "2b5aa86b-a0df-4382-848d-30abea443327", + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "a0d774e4-bafc-4292-8651-3ec899391341", + "dest-uuid": "f512de42-f76b-40d2-9923-59e7dbdfec35", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f9e9365a-9ca2-4d9c-8e7c-050d73d1101a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "feac86e4-6bb2-4ba0-ac99-806aeb0a776c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5069,11 +5069,25 @@ }, "related": [ { - "dest-uuid": "dab75e38-6969-4e78-9304-dc269c3cbcf0", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ - "estimative-language:likelihood-probability=\"likely\"" + "estimative-language:likelihood-probability=\"almost-certain\"" ], - "type": "similar" + "type": "uses" + }, + { + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" }, { "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", @@ -5082,20 +5096,6 @@ ], "type": "uses" }, - { - "dest-uuid": "d336b553-5da9-46ca-98a8-0b23f49fb447", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ @@ -5104,7 +5104,14 @@ "type": "uses" }, { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5124,34 +5131,6 @@ ], "type": "uses" }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", "tags": [ @@ -5159,20 +5138,6 @@ ], "type": "uses" }, - { - "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ @@ -5186,6 +5151,41 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d336b553-5da9-46ca-98a8-0b23f49fb447", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dab75e38-6969-4e78-9304-dc269c3cbcf0", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "894aab42-3371-47b1-8859-a4a074c804c8", @@ -5196,12 +5196,12 @@ "meta": { "external_id": "G0044", "refs": [ - "https://attack.mitre.org/groups/G0044", + "http://www.novetta.com/wp-content/uploads/2015/04/novetta_winntianalysis.pdf", "http://www.symantec.com/connect/blogs/suckfly-revealing-secret-life-your-code-signing-certificates", "https://401trg.github.io/pages/burning-umbrella.html", - "https://securelist.com/winnti-more-than-just-a-game/37029/", - "http://www.novetta.com/wp-content/uploads/2015/04/novetta_winntianalysis.pdf", - "https://securelist.com/games-are-over/70991/" + "https://attack.mitre.org/groups/G0044", + "https://securelist.com/games-are-over/70991/", + "https://securelist.com/winnti-more-than-just-a-game/37029/" ], "synonyms": [ "Winnti Group", @@ -5210,11 +5210,11 @@ }, "related": [ { - "dest-uuid": "99e30d89-9361-4b73-a999-9e5ff9320bcb", + "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", "tags": [ - "estimative-language:likelihood-probability=\"likely\"" + "estimative-language:likelihood-probability=\"almost-certain\"" ], - "type": "similar" + "type": "uses" }, { "dest-uuid": "24110866-cb22-4c85-a7d2-0413e126694b", @@ -5224,21 +5224,14 @@ "type": "similar" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d3afa961-a80c-4043-9509-282cdf69ab21", + "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5252,14 +5245,7 @@ "type": "uses" }, { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5273,14 +5259,28 @@ "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", + "dest-uuid": "99e30d89-9361-4b73-a999-9e5ff9320bcb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "d3afa961-a80c-4043-9509-282cdf69ab21", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5296,14 +5296,14 @@ "external_id": "G0047", "refs": [ "https://attack.mitre.org/groups/G0047", - "https://www.welivesecurity.com/2020/06/11/gamaredon-group-grows-its-game/", "https://blog.trendmicro.com/trendlabs-security-intelligence/gamaredon-apt-group-use-covid-19-lure-in-campaigns/", "https://researchcenter.paloaltonetworks.com/2017/02/unit-42-title-gamaredon-group-toolset-evolution/", + "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine", + "https://unit42.paloaltonetworks.com/gamaredon-primitive-bear-ukraine-update-2021/", + "https://www.bleepingcomputer.com/news/security/ukraine-links-members-of-gamaredon-hacker-group-to-russian-fsb/", "https://www.microsoft.com/security/blog/2022/02/04/actinium-targets-ukrainian-organizations/", "https://www.secureworks.com/research/threat-profiles/iron-tilden", - "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine", - "https://www.bleepingcomputer.com/news/security/ukraine-links-members-of-gamaredon-hacker-group-to-russian-fsb/", - "https://unit42.paloaltonetworks.com/gamaredon-primitive-bear-ukraine-update-2021/" + "https://www.welivesecurity.com/2020/06/11/gamaredon-group-grows-its-game/" ], "synonyms": [ "Gamaredon Group", @@ -5316,27 +5316,6 @@ ] }, "related": [ - { - "dest-uuid": "1a77e156-76bc-43f5-bdd7-bd67f30fbbbb", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ @@ -5344,27 +5323,6 @@ ], "type": "uses" }, - { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "01327cde-66c4-4123-bf34-5f258d59457b", "tags": [ @@ -5373,42 +5331,14 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "5f9f7648-04ba-4a9f-bb4c-2a13e74572bd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ae676644-d2d2-41b7-af7e-9bed1b55898c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5422,77 +5352,14 @@ "type": "uses" }, { - "dest-uuid": "b77b563c-34bb-4fb8-86a3-3694338f7b47", + "dest-uuid": "03eb4a05-6a02-43f6-afb7-3c7835501828", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "9e7452df-5144-4b6e-b04a-b66dd4016747", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8c41090b-aa47-4331-986b-8c9a51a91103", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bd9c723-2f78-4309-82c5-47cad406572b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", + "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5506,63 +5373,21 @@ "type": "uses" }, { - "dest-uuid": "2c4d4e92-0ccf-4a97-b54c-86d662988a53", + "dest-uuid": "1a77e156-76bc-43f5-bdd7-bd67f30fbbbb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c726e0a2-a57a-4b7b-a973-d0f013246617", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d52291b4-bb23-45a8-aef0-3dc7e986ba15", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03eb4a05-6a02-43f6-afb7-3c7835501828", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5583,77 +5408,14 @@ "type": "uses" }, { - "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", + "dest-uuid": "2c4d4e92-0ccf-4a97-b54c-86d662988a53", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ee16395-03f0-4690-a32e-69ce9ada0f9e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5666,6 +5428,237 @@ ], "type": "uses" }, + { + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ee16395-03f0-4690-a32e-69ce9ada0f9e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5f9f7648-04ba-4a9f-bb4c-2a13e74572bd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bd9c723-2f78-4309-82c5-47cad406572b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8c41090b-aa47-4331-986b-8c9a51a91103", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9e7452df-5144-4b6e-b04a-b66dd4016747", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ae676644-d2d2-41b7-af7e-9bed1b55898c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b77b563c-34bb-4fb8-86a3-3694338f7b47", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c726e0a2-a57a-4b7b-a973-d0f013246617", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d52291b4-bb23-45a8-aef0-3dc7e986ba15", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ @@ -5674,7 +5667,14 @@ "type": "uses" }, { - "dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec", + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5689,22 +5689,22 @@ "meta": { "external_id": "G0059", "refs": [ + "http://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf", "https://attack.mitre.org/groups/G0059", + "https://blog.certfa.com/posts/charming-kitten-christmas-gift/", "https://blogs.microsoft.com/on-the-issues/2019/03/27/new-steps-to-protect-customers-from-hacking/", "https://blogs.microsoft.com/on-the-issues/2020/10/28/cyberattacks-phosphorus-t20-munich-security-conference/", - "https://blog.certfa.com/posts/charming-kitten-christmas-gift/", + "https://noticeofpleadings.com/phosphorus/files/Complaint.pdf", "https://research.checkpoint.com/2022/apt35-exploits-log4j-vulnerability-to-distribute-new-modular-powershell-toolkit/", - "http://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf", + "https://researchcenter.paloaltonetworks.com/2017/02/unit42-magic-hound-campaign-attacks-saudi-targets/", + "https://securityintelligence.com/posts/new-research-exposes-iranian-threat-group-operations/", "https://www.clearskysec.com/wp-content/uploads/2019/10/The-Kittens-Are-Back-in-Town-2-1.pdf", "https://www.clearskysec.com/wp-content/uploads/2020/08/The-Kittens-are-Back-in-Town-3.pdf", "https://www.eweek.com/security/newscaster-threat-uses-social-media-for-intelligence-gathering", - "https://researchcenter.paloaltonetworks.com/2017/02/unit42-magic-hound-campaign-attacks-saudi-targets/", "https://www.fireeye.com/content/dam/collateral/en/mtrends-2018.pdf", - "https://www.proofpoint.com/us/blog/threat-insight/operation-spoofedscholars-conversation-ta453", "https://www.proofpoint.com/us/blog/threat-insight/badblood-ta453-targets-us-and-israeli-medical-research-personnel-credential", - "https://www.secureworks.com/research/threat-profiles/cobalt-illusion", - "https://noticeofpleadings.com/phosphorus/files/Complaint.pdf", - "https://securityintelligence.com/posts/new-research-exposes-iranian-threat-group-operations/" + "https://www.proofpoint.com/us/blog/threat-insight/operation-spoofedscholars-conversation-ta453", + "https://www.secureworks.com/research/threat-profiles/cobalt-illusion" ], "synonyms": [ "Magic Hound", @@ -5719,63 +5719,7 @@ }, "related": [ { - "dest-uuid": "ba724df5-9aa0-45ca-8e0e-7101c208ae48", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "f98bac6b-12fd-4cad-be84-c84666932232", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "f873db71-3d53-41d5-b141-530675ade27a", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "86724806-7ec9-4a48-a0a7-ecbde3bf4810", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "42be2a84-5a5c-4c6d-9864-3f09d75bb0ba", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "d56c99fa-4710-472c-81a6-41b7a84ea4be", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "a0082cfa-32e2-42b8-92d8-5c7a7409dcf1", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5789,42 +5733,7 @@ "type": "uses" }, { - "dest-uuid": "7acb15b6-fe2c-4319-b136-6ab36ff0b2d4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2d3f5b3c-54ca-4f4d-bb1f-849346d31230", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65013dd2-bc61-43e3-afb5-a14c4fa7437a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5837,125 +5746,6 @@ ], "type": "uses" }, - { - "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bc76d0a4-db11-4551-9ac4-01a469cfb161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5282dd9a-d26d-4e16-88b7-7c0f4553daf4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f9cc4d06-775f-4ee1-b401-4e2cc0da30ba", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "69f897fd-12a9-4c89-ad6a-46d2f3c38262", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b1ccd744-3f78-4a0e-9bb2-2002057f7928", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1608f3e1-598a-42f4-a01a-2e252e81728f", "tags": [ @@ -5963,20 +5753,6 @@ ], "type": "uses" }, - { - "dest-uuid": "5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1e9eb839-294b-48cc-b0d3-c45555a2a004", "tags": [ @@ -5985,49 +5761,21 @@ "type": "uses" }, { - "dest-uuid": "f6ad61ee-65f3-4bd0-a3f5-2f0accb36317", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b", + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cb69b20d-56d0-41ab-8440-4a4b251614d4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", + "dest-uuid": "2d3f5b3c-54ca-4f4d-bb1f-849346d31230", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6040,6 +5788,118 @@ ], "type": "uses" }, + { + "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "42be2a84-5a5c-4c6d-9864-3f09d75bb0ba", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "5282dd9a-d26d-4e16-88b7-7c0f4553daf4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "65013dd2-bc61-43e3-afb5-a14c4fa7437a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "69f897fd-12a9-4c89-ad6a-46d2f3c38262", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7acb15b6-fe2c-4319-b136-6ab36ff0b2d4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "86724806-7ec9-4a48-a0a7-ecbde3bf4810", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ @@ -6047,27 +5907,6 @@ ], "type": "uses" }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ @@ -6076,14 +5915,84 @@ "type": "uses" }, { - "dest-uuid": "e48df773-7c95-4a4c-ba70-ea3d15900148", + "dest-uuid": "a0082cfa-32e2-42b8-92d8-5c7a7409dcf1", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e74de37c-a829-446c-937d-56a44f0e9306", + "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b1ccd744-3f78-4a0e-9bb2-2002057f7928", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ba724df5-9aa0-45ca-8e0e-7101c208ae48", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "bc76d0a4-db11-4551-9ac4-01a469cfb161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cb69b20d-56d0-41ab-8440-4a4b251614d4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6097,14 +6006,105 @@ "type": "uses" }, { - "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", + "dest-uuid": "d56c99fa-4710-472c-81a6-41b7a84ea4be", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", + "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e48df773-7c95-4a4c-ba70-ea3d15900148", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e74de37c-a829-446c-937d-56a44f0e9306", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f6ad61ee-65f3-4bd0-a3f5-2f0accb36317", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f873db71-3d53-41d5-b141-530675ade27a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f98bac6b-12fd-4cad-be84-c84666932232", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f9cc4d06-775f-4ee1-b401-4e2cc0da30ba", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6119,8 +6119,8 @@ "meta": { "external_id": "G0086", "refs": [ - "https://attack.mitre.org/groups/G0086", - "https://asert.arbornetworks.com/stolen-pencil-campaign-targets-academia/" + "https://asert.arbornetworks.com/stolen-pencil-campaign-targets-academia/", + "https://attack.mitre.org/groups/G0086" ], "synonyms": [ "Stolen Pencil" @@ -6135,42 +6135,14 @@ "type": "uses" }, { - "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", + "dest-uuid": "0ec2f388-bf0f-4b5c-97b1-fc736d26c25f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], - "type": "uses" + "type": "revoked-by" }, { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "389735f1-f21c-4208-b8f0-f8031e7169b8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6184,7 +6156,35 @@ "type": "uses" }, { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "dest-uuid": "389735f1-f21c-4208-b8f0-f8031e7169b8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6205,11 +6205,11 @@ "type": "uses" }, { - "dest-uuid": "0ec2f388-bf0f-4b5c-97b1-fc736d26c25f", + "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], - "type": "revoked-by" + "type": "uses" } ], "uuid": "7a0d4c09-dfe7-4fa2-965a-1a0e42fedd70", @@ -6242,20 +6242,6 @@ ], "type": "uses" }, - { - "dest-uuid": "da04ac30-27da-4959-a67d-450ce47d9470", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "tags": [ @@ -6264,7 +6250,28 @@ "type": "uses" }, { - "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7cd0bc75-055b-4098-a00e-83dc8beaff14", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6285,7 +6292,21 @@ "type": "uses" }, { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6306,56 +6327,7 @@ "type": "uses" }, { - "dest-uuid": "d906e6f7-434c-44c0-b51a-ed50af8f7945", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7cd0bc75-055b-4098-a00e-83dc8beaff14", + "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6368,6 +6340,34 @@ ], "type": "uses" }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d906e6f7-434c-44c0-b51a-ed50af8f7945", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "da04ac30-27da-4959-a67d-450ce47d9470", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ @@ -6422,16 +6422,16 @@ "meta": { "external_id": "G0131", "refs": [ - "https://attack.mitre.org/groups/G0131", - "https://securelist.com/cactuspete-apt-groups-updated-bisonal-backdoor/97962/", - "https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/", - "https://www.fireeye.com/content/dam/fireeye-www/summit/cds-2019/presentations/cds19-executive-s08-achievement-unlocked.pdf", "https://arstechnica.com/information-technology/2017/04/researchers-claim-china-trying-to-hack-south-korea-missile-defense-efforts/", - "https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp_the-heartbeat-apt-campaign.pdf?", + "https://attack.mitre.org/groups/G0131", "https://blog.talosintelligence.com/2020/03/bisonal-10-years-of-play.html", + "https://securelist.com/cactuspete-apt-groups-updated-bisonal-backdoor/97962/", "https://vb2020.vblocalhost.com/uploads/VB2020-06.pdf", + "https://www.crowdstrike.com/blog/adversaries-targeting-the-manufacturing-industry/", + "https://www.fireeye.com/content/dam/fireeye-www/summit/cds-2019/presentations/cds19-executive-s08-achievement-unlocked.pdf", "https://www.secureworks.com/research/threat-profiles/bronze-huntley", - "https://www.crowdstrike.com/blog/adversaries-targeting-the-manufacturing-industry/" + "https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp_the-heartbeat-apt-campaign.pdf?", + "https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/" ], "synonyms": [ "Tonto Team", @@ -6443,7 +6443,35 @@ }, "related": [ { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6457,28 +6485,7 @@ "type": "uses" }, { - "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b07c2c47-fefb-4d7c-a69e-6a3296171f54", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6491,6 +6498,13 @@ ], "type": "uses" }, + { + "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ @@ -6506,49 +6520,7 @@ "type": "uses" }, { - "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b63970b7-ddfb-4aee-97b1-80d335e033a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ec9e00dd-0313-4d5b-8105-c20aa47abffc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6562,7 +6534,21 @@ "type": "uses" }, { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "dest-uuid": "b07c2c47-fefb-4d7c-a69e-6a3296171f54", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b63970b7-ddfb-4aee-97b1-80d335e033a8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6576,14 +6562,28 @@ "type": "uses" }, { - "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", + "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ec9e00dd-0313-4d5b-8105-c20aa47abffc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6599,8 +6599,8 @@ "external_id": "G0115", "refs": [ "https://attack.mitre.org/groups/G0115", - "https://www.secureworks.com/research/revil-sodinokibi-ransomware", "https://www.secureworks.com/blog/revil-the-gandcrab-connection", + "https://www.secureworks.com/research/revil-sodinokibi-ransomware", "https://www.secureworks.com/research/threat-profiles/gold-southfield" ], "synonyms": [ @@ -6608,13 +6608,6 @@ ] }, "related": [ - { - "dest-uuid": "9fa07bef-9c81-421e-a8e5-ad4366c5a925", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ @@ -6622,48 +6615,6 @@ ], "type": "uses" }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "842976c7-f9c8-41b2-8371-41dc64fbe261", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bd369cd9-abb8-41ce-b5bb-fff23ee86c00", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", "tags": [ @@ -6671,6 +6622,41 @@ ], "type": "uses" }, + { + "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "842976c7-f9c8-41b2-8371-41dc64fbe261", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9fa07bef-9c81-421e-a8e5-ad4366c5a925", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "a62a8db3-f23a-4d8f-afd6-9dbc77e7813b", "tags": [ @@ -6678,12 +6664,26 @@ ], "type": "uses" }, + { + "dest-uuid": "ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "bd369cd9-abb8-41ce-b5bb-fff23ee86c00", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "c77c5576-ca19-42ed-a36f-4b4486a84133", @@ -6702,6 +6702,195 @@ ] }, "related": [ + { + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "066b057c-944e-4cfc-b654-e3dfba04b926", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "13cd9151-83b7-410d-9f98-25d0f0d1d80d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "26c87906-d750-42c5-946c-d4162c73fc7b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "315f51f0-6b03-4c1e-bfb2-84740afb8e21", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "38952eac-cb1b-4a71-bad2-ee8223a1c8fe", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4664b683-f578-434f-919b-1c1aad2a1111", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", "tags": [ @@ -6709,6 +6898,244 @@ ], "type": "uses" }, + { + "dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ad255bfe-a9e6-4b52-a258-8d3462abe842", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b0533c6e-8fea-4788-874f-b799cacc4b92", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dd43c543-bb85-4a6f-aa6e-160d90d06a49", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f2877f7f-9a4c-4251-879f-1224e3006bee", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "f303a39a-6255-4b89-aecc-18c4d8ca7163", "tags": [ @@ -6717,7 +7144,7 @@ "type": "uses" }, { - "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6736,433 +7163,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "13cd9151-83b7-410d-9f98-25d0f0d1d80d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f2877f7f-9a4c-4251-879f-1224e3006bee", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "066b057c-944e-4cfc-b654-e3dfba04b926", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4664b683-f578-434f-919b-1c1aad2a1111", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "38952eac-cb1b-4a71-bad2-ee8223a1c8fe", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b0533c6e-8fea-4788-874f-b799cacc4b92", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "26c87906-d750-42c5-946c-d4162c73fc7b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ad255bfe-a9e6-4b52-a258-8d3462abe842", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "315f51f0-6b03-4c1e-bfb2-84740afb8e21", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dd43c543-bb85-4a6f-aa6e-160d90d06a49", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "28f04ed3-8e91-4805-b1f6-869020517871", @@ -7174,11 +7174,11 @@ "external_id": "G0117", "refs": [ "https://attack.mitre.org/groups/G0117", + "https://us-cert.cisa.gov/ncas/alerts/aa20-259a", "https://www.clearskysec.com/fox-kitten/", - "https://www.crowdstrike.com/blog/who-is-pioneer-kitten/", - "https://www.dragos.com/threat/parisite/", "https://www.clearskysec.com/wp-content/uploads/2020/12/Pay2Kitten.pdf", - "https://us-cert.cisa.gov/ncas/alerts/aa20-259a" + "https://www.crowdstrike.com/blog/who-is-pioneer-kitten/", + "https://www.dragos.com/threat/parisite/" ], "synonyms": [ "Fox Kitten", @@ -7189,21 +7189,7 @@ }, "related": [ { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7224,28 +7210,7 @@ "type": "uses" }, { - "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ae676644-d2d2-41b7-af7e-9bed1b55898c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7258,146 +7223,6 @@ ], "type": "uses" }, - { - "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5e4a2073-9643-44cb-a0b5-e7f4048446c7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "911fe4c3-444d-4e92-83b8-cc761ac5fd3b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "70e52b04-2a0c-4cea-9d18-7149f1df9dc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "77ca1aa3-280c-4b67-abaa-e8fb891a8f83", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "315f51f0-6b03-4c1e-bfb2-84740afb8e21", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", "tags": [ @@ -7405,55 +7230,6 @@ ], "type": "uses" }, - { - "dest-uuid": "3298ce88-1628-43b1-87d9-0b5336b193d7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5a3a31fe-5a8f-48e1-bff0-a753e5b1be70", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", "tags": [ @@ -7462,21 +7238,28 @@ "type": "uses" }, { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "dest-uuid": "315f51f0-6b03-4c1e-bfb2-84740afb8e21", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "3298ce88-1628-43b1-87d9-0b5336b193d7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "b1ccd744-3f78-4a0e-9bb2-2002057f7928", + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7489,12 +7272,229 @@ ], "type": "uses" }, + { + "dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5a3a31fe-5a8f-48e1-bff0-a753e5b1be70", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "5e4a2073-9643-44cb-a0b5-e7f4048446c7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "70e52b04-2a0c-4cea-9d18-7149f1df9dc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "77ca1aa3-280c-4b67-abaa-e8fb891a8f83", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "911fe4c3-444d-4e92-83b8-cc761ac5fd3b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ae676644-d2d2-41b7-af7e-9bed1b55898c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b1ccd744-3f78-4a0e-9bb2-2002057f7928", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "c21dd6f1-1364-4a70-a1f7-783080ec34ee", @@ -7506,9 +7506,9 @@ "external_id": "G0119", "refs": [ "https://attack.mitre.org/groups/G0119", + "https://home.treasury.gov/news/press-releases/sm845", "https://www.crowdstrike.com/blog/big-game-hunting-the-evolution-of-indrik-spider-from-dridex-wire-fraud-to-bitpaymer-targeted-ransomware/", - "https://www.crowdstrike.com/blog/hades-ransomware-successor-to-indrik-spiders-wastedlocker/", - "https://home.treasury.gov/news/press-releases/sm845" + "https://www.crowdstrike.com/blog/hades-ransomware-successor-to-indrik-spiders-wastedlocker/" ], "synonyms": [ "Indrik Spider", @@ -7517,70 +7517,7 @@ }, "related": [ { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e01be9c5-e763-4caf-aeb7-000b416aef67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "46cbafbc-8907-42d3-9002-5327c26f8927", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3433a9e8-1c47-4320-b9bf-ed449061d1c3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5d2be8b9-d24c-4e98-83bf-2f5f79477163", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a7b5df47-73bb-4d47-b701-869f185633a6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7593,27 +7530,6 @@ ], "type": "uses" }, - { - "dest-uuid": "e196b5c5-8118-4a1c-ab8a-936586ce3db5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f01e2711-4b48-4192-a2e8-5f56c945ca19", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ @@ -7622,35 +7538,7 @@ "type": "uses" }, { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "fa766a65-5136-4ff3-8429-36d08eaa0100", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7663,13 +7551,6 @@ ], "type": "uses" }, - { - "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ @@ -7678,7 +7559,35 @@ "type": "uses" }, { - "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3433a9e8-1c47-4320-b9bf-ed449061d1c3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "46cbafbc-8907-42d3-9002-5327c26f8927", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5d2be8b9-d24c-4e98-83bf-2f5f79477163", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7698,12 +7607,103 @@ ], "type": "uses" }, + { + "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a7b5df47-73bb-4d47-b701-869f185633a6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e01be9c5-e763-4caf-aeb7-000b416aef67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e196b5c5-8118-4a1c-ab8a-936586ce3db5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f01e2711-4b48-4192-a2e8-5f56c945ca19", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "fa766a65-5136-4ff3-8429-36d08eaa0100", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "01e28736-2ffc-455b-9880-ed4d1407ae07", @@ -7715,9 +7715,9 @@ "external_id": "G0122", "refs": [ "https://attack.mitre.org/groups/G0122", - "https://www.justice.gov/usao-sdny/press-release/file/1045781/download", - "https://info.phishlabs.com/blog/silent-librarian-more-to-the-story-of-the-iranian-mabna-institute-indictment", "https://blog.malwarebytes.com/malwarebytes-news/2020/10/silent-librarian-apt-phishing-attack/", + "https://info.phishlabs.com/blog/silent-librarian-more-to-the-story-of-the-iranian-mabna-institute-indictment", + "https://www.justice.gov/usao-sdny/press-release/file/1045781/download", "https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta407-silent-librarian", "https://www.secureworks.com/blog/back-to-school-cobalt-dickens-targets-universities", "https://www.secureworks.com/blog/cobalt-dickens-goes-back-to-school-again" @@ -7729,41 +7729,6 @@ ] }, "related": [ - { - "dest-uuid": "65013dd2-bc61-43e3-afb5-a14c4fa7437a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7d77a07d-02fe-4e88-8bd9-e9c008c01bf0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1608f3e1-598a-42f4-a01a-2e252e81728f", "tags": [ @@ -7771,27 +7736,6 @@ ], "type": "uses" }, - { - "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2d3f5b3c-54ca-4f4d-bb1f-849346d31230", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "76551c52-b111-4884-bc47-ff3e728f0156", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "16cdd21f-da65-4e4f-bc04-dd7d198c7b26", "tags": [ @@ -7799,6 +7743,41 @@ ], "type": "uses" }, + { + "dest-uuid": "19401639-28d0-4c3c-adcc-bc2ba22f6421", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2d3f5b3c-54ca-4f4d-bb1f-849346d31230", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "65013dd2-bc61-43e3-afb5-a14c4fa7437a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "69f897fd-12a9-4c89-ad6a-46d2f3c38262", "tags": [ @@ -7806,6 +7785,20 @@ ], "type": "uses" }, + { + "dest-uuid": "76551c52-b111-4884-bc47-ff3e728f0156", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7d77a07d-02fe-4e88-8bd9-e9c008c01bf0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "84ae8255-b4f4-4237-b5c5-e717405a9701", "tags": [ @@ -7814,7 +7807,14 @@ "type": "uses" }, { - "dest-uuid": "19401639-28d0-4c3c-adcc-bc2ba22f6421", + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7830,8 +7830,8 @@ "external_id": "G0123", "refs": [ "https://attack.mitre.org/groups/G0123", - "https://www.clearskysec.com/wp-content/uploads/2021/01/Lebanese-Cedar-APT.pdf", - "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2015/03/20082004/volatile-cedar-technical-report.pdf" + "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2015/03/20082004/volatile-cedar-technical-report.pdf", + "https://www.clearskysec.com/wp-content/uploads/2021/01/Lebanese-Cedar-APT.pdf" ], "synonyms": [ "Volatile Cedar", @@ -7840,14 +7840,7 @@ }, "related": [ { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bed04f7d-e48a-4e76-bd0f-4c57fe31fc46", + "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7867,13 +7860,6 @@ ], "type": "uses" }, - { - "dest-uuid": "751b77e6-af1f-483b-93fe-eddf17f92a64", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "6a21e3a4-5ffe-4581-af9a-6a54c7536f44", "tags": [ @@ -7882,7 +7868,21 @@ "type": "uses" }, { - "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", + "dest-uuid": "751b77e6-af1f-483b-93fe-eddf17f92a64", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bed04f7d-e48a-4e76-bd0f-4c57fe31fc46", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7898,12 +7898,12 @@ "external_id": "G0129", "refs": [ "https://attack.mitre.org/groups/G0129", - "https://www.anomali.com/blog/china-based-apt-mustang-panda-targets-minority-groups-public-and-private-sector-organizations", - "https://www.secureworks.com/research/bronze-president-targets-ngos", "https://go.recordedfuture.com/hubfs/reports/cta-2020-0728.pdf", + "https://www.anomali.com/blog/china-based-apt-mustang-panda-targets-minority-groups-public-and-private-sector-organizations", "https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-june-mustang-panda/", + "https://www.proofpoint.com/us/blog/threat-insight/good-bad-and-web-bug-ta416-increases-operational-tempo-against-european", "https://www.proofpoint.com/us/blog/threat-insight/ta416-goes-ground-and-returns-golang-plugx-malware-loader", - "https://www.proofpoint.com/us/blog/threat-insight/good-bad-and-web-bug-ta416-increases-operational-tempo-against-european" + "https://www.secureworks.com/research/bronze-president-targets-ngos" ], "synonyms": [ "Mustang Panda", @@ -7914,42 +7914,35 @@ }, "related": [ { - "dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", + "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "dest-uuid": "03acae53-9b98-46f6-b204-16b930839055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "2cd950a6-16c4-404a-aa01-044322395107", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", + "dest-uuid": "11f29a39-0942-4d62-92b6-fe236cf3066e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7963,7 +7956,77 @@ "type": "uses" }, { - "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2cd950a6-16c4-404a-aa01-044322395107", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ee16395-03f0-4690-a32e-69ce9ada0f9e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7984,84 +8047,14 @@ "type": "uses" }, { - "dest-uuid": "11f29a39-0942-4d62-92b6-fe236cf3066e", + "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03acae53-9b98-46f6-b204-16b930839055", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", + "dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -8075,112 +8068,14 @@ "type": "uses" }, { - "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "b42378e0-f147-496f-992a-26a49705395b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ee16395-03f0-4690-a32e-69ce9ada0f9e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "84771bc3-f6a0-403e-b144-01af70e5fda0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a3e1e6c5-9c74-4fc0-a16c-a9d228c17829", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -8194,14 +8089,63 @@ "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "84771bc3-f6a0-403e-b144-01af70e5fda0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a3e1e6c5-9c74-4fc0-a16c-a9d228c17829", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -8215,14 +8159,7 @@ "type": "uses" }, { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", + "dest-uuid": "b42378e0-f147-496f-992a-26a49705395b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -8236,7 +8173,70 @@ "type": "uses" }, { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -8259,10 +8259,10 @@ "external_id": "G0133", "refs": [ "https://attack.mitre.org/groups/G0133", - "https://securityaffairs.co/wordpress/77165/apt/russia-linked-apt-dustsquad.html", "https://securelist.com/octopus-infested-seas-of-central-asia/88200/", - "https://www.virusbulletin.com/uploads/pdf/conference_slides/2018/Cherepanov-VB2018-Octopus.pdf", - "https://www.securityweek.com/russia-linked-hackers-target-diplomatic-entities-central-asia" + "https://securityaffairs.co/wordpress/77165/apt/russia-linked-apt-dustsquad.html", + "https://www.securityweek.com/russia-linked-hackers-target-diplomatic-entities-central-asia", + "https://www.virusbulletin.com/uploads/pdf/conference_slides/2018/Cherepanov-VB2018-Octopus.pdf" ], "synonyms": [ "Nomadic Octopus", @@ -8270,13 +8270,6 @@ ] }, "related": [ - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ @@ -8284,34 +8277,6 @@ ], "type": "uses" }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e2031fd5-02c2-43d4-85e2-b64f474530c2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ @@ -8319,12 +8284,47 @@ ], "type": "uses" }, + { + "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e2031fd5-02c2-43d4-85e2-b64f474530c2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "fed4f0a2-4347-4530-b0f5-6dfd49b29172", @@ -8343,55 +8343,6 @@ ] }, "related": [ - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7807d3a4-a885-4639-a786-c1ed41484970", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d906e6f7-434c-44c0-b51a-ed50af8f7945", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ @@ -8399,55 +8350,6 @@ ], "type": "uses" }, - { - "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", "tags": [ @@ -8455,12 +8357,110 @@ ], "type": "uses" }, + { + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7807d3a4-a885-4639-a786-c1ed41484970", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d906e6f7-434c-44c0-b51a-ed50af8f7945", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "64b52e7d-b2c4-4a02-9372-08a463f5dc11", @@ -8471,13 +8471,13 @@ "meta": { "external_id": "G0134", "refs": [ - "https://attack.mitre.org/groups/G0134", - "https://www.proofpoint.com/sites/default/files/proofpoint-operation-transparent-tribe-threat-insight-en.pdf", - "https://securelist.com/transparent-tribe-part-1/98127/", - "https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html", - "https://www.secureworks.com/research/threat-profiles/copper-fieldstone", "https://adversary.crowdstrike.com/en-US/adversary/mythic-leopard/", - "https://unit42.paloaltonetworks.com/unit42-projectm-link-found-between-pakistani-actor-and-operation-transparent-tribe/" + "https://attack.mitre.org/groups/G0134", + "https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html", + "https://securelist.com/transparent-tribe-part-1/98127/", + "https://unit42.paloaltonetworks.com/unit42-projectm-link-found-between-pakistani-actor-and-operation-transparent-tribe/", + "https://www.proofpoint.com/sites/default/files/proofpoint-operation-transparent-tribe-threat-insight-en.pdf", + "https://www.secureworks.com/research/threat-profiles/copper-fieldstone" ], "synonyms": [ "Transparent Tribe", @@ -8489,28 +8489,14 @@ }, "related": [ { - "dest-uuid": "d906e6f7-434c-44c0-b51a-ed50af8f7945", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -8524,21 +8510,7 @@ "type": "uses" }, { - "dest-uuid": "6c2550d5-a01a-4bbb-a004-6ead348ba623", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "326af1cd-78e7-45b7-a326-125d2f7ef8f2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bd9c723-2f78-4309-82c5-47cad406572b", + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -8552,56 +8524,14 @@ "type": "uses" }, { - "dest-uuid": "5864e59f-eb4c-43ad-83b2-b5e4fae056c9", + "dest-uuid": "326af1cd-78e7-45b7-a326-125d2f7ef8f2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f9cc4d06-775f-4ee1-b401-4e2cc0da30ba", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -8615,7 +8545,77 @@ "type": "uses" }, { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "dest-uuid": "5864e59f-eb4c-43ad-83b2-b5e4fae056c9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6c2550d5-a01a-4bbb-a004-6ead348ba623", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bd9c723-2f78-4309-82c5-47cad406572b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d906e6f7-434c-44c0-b51a-ed50af8f7945", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f9cc4d06-775f-4ee1-b401-4e2cc0da30ba", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -8639,7 +8639,21 @@ }, "related": [ { - "dest-uuid": "77eae145-55db-4519-8ae5-77b0c7215d69", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -8667,14 +8681,7 @@ "type": "uses" }, { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "dest-uuid": "77eae145-55db-4519-8ae5-77b0c7215d69", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -8686,13 +8693,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "6566aac9-dad8-4332-ae73-20c23bad7f02", @@ -8712,13 +8712,6 @@ ] }, "related": [ - { - "dest-uuid": "8f8cd191-902c-4e83-bf20-b57c8c4640e9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ @@ -8726,41 +8719,6 @@ ], "type": "uses" }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ @@ -8768,6 +8726,27 @@ ], "type": "uses" }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f8cd191-902c-4e83-bf20-b57c8c4640e9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ @@ -8775,12 +8754,33 @@ ], "type": "uses" }, + { + "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "c4d50cdf-87ce-407d-86d8-862883485842", @@ -8792,11 +8792,11 @@ "external_id": "G0088", "refs": [ "https://attack.mitre.org/groups/G0088", - "https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.html", - "https://www.fireeye.com/blog/threat-research/2018/10/triton-attribution-russian-government-owned-lab-most-likely-built-tools.html ", - "https://www.fireeye.com/content/dam/fireeye-www/blog/files/TRITON_Appendix_C.html", "https://dragos.com/resource/xenotime/", - "https://pylos.co/2019/04/12/a-xenotime-to-remember-veles-in-the-wild/" + "https://pylos.co/2019/04/12/a-xenotime-to-remember-veles-in-the-wild/", + "https://www.fireeye.com/blog/threat-research/2018/10/triton-attribution-russian-government-owned-lab-most-likely-built-tools.html ", + "https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.html", + "https://www.fireeye.com/content/dam/fireeye-www/blog/files/TRITON_Appendix_C.html" ], "synonyms": [ "TEMP.Veles", @@ -8804,6 +8804,83 @@ ] }, "related": [ + { + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "20a66013-8dab-4ca3-a67d-766c842c561c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6d4a7fb3-5a24-42be-ae61-6728a2b581f6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "795c1a92-3a26-453e-b99a-6a566aa94dc6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "79da0971-3147-4af6-a4f5-e8cd447cd795", "tags": [ @@ -8812,21 +8889,21 @@ "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "93ae2edf-a598-4d2d-acd7-bcae0c021923", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -8847,91 +8924,7 @@ "type": "uses" }, { - "dest-uuid": "6d4a7fb3-5a24-42be-ae61-6728a2b581f6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -8945,28 +8938,35 @@ "type": "uses" }, { - "dest-uuid": "93ae2edf-a598-4d2d-acd7-bcae0c021923", + "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "795c1a92-3a26-453e-b99a-6a566aa94dc6", + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "20a66013-8dab-4ca3-a67d-766c842c561c", + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -8997,21 +8997,21 @@ "type": "uses" }, { - "dest-uuid": "fdc47f44-dd32-4b99-af5f-209f556f63c2", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", + "dest-uuid": "3433a9e8-1c47-4320-b9bf-ed449061d1c3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9031,6 +9031,20 @@ ], "type": "uses" }, + { + "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ @@ -9046,28 +9060,14 @@ "type": "uses" }, { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3433a9e8-1c47-4320-b9bf-ed449061d1c3", + "dest-uuid": "fdc47f44-dd32-4b99-af5f-209f556f63c2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9082,8 +9082,8 @@ "meta": { "external_id": "G0005", "refs": [ - "https://attack.mitre.org/groups/G0005", "http://www.crowdstrike.com/blog/whois-numbered-panda/", + "https://attack.mitre.org/groups/G0005", "https://www.fireeye.com/blog/threat-research/2014/09/darwins-favorite-apt-group-2.html" ], "synonyms": [ @@ -9095,34 +9095,6 @@ ] }, "related": [ - { - "dest-uuid": "48146604-6693-4db1-bd94-159744726514", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "ad4f146f-e3ec-444a-ba71-24bffd7f0f8e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d5e96a35-7b0b-4c6a-9533-d63ecbda563e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "83a766f8-1501-4b3a-a2de-2e2849e8dfc1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ @@ -9130,13 +9102,6 @@ ], "type": "uses" }, - { - "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ @@ -9145,7 +9110,14 @@ "type": "uses" }, { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "dest-uuid": "48146604-6693-4db1-bd94-159744726514", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "83a766f8-1501-4b3a-a2de-2e2849e8dfc1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9157,6 +9129,34 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "ad4f146f-e3ec-444a-ba71-24bffd7f0f8e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d5e96a35-7b0b-4c6a-9533-d63ecbda563e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "c47f937f-1022-4f42-8525-e7a4779a14cb", @@ -9168,14 +9168,28 @@ "external_id": "G0013", "refs": [ "https://attack.mitre.org/groups/G0013", - "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf", - "https://securelist.com/the-naikon-apt/69953/" + "https://securelist.com/the-naikon-apt/69953/", + "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf" ], "synonyms": [ "APT30" ] }, "related": [ + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "2f1fd017-9df6-4759-91fb-e7039609b5ff", "tags": [ @@ -9183,6 +9197,20 @@ ], "type": "similar" }, + { + "dest-uuid": "43213480-78f7-4fb3-976f-d48f5f6a4c2a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "5e0a7cf2-6107-4d5f-9dd0-9df38b1fcba8", "tags": [ @@ -9190,6 +9218,20 @@ ], "type": "similar" }, + { + "dest-uuid": "8b880b41-5139-4807-baa9-309690218719", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b1de6916-7a22-4460-8d26-6b5483ffaa2a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "f26144c5-8593-4e78-831a-11f6452d809b", "tags": [ @@ -9203,48 +9245,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "43213480-78f7-4fb3-976f-d48f5f6a4c2a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b1de6916-7a22-4460-8d26-6b5483ffaa2a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8b880b41-5139-4807-baa9-309690218719", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "f047ee18-7985-4946-8bfb-4ed754d3a0dd", @@ -9255,9 +9255,9 @@ "meta": { "external_id": "G0006", "refs": [ + "http://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf", "https://attack.mitre.org/groups/G0006", - "https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf", - "http://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf" + "https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf" ], "synonyms": [ "APT1", @@ -9268,182 +9268,7 @@ }, "related": [ { - "dest-uuid": "1cb7e1cc-d695-42b1-92f4-fd0112a3c9be", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f2e8c7a1-cae1-45c4-baf0-6f21bdcbb2c2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "294e2560-bd48-44b2-9da2-833b5588ad11", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b45747dc-87ca-4597-a245-7e16a61bc491", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4fa49fc0-9162-4bdb-a37e-7aa3dcb6d38b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f9cc4d06-775f-4ee1-b401-4e2cc0da30ba", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65013dd2-bc61-43e3-afb5-a14c4fa7437a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b07c2c47-fefb-4d7c-a69e-6a3296171f54", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7807d3a4-a885-4639-a786-c1ed41484970", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1e9eb839-294b-48cc-b0d3-c45555a2a004", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1d808f62-cf63-4063-9727-ff6132514c22", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a52edc76-328d-4596-85e7-d56ef5a9eb69", + "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9457,14 +9282,63 @@ "type": "uses" }, { - "dest-uuid": "9de2308e-7bed-43a3-8e58-f194b3586700", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", + "dest-uuid": "1cb7e1cc-d695-42b1-92f4-fd0112a3c9be", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "1d808f62-cf63-4063-9727-ff6132514c22", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1e9eb839-294b-48cc-b0d3-c45555a2a004", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "27f3ddf8-1b77-4cc2-a4c0-e6da3d31a768", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "294e2560-bd48-44b2-9da2-833b5588ad11", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9478,21 +9352,70 @@ "type": "uses" }, { - "dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e", + "dest-uuid": "2fab555f-7664-4623-b4e0-1675ae38190b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "488da8ed-2887-4ef6-a39a-5b69bc6682c6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4900fabf-1142-4c1f-92f5-0b590e049077", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4fa49fc0-9162-4bdb-a37e-7aa3dcb6d38b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "54eb2bab-125f-4d1c-b999-0c692860bafe", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9506,7 +9429,28 @@ "type": "uses" }, { - "dest-uuid": "b42378e0-f147-496f-992a-26a49705395b", + "dest-uuid": "65013dd2-bc61-43e3-afb5-a14c4fa7437a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7807d3a4-a885-4639-a786-c1ed41484970", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9520,14 +9464,63 @@ "type": "uses" }, { - "dest-uuid": "c9cd7ec9-40b7-49db-80be-1399eddd9c52", + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "2fab555f-7664-4623-b4e0-1675ae38190b", + "dest-uuid": "9de2308e-7bed-43a3-8e58-f194b3586700", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a52edc76-328d-4596-85e7-d56ef5a9eb69", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "aadaee0d-794c-4642-8293-7ec22a99fb1a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b07c2c47-fefb-4d7c-a69e-6a3296171f54", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b42378e0-f147-496f-992a-26a49705395b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b45747dc-87ca-4597-a245-7e16a61bc491", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9548,42 +9541,49 @@ "type": "uses" }, { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", + "dest-uuid": "c9cd7ec9-40b7-49db-80be-1399eddd9c52", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "aadaee0d-794c-4642-8293-7ec22a99fb1a", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "27f3ddf8-1b77-4cc2-a4c0-e6da3d31a768", + "dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "488da8ed-2887-4ef6-a39a-5b69bc6682c6", + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "54eb2bab-125f-4d1c-b999-0c692860bafe", + "dest-uuid": "f2e8c7a1-cae1-45c4-baf0-6f21bdcbb2c2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "4900fabf-1142-4c1f-92f5-0b590e049077", + "dest-uuid": "f9cc4d06-775f-4ee1-b401-4e2cc0da30ba", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9598,12 +9598,12 @@ "meta": { "external_id": "G0001", "refs": [ - "https://attack.mitre.org/groups/G0001", "http://blogs.cisco.com/security/talos/threat-spotlight-group-72", - "https://securelist.com/winnti-more-than-just-a-game/37029/", - "http://www.novetta.com/wp-content/uploads/2015/04/novetta_winntianalysis.pdf", "http://www.novetta.com/wp-content/uploads/2014/11/Executive_Summary-Final_1.pdf", - "https://securelist.com/games-are-over/70991/" + "http://www.novetta.com/wp-content/uploads/2015/04/novetta_winntianalysis.pdf", + "https://attack.mitre.org/groups/G0001", + "https://securelist.com/games-are-over/70991/", + "https://securelist.com/winnti-more-than-just-a-game/37029/" ], "synonyms": [ "Axiom", @@ -9612,35 +9612,7 @@ }, "related": [ { - "dest-uuid": "99e30d89-9361-4b73-a999-9e5ff9320bcb", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "24110866-cb22-4c85-a7d2-0413e126694b", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "b83e166d-13d7-4b52-8677-dff90c548fd7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "95047f03-4811-4300-922e-1ba937d53a61", + "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9653,6 +9625,20 @@ ], "type": "uses" }, + { + "dest-uuid": "24110866-cb22-4c85-a7d2-0413e126694b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", "tags": [ @@ -9660,34 +9646,6 @@ ], "type": "uses" }, - { - "dest-uuid": "88c621a7-aef9-4ae0-94e3-1fc87123eb24", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "70e52b04-2a0c-4cea-9d18-7149f1df9dc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "810d8072-afb6-4a56-9ee7-86379ac4a6f3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a62a8db3-f23a-4d8f-afd6-9dbc77e7813b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", "tags": [ @@ -9696,28 +9654,14 @@ "type": "uses" }, { - "dest-uuid": "e0033c16-a07e-48aa-8204-7c3ca669998c", + "dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "b42378e0-f147-496f-992a-26a49705395b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", + "dest-uuid": "70e52b04-2a0c-4cea-9d18-7149f1df9dc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9730,34 +9674,6 @@ ], "type": "uses" }, - { - "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cfc75b0d-e579-40ae-ad07-a1ce00d49a6c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "fb28627c-d6ea-4c35-b138-ab5e96ae5445", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "79da0971-3147-4af6-a4f5-e8cd447cd795", "tags": [ @@ -9766,7 +9682,14 @@ "type": "uses" }, { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "dest-uuid": "810d8072-afb6-4a56-9ee7-86379ac4a6f3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "88c621a7-aef9-4ae0-94e3-1fc87123eb24", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9780,7 +9703,77 @@ "type": "uses" }, { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "dest-uuid": "95047f03-4811-4300-922e-1ba937d53a61", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "99e30d89-9361-4b73-a999-9e5ff9320bcb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "a62a8db3-f23a-4d8f-afd6-9dbc77e7813b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b42378e0-f147-496f-992a-26a49705395b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b83e166d-13d7-4b52-8677-dff90c548fd7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cfc75b0d-e579-40ae-ad07-a1ce00d49a6c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e0033c16-a07e-48aa-8204-7c3ca669998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9792,6 +9785,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "fb28627c-d6ea-4c35-b138-ab5e96ae5445", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "a0cb9370-e39b-44d5-9f50-ef78e412b973", @@ -9803,9 +9803,9 @@ "external_id": "G0100", "refs": [ "https://attack.mitre.org/groups/G0100", - "https://unit42.paloaltonetworks.com/unit42-inception-attackers-target-europe-year-old-office-vulnerability/", + "https://securelist.com/cloud-atlas-redoctober-apt-is-back-in-style/68083/", "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/inception-framework-hiding-behind-proxies", - "https://securelist.com/cloud-atlas-redoctober-apt-is-back-in-style/68083/" + "https://unit42.paloaltonetworks.com/unit42-inception-attackers-target-europe-year-old-office-vulnerability/" ], "synonyms": [ "Inception", @@ -9815,28 +9815,7 @@ }, "related": [ { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9849,41 +9828,6 @@ ], "type": "uses" }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c", "tags": [ @@ -9891,90 +9835,6 @@ ], "type": "uses" }, - { - "dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b76b2d94-60e4-4107-a903-4a3a7622fb3b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "53486bc7-7748-4716-8190-e4f1fde04c53", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8caa18af-4758-4fd3-9600-e8af579e89ed", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ @@ -9982,12 +9842,152 @@ ], "type": "uses" }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "53486bc7-7748-4716-8190-e4f1fde04c53", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8caa18af-4758-4fd3-9600-e8af579e89ed", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b76b2d94-60e4-4107-a903-4a3a7622fb3b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "ead23196-d7b6-4ce6-a124-4ab4b67d81bd", @@ -9998,18 +9998,18 @@ "meta": { "external_id": "G0010", "refs": [ - "https://attack.mitre.org/groups/G0010", - "https://securelist.com/the-epic-turla-operation/65545/", - "https://www.welivesecurity.com/wp-content/uploads/2017/08/eset-gazer.pdf", - "https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-march-venomous-bear/", - "https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf", "http://www.secureworks.com/research/threat-profiles/iron-hunter", - "https://www.leonardocompany.com/documents/20142/10868623/Malware+Technical+Insight+_Turla+%E2%80%9CPenquin_x64%E2%80%9D.pdf", - "https://www.accenture.com/us-en/blogs/cyber-defense/turla-belugasturgeon-compromises-government-entity", - "https://www.threatminer.org/report.php?q=waterbug-attack-group.pdf&y=2015#gsc.tab=0&gsc.q=waterbug-attack-group.pdf&gsc.page=1", - "https://securelist.com/introducing-whitebear/81638/", + "https://attack.mitre.org/groups/G0010", "https://blog.talosintelligence.com/2021/09/tinyturla.html", - "https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/" + "https://securelist.com/introducing-whitebear/81638/", + "https://securelist.com/the-epic-turla-operation/65545/", + "https://www.accenture.com/us-en/blogs/cyber-defense/turla-belugasturgeon-compromises-government-entity", + "https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-march-venomous-bear/", + "https://www.leonardocompany.com/documents/20142/10868623/Malware+Technical+Insight+_Turla+%E2%80%9CPenquin_x64%E2%80%9D.pdf", + "https://www.threatminer.org/report.php?q=waterbug-attack-group.pdf&y=2015#gsc.tab=0&gsc.q=waterbug-attack-group.pdf&gsc.page=1", + "https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/", + "https://www.welivesecurity.com/wp-content/uploads/2017/08/eset-gazer.pdf", + "https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf" ], "synonyms": [ "Turla", @@ -10025,18 +10025,18 @@ }, "related": [ { - "dest-uuid": "fa80877c-f509-4daf-8b62-20aba1635f68", + "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ - "estimative-language:likelihood-probability=\"likely\"" + "estimative-language:likelihood-probability=\"almost-certain\"" ], - "type": "similar" + "type": "uses" }, { - "dest-uuid": "c097471c-2405-4393-b6d7-afbcb5f0cd11", + "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", "tags": [ - "estimative-language:likelihood-probability=\"likely\"" + "estimative-language:likelihood-probability=\"almost-certain\"" ], - "type": "similar" + "type": "uses" }, { "dest-uuid": "0a68f1f1-da74-4d28-8d9a-696c082706cc", @@ -10046,14 +10046,98 @@ "type": "uses" }, { - "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", + "dest-uuid": "0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "132d5b37-aac5-4378-a8dc-3127b18a73dc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1b20efbf-8063-4fc3-a07d-b575318a301b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "212306d8-efa4-44c9-8c2d-ed3d2e224aa0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2a7c1bb7-cd12-456e-810d-ab3bf8457bab", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2cf7dec3-66fc-423f-b2c7-58f1de243b4e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e45723a-31da-4a7e-aaa6-e01998a6788f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "30489451-5886-4c46-90c9-0dff9adc5252", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -10074,294 +10158,7 @@ "type": "uses" }, { - "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "536be338-e2ef-4a6b-afb6-8d5568b91eb2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "39cc9f64-cf74-4a48-a4d8-fe98c54a02e0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "925a6c52-5cf0-4fec-99de-b0d6917d8593", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cde2d700-9ed1-46cf-9bce-07364fe8b24f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "677569f9-a8b0-459e-ab24-7f18091fa7bf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7807d3a4-a885-4639-a786-c1ed41484970", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30489451-5886-4c46-90c9-0dff9adc5252", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1b20efbf-8063-4fc3-a07d-b575318a301b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d18cb958-f4ad-4fb3-bb4f-e8994d206550", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b6075259-dba3-44e9-87c7-e954f37ec0d5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "212306d8-efa4-44c9-8c2d-ed3d2e224aa0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6b62e336-176f-417b-856a-8552dd8c44e1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92b55426-109f-4d93-899f-1833ce91ff90", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb", + "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -10375,140 +10172,14 @@ "type": "uses" }, { - "dest-uuid": "2a7c1bb7-cd12-456e-810d-ab3bf8457bab", + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "da5880b4-f7da-4869-85f2-e0aba84b8565", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "132d5b37-aac5-4378-a8dc-3127b18a73dc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e45723a-31da-4a7e-aaa6-e01998a6788f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b0533c6e-8fea-4788-874f-b799cacc4b92", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "80a014ba-3fef-4768-990b-37d8bd10d7f4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4664b683-f578-434f-919b-1c1aad2a1111", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "fdc47f44-dd32-4b99-af5f-209f556f63c2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b1595ddd-a783-482a-90e1-8afc8d48467e", + "dest-uuid": "39cc9f64-cf74-4a48-a4d8-fe98c54a02e0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -10522,28 +10193,42 @@ "type": "uses" }, { - "dest-uuid": "6836813e-8ec8-4375-b459-abb388cb1a35", + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "b63970b7-ddfb-4aee-97b1-80d335e033a8", + "dest-uuid": "4664b683-f578-434f-919b-1c1aad2a1111", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", + "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "536be338-e2ef-4a6b-afb6-8d5568b91eb2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -10557,42 +10242,49 @@ "type": "uses" }, { - "dest-uuid": "e196b5c5-8118-4a1c-ab8a-936586ce3db5", + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "dest-uuid": "677569f9-a8b0-459e-ab24-7f18091fa7bf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "6836813e-8ec8-4375-b459-abb388cb1a35", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "dcac85c1-6485-4790-84f6-de5e6f6b91dd", + "dest-uuid": "6b62e336-176f-417b-856a-8552dd8c44e1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d336b553-5da9-46ca-98a8-0b23f49fb447", + "dest-uuid": "6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -10606,7 +10298,35 @@ "type": "uses" }, { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "dest-uuid": "7807d3a4-a885-4639-a786-c1ed41484970", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "80a014ba-3fef-4768-990b-37d8bd10d7f4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -10620,28 +10340,77 @@ "type": "uses" }, { - "dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec", + "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "2cf7dec3-66fc-423f-b2c7-58f1de243b4e", + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", + "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f", + "dest-uuid": "925a6c52-5cf0-4fec-99de-b0d6917d8593", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92b55426-109f-4d93-899f-1833ce91ff90", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -10655,7 +10424,217 @@ "type": "uses" }, { - "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", + "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b0533c6e-8fea-4788-874f-b799cacc4b92", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b1595ddd-a783-482a-90e1-8afc8d48467e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b35068ec-107a-4266-bda8-eb7036267aea", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b6075259-dba3-44e9-87c7-e954f37ec0d5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b63970b7-ddfb-4aee-97b1-80d335e033a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c097471c-2405-4393-b6d7-afbcb5f0cd11", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cde2d700-9ed1-46cf-9bce-07364fe8b24f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d18cb958-f4ad-4fb3-bb4f-e8994d206550", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d336b553-5da9-46ca-98a8-0b23f49fb447", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "da5880b4-f7da-4869-85f2-e0aba84b8565", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dcac85c1-6485-4790-84f6-de5e6f6b91dd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e196b5c5-8118-4a1c-ab8a-936586ce3db5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -10669,7 +10648,28 @@ "type": "uses" }, { - "dest-uuid": "b35068ec-107a-4266-bda8-eb7036267aea", + "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "fa80877c-f509-4daf-8b62-20aba1635f68", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "fdc47f44-dd32-4b99-af5f-209f556f63c2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -10685,12 +10685,12 @@ "external_id": "G0050", "refs": [ "https://attack.mitre.org/groups/G0050", + "https://www.amnestyusa.org/wp-content/uploads/2021/02/Click-and-Bait_Vietnamese-Human-Rights-Defenders-Targeted-with-Spyware-Attacks.pdf", + "https://www.cybereason.com/blog/operation-cobalt-kitty-apt", "https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html", "https://www.volexity.com/blog/2017/11/06/oceanlotus-blossoms-mass-digital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society/", "https://www.welivesecurity.com/2018/03/13/oceanlotus-ships-new-backdoor/", - "https://www.cybereason.com/blog/operation-cobalt-kitty-apt", - "https://www.welivesecurity.com/2019/03/20/fake-or-fake-keeping-up-with-oceanlotus-decoys/", - "https://www.amnestyusa.org/wp-content/uploads/2021/02/Click-and-Bait_Vietnamese-Human-Rights-Defenders-Targeted-with-Spyware-Attacks.pdf" + "https://www.welivesecurity.com/2019/03/20/fake-or-fake-keeping-up-with-oceanlotus-decoys/" ], "synonyms": [ "APT32", @@ -10701,42 +10701,7 @@ }, "related": [ { - "dest-uuid": "aa29ae56-e54b-47a2-ad16-d3ab0242d5d7", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b1ccd744-3f78-4a0e-9bb2-2002057f7928", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -10750,105 +10715,14 @@ "type": "uses" }, { - "dest-uuid": "bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b", + "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f2857333-11d4-45bf-b064-2c28d8525be5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "eac3d77f-2b7b-4599-ba74-948dc16633ad", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7dbb67c7-270a-40ad-836e-c45f8948aa5a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ee16395-03f0-4690-a32e-69ce9ada0f9e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -10862,119 +10736,7 @@ "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b00f90b6-c75c-4bfd-b813-ca9e6c9ebf29", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "69f897fd-12a9-4c89-ad6a-46d2f3c38262", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "98e8a977-3416-43aa-87fa-33e287e9c14c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -10988,49 +10750,49 @@ "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "09cd431f-eaf4-4d2a-acaf-2a7acfe7ed58", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", + "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", + "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "92a78814-b191-47ca-909c-1ccfe3777414", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", + "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", + "dest-uuid": "294e2560-bd48-44b2-9da2-833b5588ad11", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11044,7 +10806,133 @@ "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2c4d4e92-0ccf-4a97-b54c-86d662988a53", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2d3f5b3c-54ca-4f4d-bb1f-849346d31230", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "30489451-5886-4c46-90c9-0dff9adc5252", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "31fe0ba2-62fd-4fd9-9293-4043d84f7fe9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "341e222a-a6e3-4f6f-b69c-831d792b1580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ee16395-03f0-4690-a32e-69ce9ada0f9e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5282dd9a-d26d-4e16-88b7-7c0f4553daf4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11057,6 +10945,321 @@ ], "type": "uses" }, + { + "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "69f897fd-12a9-4c89-ad6a-46d2f3c38262", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7b211ac6-c815-4189-93a9-ab415deca926", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7dbb67c7-270a-40ad-836e-c45f8948aa5a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8c1d01ff-fdc0-4586-99bd-c248e0761af5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92a78814-b191-47ca-909c-1ccfe3777414", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "98e8a977-3416-43aa-87fa-33e287e9c14c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9ca488bd-9587-48ef-b923-1743523e63b2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "aa29ae56-e54b-47a2-ad16-d3ab0242d5d7", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b00f90b6-c75c-4bfd-b813-ca9e6c9ebf29", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b1ccd744-3f78-4a0e-9bb2-2002057f7928", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e", "tags": [ @@ -11071,13 +11274,6 @@ ], "type": "uses" }, - { - "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ @@ -11086,238 +11282,21 @@ "type": "uses" }, { - "dest-uuid": "fdc47f44-dd32-4b99-af5f-209f556f63c2", + "dest-uuid": "eac3d77f-2b7b-4599-ba74-948dc16633ad", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "f6ae7a52-f3b6-4525-9daf-640c083f006e", + "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "294e2560-bd48-44b2-9da2-833b5588ad11", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9ca488bd-9587-48ef-b923-1743523e63b2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "31fe0ba2-62fd-4fd9-9293-4043d84f7fe9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2d3f5b3c-54ca-4f4d-bb1f-849346d31230", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2c4d4e92-0ccf-4a97-b54c-86d662988a53", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "341e222a-a6e3-4f6f-b69c-831d792b1580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8c1d01ff-fdc0-4586-99bd-c248e0761af5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5282dd9a-d26d-4e16-88b7-7c0f4553daf4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f25aab1a-0cef-4910-a85d-bb38b32ea41a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30489451-5886-4c46-90c9-0dff9adc5252", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11331,21 +11310,42 @@ "type": "uses" }, { - "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", + "dest-uuid": "f25aab1a-0cef-4910-a85d-bb38b32ea41a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "7b211ac6-c815-4189-93a9-ab415deca926", + "dest-uuid": "f2857333-11d4-45bf-b064-2c28d8525be5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "09cd431f-eaf4-4d2a-acaf-2a7acfe7ed58", + "dest-uuid": "f6ae7a52-f3b6-4525-9daf-640c083f006e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "fdc47f44-dd32-4b99-af5f-209f556f63c2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11361,10 +11361,10 @@ "external_id": "G0092", "refs": [ "https://attack.mitre.org/groups/G0092", - "https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta505-dridex-globeimposter", - "https://www.proofpoint.com/us/threat-insight/post/ta505-shifts-times", + "https://securityintelligence.com/posts/ta505-continues-to-infect-networks-with-sdbbot-rat/", "https://www.proofpoint.com/us/threat-insight/post/servhelper-and-flawedgrace-new-malware-introduced-ta505", - "https://securityintelligence.com/posts/ta505-continues-to-infect-networks-with-sdbbot-rat/" + "https://www.proofpoint.com/us/threat-insight/post/ta505-shifts-times", + "https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta505-dridex-globeimposter" ], "synonyms": [ "TA505", @@ -11373,28 +11373,14 @@ }, "related": [ { - "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", + "dest-uuid": "00806466-754d-44ea-ad6f-0caf59cb8556", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11408,28 +11394,112 @@ "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "099ecff2-41b8-436d-843c-038a9aa9aa69", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "00806466-754d-44ea-ad6f-0caf59cb8556", + "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "aae22730-e571-4d17-b037-65f2a3e26213", + "dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", + "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "29ba5a15-3b7b-4732-b817-65ea8f6468e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "43155329-3edf-47a6-9a14-7dac899b01e4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "432555de-63bf-4f2a-a3fa-f720a4561078", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4bc31b94-045b-4752-8920-aebaebdb6470", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e7c2fba-7cca-486c-9582-4c1bb2851961", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11450,105 +11520,7 @@ "type": "uses" }, { - "dest-uuid": "432555de-63bf-4f2a-a3fa-f720a4561078", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cad3ba95-8c89-4146-ab10-08daa813f9de", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "29ba5a15-3b7b-4732-b817-65ea8f6468e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "43155329-3edf-47a6-9a14-7dac899b01e4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7e7c2fba-7cca-486c-9582-4c1bb2851961", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "099ecff2-41b8-436d-843c-038a9aa9aa69", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "dest-uuid": "aae22730-e571-4d17-b037-65f2a3e26213", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11562,28 +11534,28 @@ "type": "uses" }, { - "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", + "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "4bc31b94-045b-4752-8920-aebaebdb6470", + "dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce", + "dest-uuid": "cad3ba95-8c89-4146-ab10-08daa813f9de", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "f01e2711-4b48-4192-a2e8-5f56c945ca19", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11597,14 +11569,42 @@ "type": "uses" }, { - "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f01e2711-4b48-4192-a2e8-5f56c945ca19", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11619,27 +11619,27 @@ "meta": { "external_id": "G0007", "refs": [ - "https://attack.mitre.org/groups/G0007", - "https://media.defense.gov/2020/Aug/13/2002476465/-1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF", - "https://www.justice.gov/file/1080281/download", + "http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part3.pdf", "https://arstechnica.com/information-technology/2018/07/from-bitly-to-x-agent-how-gru-hackers-targeted-the-2016-presidential-election/", - "https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/", - "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-apt28.pdf", - "https://www.secureworks.com/research/threat-group-4127-targets-hillary-clinton-presidential-campaign", - "https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf", - "https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf", + "https://attack.mitre.org/groups/G0007", + "https://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.html", + "https://media.defense.gov/2020/Aug/13/2002476465/-1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF", + "https://msrc-blog.microsoft.com/2019/08/05/corporate-iot-a-path-to-intrusion/", "https://researchcenter.paloaltonetworks.com/2018/03/unit42-sofacy-uses-dealerschoice-target-european-government-agency/", "https://researchcenter.paloaltonetworks.com/2018/06/unit42-sofacy-groups-parallel-attacks/", - "https://www.symantec.com/blogs/election-security/apt28-espionage-military-government", - "https://www.welivesecurity.com/2019/05/22/journey-zebrocy-land/", - "https://www.justice.gov/opa/page/file/1098481/download", - "https://securelist.com/sofacy-apt-hits-high-profile-targets-with-updated-toolset/72924/", - "http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part3.pdf", - "https://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.html", "https://securelist.com/a-slice-of-2017-sofacy-activity/83930/", + "https://securelist.com/sofacy-apt-hits-high-profile-targets-with-updated-toolset/72924/", "https://www.accenture.com/t20181129T203820Z__w__/us-en/_acnmedia/PDF-90/Accenture-snakemackerel-delivers-zekapab-malware.pdf#zoom=50", - "https://msrc-blog.microsoft.com/2019/08/05/corporate-iot-a-path-to-intrusion/", - "https://www.microsoft.com/security/blog/2020/09/10/strontium-detecting-new-patters-credential-harvesting/" + "https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/", + "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-apt28.pdf", + "https://www.justice.gov/file/1080281/download", + "https://www.justice.gov/opa/page/file/1098481/download", + "https://www.microsoft.com/security/blog/2020/09/10/strontium-detecting-new-patters-credential-harvesting/", + "https://www.secureworks.com/research/threat-group-4127-targets-hillary-clinton-presidential-campaign", + "https://www.symantec.com/blogs/election-security/apt28-espionage-military-government", + "https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf", + "https://www.welivesecurity.com/2019/05/22/journey-zebrocy-land/", + "https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf" ], "synonyms": [ "APT28", @@ -11658,210 +11658,7 @@ }, "related": [ { - "dest-uuid": "213cdde9-c11a-4ea9-8ce0-c868e9826fec", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "5b4ee3ea-eee3-4c8e-8323-85ae32658754", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "359b00ad-9425-420b-bba5-6de8d600cbc0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ccd61dfc-b03f-4689-8c18-7c97eab08472", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f005e783-57d4-4837-88ad-dbe7faee1c51", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "60c18d06-7b91-4742-bae3-647845cd9d81", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c8655260-9f4b-44e3-85e1-6538a5f6e4f4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a4f57468-fbd5-49e4-8476-52088220b92d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7343e208-7cab-45f2-a47b-41ba5e2f0fab", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119", + "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11875,14 +11672,133 @@ "type": "uses" }, { - "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", + "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", + "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "08d20cd2-f084-45ee-8558-fa6ef5a18519", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "0a68f1f1-da74-4d28-8d9a-696c082706cc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "0c4b4fda-9062-47da-98b9-ceae2dcf052a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1b7b1806-7746-41a1-a35d-e48dae25ddba", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "213cdde9-c11a-4ea9-8ce0-c868e9826fec", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "27f3ddf8-1b77-4cc2-a4c0-e6da3d31a768", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11896,7 +11812,63 @@ "type": "uses" }, { - "dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a", + "dest-uuid": "2d3f5b3c-54ca-4f4d-bb1f-849346d31230", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2dd34b01-6110-4aac-835d-b5e7b936b0be", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "359b00ad-9425-420b-bba5-6de8d600cbc0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11909,6 +11881,307 @@ ], "type": "uses" }, + { + "dest-uuid": "3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "40597f16-0963-4249-bf4c-ac93b7fb9807", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "45242287-2964-4a3e-9373-159fad4d8195", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "50d6688b-0985-4f3d-8cbe-0c796b30703b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "56660521-6db4-4e5a-a927-464f22954b7c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "59a97b15-8189-4d51-9404-e1ce8ea4a069", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5b4ee3ea-eee3-4c8e-8323-85ae32658754", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "60c18d06-7b91-4742-bae3-647845cd9d81", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "64196062-5210-42c3-9a02-563a0d1797ef", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7343e208-7cab-45f2-a47b-41ba5e2f0fab", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "86850eff-2729-40c3-b85e-c4af26da4a2d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "890c9858-598c-401d-a4d5-c67ebcdd703a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8ae43c46-57ef-47d5-a77a-eebb35628db2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f460983-1bbb-4e7e-8094-f0b5e720f658", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "90ec2b22-7061-4469-b539-0989ec4f96c2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "96fd6cc4-a693-4118-83ec-619e5352d07d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "99164b38-1775-40bc-b77b-a2373b14540a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9fa07bef-9c81-421e-a8e5-ad4366c5a925", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a1dd2dbd-1550-44bf-abcc-1a4c52e97719", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a4f57468-fbd5-49e4-8476-52088220b92d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "ae676644-d2d2-41b7-af7e-9bed1b55898c", "tags": [ @@ -11924,182 +12197,7 @@ "type": "uses" }, { - "dest-uuid": "d20b397a-ea47-48a9-b503-2e2a3551e11d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f7c0689c-4dbd-489b-81be-7cb7c7079ade", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e74de37c-a829-446c-937d-56a44f0e9306", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cca0ccb6-a068-4574-a722-b1556f86833a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9fa07bef-9c81-421e-a8e5-ad4366c5a925", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "64196062-5210-42c3-9a02-563a0d1797ef", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "59a97b15-8189-4d51-9404-e1ce8ea4a069", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "40597f16-0963-4249-bf4c-ac93b7fb9807", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2dd34b01-6110-4aac-835d-b5e7b936b0be", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a1dd2dbd-1550-44bf-abcc-1a4c52e97719", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "90ec2b22-7061-4469-b539-0989ec4f96c2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "99164b38-1775-40bc-b77b-a2373b14540a", + "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -12113,119 +12211,21 @@ "type": "uses" }, { - "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", + "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "890c9858-598c-401d-a4d5-c67ebcdd703a", + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f91162cc-1686-4ff8-8115-bf3f61a4cc7a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f460983-1bbb-4e7e-8094-f0b5e720f658", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1b7b1806-7746-41a1-a35d-e48dae25ddba", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "fe926152-f431-4baf-956c-4ad3cb0bf23b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c3888c54-775d-4b2f-b759-75a2ececcbfd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b", + "dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -12238,20 +12238,6 @@ ], "type": "uses" }, - { - "dest-uuid": "8ae43c46-57ef-47d5-a77a-eebb35628db2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "bc0f5e80-91c0-4e04-9fbb-e4e332c85dae", "tags": [ @@ -12259,111 +12245,6 @@ ], "type": "uses" }, - { - "dest-uuid": "96fd6cc4-a693-4118-83ec-619e5352d07d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "fb575479-14ef-41e9-bfab-0b7cf10bec73", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "86850eff-2729-40c3-b85e-c4af26da4a2d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e669bb87-f773-4c7b-bfcc-a9ffebfdd8d4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0a68f1f1-da74-4d28-8d9a-696c082706cc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f232fa7a-025c-4d43-abc7-318e81a73d65", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0c4b4fda-9062-47da-98b9-ceae2dcf052a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "08d20cd2-f084-45ee-8558-fa6ef5a18519", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "bc76d0a4-db11-4551-9ac4-01a469cfb161", "tags": [ @@ -12371,41 +12252,6 @@ ], "type": "uses" }, - { - "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "50d6688b-0985-4f3d-8cbe-0c796b30703b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", "tags": [ @@ -12414,35 +12260,77 @@ "type": "uses" }, { - "dest-uuid": "2d3f5b3c-54ca-4f4d-bb1f-849346d31230", + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "f108215f-3487-489d-be8b-80e346d32518", + "dest-uuid": "c3888c54-775d-4b2f-b759-75a2ececcbfd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", + "dest-uuid": "c8655260-9f4b-44e3-85e1-6538a5f6e4f4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "eb125d40-0b2d-41ac-a71a-3229241c2cd3", + "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "dest-uuid": "cca0ccb6-a068-4574-a722-b1556f86833a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ccd61dfc-b03f-4689-8c18-7c97eab08472", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d20b397a-ea47-48a9-b503-2e2a3551e11d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -12456,28 +12344,140 @@ "type": "uses" }, { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "56660521-6db4-4e5a-a927-464f22954b7c", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "27f3ddf8-1b77-4cc2-a4c0-e6da3d31a768", + "dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "45242287-2964-4a3e-9373-159fad4d8195", + "dest-uuid": "e669bb87-f773-4c7b-bfcc-a9ffebfdd8d4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e74de37c-a829-446c-937d-56a44f0e9306", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "eb125d40-0b2d-41ac-a71a-3229241c2cd3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f005e783-57d4-4837-88ad-dbe7faee1c51", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f108215f-3487-489d-be8b-80e346d32518", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f232fa7a-025c-4d43-abc7-318e81a73d65", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f7c0689c-4dbd-489b-81be-7cb7c7079ade", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f91162cc-1686-4ff8-8115-bf3f61a4cc7a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "fb575479-14ef-41e9-bfab-0b7cf10bec73", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "fe926152-f431-4baf-956c-4ad3cb0bf23b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -12501,7 +12501,7 @@ }, "related": [ { - "dest-uuid": "791481f8-e96a-41be-b089-a088763083d4", + "dest-uuid": "10d5f3b7-6be6-4da5-9a77-0f1e2bbfcc44", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -12515,14 +12515,14 @@ "type": "uses" }, { - "dest-uuid": "dfebc3b7-d19d-450b-81c7-6dafe4184c04", + "dest-uuid": "791481f8-e96a-41be-b089-a088763083d4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "10d5f3b7-6be6-4da5-9a77-0f1e2bbfcc44", + "dest-uuid": "dfebc3b7-d19d-450b-81c7-6dafe4184c04", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -12552,6 +12552,13 @@ ] }, "related": [ + { + "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "a9b44750-992c-4743-8922-129880d277ea", "tags": [ @@ -12565,13 +12572,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "2e5d3a83-fe00-41a5-9b60-237efc84832f", @@ -12583,11 +12583,11 @@ "external_id": "G0004", "refs": [ "https://attack.mitre.org/groups/G0004", - "https://www.microsoft.com/security/blog/2021/12/06/nickel-targeting-government-organizations-across-latin-america-and-europe", - "https://www.intezer.com/miragefox-apt15-resurfaces-with-new-tools-based-on-old-ones/", "https://research.nccgroup.com/2018/03/10/apt15-is-alive-and-strong-an-analysis-of-royalcli-and-royaldns/", + "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-operation-ke3chang.pdf", + "https://www.intezer.com/miragefox-apt15-resurfaces-with-new-tools-based-on-old-ones/", "https://www.mandiant.com/resources/operation-ke3chang-targeted-attacks-against-ministries-of-foreign-affairs", - "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-operation-ke3chang.pdf" + "https://www.microsoft.com/security/blog/2021/12/06/nickel-targeting-government-organizations-across-latin-america-and-europe" ], "synonyms": [ "Ke3chang", @@ -12602,7 +12602,84 @@ }, "related": [ { - "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", + "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "0c4b4fda-9062-47da-98b9-ceae2dcf052a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "212306d8-efa4-44c9-8c2d-ed3d2e224aa0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -12616,7 +12693,224 @@ "type": "uses" }, { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "dest-uuid": "294e2560-bd48-44b2-9da2-833b5588ad11", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e45723a-31da-4a7e-aaa6-e01998a6788f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "33b9e38f-103c-412d-bdcf-904a91fff1e4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4664b683-f578-434f-919b-1c1aad2a1111", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4b6ec280-7bbb-48ff-ae59-b189520ebe83", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4d7bf2ac-f953-4907-b114-be44dc174d67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "768dce68-8d0d-477a-b01d-0eea98b963a1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "77eae145-55db-4519-8ae5-77b0c7215d69", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -12636,20 +12930,6 @@ ], "type": "uses" }, - { - "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "c1b68a96-3c48-49ea-a6c0-9b27359f9c19", "tags": [ @@ -12657,216 +12937,6 @@ ], "type": "uses" }, - { - "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0c4b4fda-9062-47da-98b9-ceae2dcf052a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4b6ec280-7bbb-48ff-ae59-b189520ebe83", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "33b9e38f-103c-412d-bdcf-904a91fff1e4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4664b683-f578-434f-919b-1c1aad2a1111", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f232fa7a-025c-4d43-abc7-318e81a73d65", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e45723a-31da-4a7e-aaa6-e01998a6788f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ @@ -12875,77 +12945,14 @@ "type": "uses" }, { - "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4d7bf2ac-f953-4907-b114-be44dc174d67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "77eae145-55db-4519-8ae5-77b0c7215d69", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "212306d8-efa4-44c9-8c2d-ed3d2e224aa0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -12959,35 +12966,28 @@ "type": "uses" }, { - "dest-uuid": "768dce68-8d0d-477a-b01d-0eea98b963a1", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "294e2560-bd48-44b2-9da2-833b5588ad11", + "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", + "dest-uuid": "f232fa7a-025c-4d43-abc7-318e81a73d65", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -13002,9 +13002,9 @@ "meta": { "external_id": "G0003", "refs": [ + "http://www.secureworks.com/cyber-threat-intelligence/threats/suspected-iran-based-hacker-group-creates-network-of-fake-linkedin-profiles/", "https://attack.mitre.org/groups/G0003", - "https://www.cylance.com/content/dam/cylance/pages/operation-cleaver/Cylance_Operation_Cleaver_Report.pdf", - "http://www.secureworks.com/cyber-threat-intelligence/threats/suspected-iran-based-hacker-group-creates-network-of-fake-linkedin-profiles/" + "https://www.cylance.com/content/dam/cylance/pages/operation-cleaver/Cylance_Operation_Cleaver_Report.pdf" ], "synonyms": [ "Cleaver", @@ -13021,11 +13021,18 @@ "type": "similar" }, { - "dest-uuid": "86724806-7ec9-4a48-a0a7-ecbde3bf4810", + "dest-uuid": "212306d8-efa4-44c9-8c2d-ed3d2e224aa0", "tags": [ - "estimative-language:likelihood-probability=\"likely\"" + "estimative-language:likelihood-probability=\"almost-certain\"" ], - "type": "similar" + "type": "uses" + }, + { + "dest-uuid": "271e6d40-e191-421a-8f87-a8102452c201", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" }, { "dest-uuid": "42be2a84-5a5c-4c6d-9864-3f09d75bb0ba", @@ -13035,12 +13042,26 @@ "type": "similar" }, { - "dest-uuid": "d56c99fa-4710-472c-81a6-41b7a84ea4be", + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "86724806-7ec9-4a48-a0a7-ecbde3bf4810", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, + { + "dest-uuid": "9108e212-1c94-4f8d-be76-1aad9b4c86a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "a0082cfa-32e2-42b8-92d8-5c7a7409dcf1", "tags": [ @@ -13049,28 +13070,7 @@ "type": "similar" }, { - "dest-uuid": "ba724df5-9aa0-45ca-8e0e-7101c208ae48", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "f98bac6b-12fd-4cad-be84-c84666932232", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "f873db71-3d53-41d5-b141-530675ade27a", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "212306d8-efa4-44c9-8c2d-ed3d2e224aa0", + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -13091,7 +13091,21 @@ "type": "uses" }, { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "dest-uuid": "ba724df5-9aa0-45ca-8e0e-7101c208ae48", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c2ffd229-11bb-4fd8-9208-edbe97b14c93", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -13104,6 +13118,34 @@ ], "type": "uses" }, + { + "dest-uuid": "d56c99fa-4710-472c-81a6-41b7a84ea4be", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f873db71-3d53-41d5-b141-530675ade27a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f98bac6b-12fd-4cad-be84-c84666932232", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "fddd81e9-dd3d-477e-9773-4fb8ae227234", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "fde50aaa-f5de-4cb8-989a-babb57d6a704", "tags": [ @@ -13117,48 +13159,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c2ffd229-11bb-4fd8-9208-edbe97b14c93", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9108e212-1c94-4f8d-be76-1aad9b4c86a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "271e6d40-e191-421a-8f87-a8102452c201", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "fddd81e9-dd3d-477e-9773-4fb8ae227234", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063", @@ -13169,16 +13169,16 @@ "meta": { "external_id": "G0040", "refs": [ - "https://attack.mitre.org/groups/G0040", - "https://web.archive.org/web/20180825085952/https://s3-us-west-2.amazonaws.com/cymmetria-blog/public/Unveiling_Patchwork.pdf", + "http://enterprise-manage.norman.c.bitbit.net/resources/files/Unveiling_an_Indian_Cyberattack_Infrastructure.pdf", "http://www.symantec.com/connect/blogs/patchwork-cyberespionage-group-expands-targets-governments-wide-range-industries", + "https://attack.mitre.org/groups/G0040", "https://documents.trendmicro.com/assets/tech-brief-untangling-the-patchwork-cyberespionage-group.pdf", - "https://www.volexity.com/blog/2018/06/07/patchwork-apt-group-targets-us-think-tanks/", - "https://securelist.com/the-dropping-elephant-actor/75328/", "https://researchcenter.paloaltonetworks.com/2018/03/unit42-patchwork-continues-deliver-badnews-indian-subcontinent/", + "https://securelist.com/the-dropping-elephant-actor/75328/", "https://unit42.paloaltonetworks.com/updated-backconfig-malware-targeting-government-and-military-organizations/", + "https://web.archive.org/web/20180825085952/https://s3-us-west-2.amazonaws.com/cymmetria-blog/public/Unveiling_Patchwork.pdf", "https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-security-labs-monsoon-analysis-report.pdf", - "http://enterprise-manage.norman.c.bitbit.net/resources/files/Unveiling_an_Indian_Cyberattack_Infrastructure.pdf" + "https://www.volexity.com/blog/2018/06/07/patchwork-apt-group-targets-us-think-tanks/" ], "synonyms": [ "Patchwork", @@ -13190,237 +13190,6 @@ ] }, "related": [ - { - "dest-uuid": "18d473a5-831b-47a5-97a1-a32156299825", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ab3580c8-8435-4117-aace-3d9fbe46aa56", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "13cd9151-83b7-410d-9f98-25d0f0d1d80d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e9595678-d269-469e-ae6b-75e49259de63", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "85b39628-204a-48d2-b377-ec368cbcb7ca", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1183cb9-258e-4f2f-8415-50ac8252c49e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f7827069-0bf2-4764-af4f-23fae0d181b7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c8e87b83-edbb-48d4-9295-4974897525b7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "da04ac30-27da-4959-a67d-450ce47d9470", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b0533c6e-8fea-4788-874f-b799cacc4b92", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c13d9621-aca7-436b-ab3d-3a95badb3d00", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ @@ -13428,41 +13197,6 @@ ], "type": "uses" }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ @@ -13471,21 +13205,49 @@ "type": "uses" }, { - "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "f5352566-1a64-49ac-8f7f-97e1d1a03300", + "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "13cd9151-83b7-410d-9f98-25d0f0d1d80d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "18d473a5-831b-47a5-97a1-a32156299825", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -13499,7 +13261,28 @@ "type": "uses" }, { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -13512,6 +13295,153 @@ ], "type": "uses" }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "85b39628-204a-48d2-b377-ec368cbcb7ca", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ab3580c8-8435-4117-aace-3d9fbe46aa56", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b0533c6e-8fea-4788-874f-b799cacc4b92", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c13d9621-aca7-436b-ab3d-3a95badb3d00", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c8e87b83-edbb-48d4-9295-4974897525b7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1183cb9-258e-4f2f-8415-50ac8252c49e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ @@ -13520,7 +13450,77 @@ "type": "uses" }, { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "da04ac30-27da-4959-a67d-450ce47d9470", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e9595678-d269-469e-ae6b-75e49259de63", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f5352566-1a64-49ac-8f7f-97e1d1a03300", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f7827069-0bf2-4764-af4f-23fae0d181b7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -13537,11 +13537,11 @@ "refs": [ "https://attack.mitre.org/groups/G0008", "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08064518/Carbanak_APT_eng.pdf", - "https://www.fireeye.com/blog/threat-research/2017/04/fin7-phishing-lnk.html", "https://www.europol.europa.eu/newsroom/news/mastermind-behind-eur-1-billion-cyber-bank-robbery-arrested-in-spain", - "https://www.secureworks.com/research/threat-profiles/gold-niagara", + "https://www.fireeye.com/blog/threat-research/2017/04/fin7-phishing-lnk.html", + "https://www.fox-it.com/en/news/blog/anunak-aka-carbanak-update/", "https://www.secureworks.com/research/threat-profiles/gold-kingswood?filter=item-financial-gain", - "https://www.fox-it.com/en/news/blog/anunak-aka-carbanak-update/" + "https://www.secureworks.com/research/threat-profiles/gold-niagara" ], "synonyms": [ "Carbanak", @@ -13556,34 +13556,6 @@ ], "type": "similar" }, - { - "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ @@ -13591,41 +13563,6 @@ ], "type": "uses" }, - { - "dest-uuid": "72f54d66-675d-4587-9bd3-4ed09f9522e4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ @@ -13633,6 +13570,27 @@ ], "type": "uses" }, + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "5a63f900-5e7e-4928-a746-dd4558e1df71", "tags": [ @@ -13640,12 +13598,54 @@ ], "type": "uses" }, + { + "dest-uuid": "72f54d66-675d-4587-9bd3-4ed09f9522e4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "55033a4d-3ffe-46b2-99b4-2c1541e9ce1c", @@ -13666,35 +13666,7 @@ }, "related": [ { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "73d08401-005f-4e1f-90b9-8f45d120879f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -13708,35 +13680,7 @@ "type": "uses" }, { - "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -13750,7 +13694,14 @@ "type": "uses" }, { - "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "73d08401-005f-4e1f-90b9-8f45d120879f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -13762,6 +13713,55 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "f8cb7b36-62ef-4488-8a6d-a7033e3271c1", @@ -13780,6 +13780,20 @@ ] }, "related": [ + { + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ @@ -13788,7 +13802,7 @@ "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -13802,7 +13816,14 @@ "type": "uses" }, { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -13815,6 +13836,55 @@ ], "type": "uses" }, + { + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3433a9e8-1c47-4320-b9bf-ed449061d1c3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ @@ -13822,6 +13892,13 @@ ], "type": "uses" }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ @@ -13829,6 +13906,34 @@ ], "type": "uses" }, + { + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c92e3d68-2349-49e4-a341-7edca2deff96", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "tags": [ @@ -13844,14 +13949,7 @@ "type": "uses" }, { - "dest-uuid": "c92e3d68-2349-49e4-a341-7edca2deff96", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -13864,110 +13962,12 @@ ], "type": "uses" }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3433a9e8-1c47-4320-b9bf-ed449061d1c3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "6b1b551c-d770-4f95-8cfc-3cd253c4c04e", @@ -13978,8 +13978,8 @@ "meta": { "external_id": "G0011", "refs": [ - "https://attack.mitre.org/groups/G0011", "https://airbus-cyber-security.com/the-eye-of-the-tiger/", + "https://attack.mitre.org/groups/G0011", "https://www.fireeye.com/blog/threat-research/2014/07/spy-of-the-tiger.html" ], "synonyms": [ @@ -13987,6 +13987,13 @@ ] }, "related": [ + { + "dest-uuid": "251fbae2-78f6-4de7-84f6-194c727a64ad", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "4d37813c-b8e9-4e58-a758-03168d8aa189", "tags": [ @@ -14002,14 +14009,14 @@ "type": "uses" }, { - "dest-uuid": "b42378e0-f147-496f-992a-26a49705395b", + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "251fbae2-78f6-4de7-84f6-194c727a64ad", + "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -14030,14 +14037,7 @@ "type": "uses" }, { - "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", + "dest-uuid": "b42378e0-f147-496f-992a-26a49705395b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -14060,13 +14060,6 @@ ] }, "related": [ - { - "dest-uuid": "e196b5c5-8118-4a1c-ab8a-936586ce3db5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "3cab1b76-2f40-4cd0-8d2c-7ed16eeb909c", "tags": [ @@ -14075,14 +14068,21 @@ "type": "uses" }, { - "dest-uuid": "e51398e6-53dc-4e9f-a323-e54683d8672b", + "dest-uuid": "5b6ce031-bb86-407a-9984-2b9700ac4549", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "5b6ce031-bb86-407a-9984-2b9700ac4549", + "dest-uuid": "e196b5c5-8118-4a1c-ab8a-936586ce3db5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e51398e6-53dc-4e9f-a323-e54683d8672b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -14114,11 +14114,18 @@ "type": "similar" }, { - "dest-uuid": "99e30d89-9361-4b73-a999-9e5ff9320bcb", + "dest-uuid": "271e6d40-e191-421a-8f87-a8102452c201", "tags": [ - "estimative-language:likelihood-probability=\"likely\"" + "estimative-language:likelihood-probability=\"almost-certain\"" ], - "type": "similar" + "type": "uses" + }, + { + "dest-uuid": "72c8d526-1247-42d4-919c-6d7a31ca8f39", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" }, { "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", @@ -14127,6 +14134,20 @@ ], "type": "uses" }, + { + "dest-uuid": "9108e212-1c94-4f8d-be76-1aad9b4c86a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "99e30d89-9361-4b73-a999-9e5ff9320bcb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8", "tags": [ @@ -14140,27 +14161,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "271e6d40-e191-421a-8f87-a8102452c201", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9108e212-1c94-4f8d-be76-1aad9b4c86a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "72c8d526-1247-42d4-919c-6d7a31ca8f39", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "090242d7-73fc-4738-af68-20162f7a5aae", @@ -14171,10 +14171,10 @@ "meta": { "external_id": "G0026", "refs": [ - "https://attack.mitre.org/groups/G0026", "http://www.secureworks.com/resources/blog/where-you-at-indicators-of-lateral-movement-using-at-exe-on-windows-7-systems/", - "https://www.threatstream.com/blog/evasive-maneuvers-the-wekby-group-attempts-to-evade-analysis-via-custom-rop", - "https://www.anomali.com/blog/evasive-maneuvers-the-wekby-group-attempts-to-evade-analysis-via-custom-rop" + "https://attack.mitre.org/groups/G0026", + "https://www.anomali.com/blog/evasive-maneuvers-the-wekby-group-attempts-to-evade-analysis-via-custom-rop", + "https://www.threatstream.com/blog/evasive-maneuvers-the-wekby-group-attempts-to-evade-analysis-via-custom-rop" ], "synonyms": [ "APT18", @@ -14184,34 +14184,6 @@ ] }, "related": [ - { - "dest-uuid": "9a683d9c-8f7d-43df-bba2-ad0ca71e277c", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "2fb07fa4-0d7f-43c7-8ff4-b28404313fe7", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "8e28dbee-4e9e-4491-9a6c-ee9c9ec4b28b", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "e066bf86-9cfb-407a-9d25-26fd5d91e360", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", "tags": [ @@ -14219,97 +14191,6 @@ ], "type": "uses" }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "88c621a7-aef9-4ae0-94e3-1fc87123eb24", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f3d95a1f-bba2-44ce-9af7-37866cd63fd0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9e2bba94-950b-4fcf-8070-cb3f816c5f4e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b96680d1-5eb3-4f07-b95c-00ab904ac236", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", "tags": [ @@ -14318,7 +14199,77 @@ "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "2fb07fa4-0d7f-43c7-8ff4-b28404313fe7", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "88c621a7-aef9-4ae0-94e3-1fc87123eb24", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8e28dbee-4e9e-4491-9a6c-ee9c9ec4b28b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "9a683d9c-8f7d-43df-bba2-ad0ca71e277c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "9e2bba94-950b-4fcf-8070-cb3f816c5f4e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b96680d1-5eb3-4f07-b95c-00ab904ac236", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -14330,6 +14281,55 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e066bf86-9cfb-407a-9d25-26fd5d91e360", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3d95a1f-bba2-44ce-9af7-37866cd63fd0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "38fd6a28-3353-4f2b-bb2b-459fecd5c648", @@ -14340,30 +14340,30 @@ "meta": { "external_id": "G0016", "refs": [ - "https://attack.mitre.org/groups/G0016", - "https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/", - "https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/", - "https://www.crowdstrike.com/blog/sunspot-malware-technical-analysis/", - "https://www.crowdstrike.com/blog/observations-from-the-stellarparticle-campaign/", - "https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf", - "https://www.fireeye.com/blog/threat-research/2018/11/not-so-cozy-an-uncomfortable-examination-of-a-suspected-apt29-phishing-campaign.html", - "https://www.f-secure.com/documents/996508/1030745/dukes_whitepaper.pdf", - "https://www.welivesecurity.com/wp-content/uploads/2019/10/ESET_Operation_Ghost_Dukes.pdf", - "https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html", - "https://labs.sentinelone.com/noblebaron-new-poisoned-installers-could-be-used-in-supply-chain-attacks/", - "https://www.microsoft.com/security/blog/2018/12/03/analysis-of-cyberattack-on-u-s-think-tanks-non-profits-public-sector-by-unidentified-attackers/", - "https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/", - "https://msrc-blog.microsoft.com/2021/06/25/new-nobelium-activity/", - "https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/", - "https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/", - "https://www.ncsc.gov.uk/files/Advisory-APT29-targets-COVID-19-vaccine-development-V1-1.pdf", - "https://www.ncsc.gov.uk/files/Advisory-further-TTPs-associated-with-SVR-cyber-actors.pdf", - "https://media.defense.gov/2021/Apr/15/2002621240/-1/-1/0/CSA_SVR_TARGETS_US_ALLIES_UOO13234021.PDF/CSA_SVR_TARGETS_US_ALLIES_UOO13234021.PDF", "http://www.secureworks.com/research/threat-profiles/iron-hemlock", - "https://www.secureworks.com/research/threat-profiles/iron-ritual", + "https://attack.mitre.org/groups/G0016", + "https://labs.sentinelone.com/noblebaron-new-poisoned-installers-could-be-used-in-supply-chain-attacks/", + "https://media.defense.gov/2021/Apr/15/2002621240/-1/-1/0/CSA_SVR_TARGETS_US_ALLIES_UOO13234021.PDF/CSA_SVR_TARGETS_US_ALLIES_UOO13234021.PDF", + "https://msrc-blog.microsoft.com/2021/06/25/new-nobelium-activity/", + "https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/", + "https://www.crowdstrike.com/blog/observations-from-the-stellarparticle-campaign/", + "https://www.crowdstrike.com/blog/sunspot-malware-technical-analysis/", + "https://www.f-secure.com/documents/996508/1030745/dukes_whitepaper.pdf", + "https://www.fireeye.com/blog/threat-research/2018/11/not-so-cozy-an-uncomfortable-examination-of-a-suspected-apt29-phishing-campaign.html", + "https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html", "https://www.gov.uk/government/news/russia-uk-and-us-expose-global-campaigns-of-malign-activity-by-russian-intelligence-services", "https://www.gov.uk/government/news/russia-uk-exposes-russian-involvement-in-solarwinds-cyber-compromise", + "https://www.microsoft.com/security/blog/2018/12/03/analysis-of-cyberattack-on-u-s-think-tanks-non-profits-public-sector-by-unidentified-attackers/", + "https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/", + "https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/", + "https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/", + "https://www.ncsc.gov.uk/files/Advisory-APT29-targets-COVID-19-vaccine-development-V1-1.pdf", + "https://www.ncsc.gov.uk/files/Advisory-further-TTPs-associated-with-SVR-cyber-actors.pdf", "https://www.ncsc.gov.uk/news/uk-and-us-call-out-russia-for-solarwinds-compromise", + "https://www.secureworks.com/research/threat-profiles/iron-ritual", + "https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf", + "https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/", + "https://www.welivesecurity.com/wp-content/uploads/2019/10/ESET_Operation_Ghost_Dukes.pdf", "https://www.whitehouse.gov/briefing-room/statements-releases/2021/04/15/fact-sheet-imposing-costs-for-harmful-foreign-activities-by-the-russian-government/" ], "synonyms": [ @@ -14383,364 +14383,7 @@ }, "related": [ { - "dest-uuid": "b2056ff0-00b9-482e-b11c-c771daa5f28a", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "959f3b19-2dc8-48d5-8942-c66813a5101a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "54a01db0-9fab-4d5f-8209-53cef8425f4a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ae9d818d-95d0-41da-b045-9cabea1ca164", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6dbdc657-d8e0-4f2f-909b-7251b3e72c6d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "fdc47f44-dd32-4b99-af5f-209f556f63c2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f6ad61ee-65f3-4bd0-a3f5-2f0accb36317", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "979adb5a-dc30-48f0-9e3d-9a26d866928c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2daa14d6-cbf3-4308-bb8e-213c324a08e4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4eb28bed-d11a-4641-9863-c2ac017d910a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bc76d0a4-db11-4551-9ac4-01a469cfb161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "72911fe3-f085-40f7-b4f2-f25a4221fe44", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bd369cd9-abb8-41ce-b5bb-fff23ee86c00", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5c747acd-47f0-4c5a-b9e5-213541fc01e0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "eec23884-3fa1-4d8a-ac50-6f104d51e235", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b136d088-a829-432c-ac26-5529c26d4c7e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24769ab5-14bd-4f4e-a752-cfb185da53ee", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "32f49626-87f4-4d6c-8f59-a0dca953fe26", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f232fa7a-025c-4d43-abc7-318e81a73d65", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1f9c2bae-b441-4f66-a8af-b65946ee72f2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "72b74d71-8169-42aa-92e0-e7b04b9f5a08", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7b211ac6-c815-4189-93a9-ab415deca926", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "861b8fd2-57f3-4ee1-ab5d-c19c3b8c7a4a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bd9c723-2f78-4309-82c5-47cad406572b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2f8229dc-da94-41c6-89ba-b5b6c32f6b7d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5e7ef1dc-7fb6-4913-ac75-e06113b59e0c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cff94884-3b1c-4987-a70b-6d5643c621c3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "96eca9b9-b37f-42f1-96dc-a2c441403194", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f9cc4d06-775f-4ee1-b401-4e2cc0da30ba", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -14753,601 +14396,6 @@ ], "type": "uses" }, - { - "dest-uuid": "9fa07bef-9c81-421e-a8e5-ad4366c5a925", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "70e52b04-2a0c-4cea-9d18-7149f1df9dc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "132d5b37-aac5-4378-a8dc-3127b18a73dc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65370d0b-3bd4-4653-8cf9-daf56f6be830", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7decb26c-715c-40cf-b7e0-026f7d7cc215", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "51a14c76-dd3b-440b-9c20-2bf91d25a814", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "11f8d7eb-1927-4806-9267-3a11d4d4d6be", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "212306d8-efa4-44c9-8c2d-ed3d2e224aa0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f005e783-57d4-4837-88ad-dbe7faee1c51", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "199463de-d9be-46d6-bb41-07234c1dd5a6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2dbbdcd5-92cf-44c0-aea2-fe24783a6bc3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1cec9319-743b-4840-bb65-431547bce82a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5e595477-2e78-4ce7-ae42-e0b059b17808", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e33e4603-afab-402d-b2a1-248d435b5fe0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "67e6d66b-1b82-4699-b47a-e2efb6268d14", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c3c8c916-2f3c-4e71-94b2-240bdfc996f0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a009cb25-4801-4116-9105-80a91cf15c1b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6ef745b-077f-42e1-a37d-29eecff9c754", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3a4197ae-ec63-4162-907b-9a073d1157e4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "95e2cbae-d82c-4f7b-b63c-16462015d35d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf48e7f8-752c-4ce8-bf8f-748edacd8fa6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e74de37c-a829-446c-937d-56a44f0e9306", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "10ffac09-e42d-4f56-ab20-db94c67d76ff", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4efc3e00-72f2-466a-ab7c-8a7dc6603b19", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e45723a-31da-4a7e-aaa6-e01998a6788f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "767dbf9e-df3f-45cb-8998-4903ab5f80c0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d8d19e33-94fd-4aa3-b94a-08ee801a2153", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f303a39a-6255-4b89-aecc-18c4d8ca7163", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d4dc46e3-5ba5-45b9-8204-010867cacfcb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a8839c95-029f-44cf-8f3d-a3cf2039e927", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "294e2560-bd48-44b2-9da2-833b5588ad11", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8a2f40cf-8325-47f9-96e4-b1ca4c7389bd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f2877f7f-9a4c-4251-879f-1224e3006bee", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bdad6f3b-de88-42fa-9295-d29b5271808e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "066b057c-944e-4cfc-b654-e3dfba04b926", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "359b00ad-9425-420b-bba5-6de8d600cbc0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cbf646f1-7db5-4dc6-808b-0094313949df", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "954a1639-f2d6-407d-aef3-4917622ca493", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b7010785-699f-412f-ba49-524da6033c76", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f59508a6-3615-47c3-b493-6676e1a39a87", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f104855-e5b7-4077-b1f5-bc3103b41abe", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3d57dcc4-be99-4613-9482-d5218f5ec13e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b8902400-e6c5-4ba2-95aa-2d35b442b118", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ @@ -15355,83 +14403,6 @@ ], "type": "uses" }, - { - "dest-uuid": "c26f1c05-b861-4970-94dc-2f7f921a3074", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2eb9b131-d333-4a48-9eb4-d8dec46c19ee", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2c5281dd-b5fd-4531-8aea-c1bf8a0f8756", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ca9d3402-ada3-484d-876a-d717bd6e05f2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "47124daf-44be-4530-9c63-038bc64318dd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7e7c2fba-7cca-486c-9582-4c1bb2851961", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ @@ -15439,6 +14410,230 @@ ], "type": "uses" }, + { + "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "066b057c-944e-4cfc-b654-e3dfba04b926", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "10ffac09-e42d-4f56-ab20-db94c67d76ff", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "11f8d7eb-1927-4806-9267-3a11d4d4d6be", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "132d5b37-aac5-4378-a8dc-3127b18a73dc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "199463de-d9be-46d6-bb41-07234c1dd5a6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1cec9319-743b-4840-bb65-431547bce82a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1f9c2bae-b441-4f66-a8af-b65946ee72f2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "212306d8-efa4-44c9-8c2d-ed3d2e224aa0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "24769ab5-14bd-4f4e-a752-cfb185da53ee", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "294e2560-bd48-44b2-9da2-833b5588ad11", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2c5281dd-b5fd-4531-8aea-c1bf8a0f8756", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2daa14d6-cbf3-4308-bb8e-213c324a08e4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2dbbdcd5-92cf-44c0-aea2-fe24783a6bc3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e45723a-31da-4a7e-aaa6-e01998a6788f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2eb9b131-d333-4a48-9eb4-d8dec46c19ee", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2f8229dc-da94-41c6-89ba-b5b6c32f6b7d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "32f49626-87f4-4d6c-8f59-a0dca953fe26", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "359b00ad-9425-420b-bba5-6de8d600cbc0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3a4197ae-ec63-4162-907b-9a073d1157e4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ @@ -15446,12 +14641,817 @@ ], "type": "uses" }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3d57dcc4-be99-4613-9482-d5218f5ec13e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "47124daf-44be-4530-9c63-038bc64318dd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4eb28bed-d11a-4641-9863-c2ac017d910a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4efc3e00-72f2-466a-ab7c-8a7dc6603b19", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "51a14c76-dd3b-440b-9c20-2bf91d25a814", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "54a01db0-9fab-4d5f-8209-53cef8425f4a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5c747acd-47f0-4c5a-b9e5-213541fc01e0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5e595477-2e78-4ce7-ae42-e0b059b17808", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5e7ef1dc-7fb6-4913-ac75-e06113b59e0c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "65370d0b-3bd4-4653-8cf9-daf56f6be830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "67e6d66b-1b82-4699-b47a-e2efb6268d14", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6dbdc657-d8e0-4f2f-909b-7251b3e72c6d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "70e52b04-2a0c-4cea-9d18-7149f1df9dc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "72911fe3-f085-40f7-b4f2-f25a4221fe44", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "72b74d71-8169-42aa-92e0-e7b04b9f5a08", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "767dbf9e-df3f-45cb-8998-4903ab5f80c0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7b211ac6-c815-4189-93a9-ab415deca926", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bd9c723-2f78-4309-82c5-47cad406572b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7decb26c-715c-40cf-b7e0-026f7d7cc215", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e7c2fba-7cca-486c-9582-4c1bb2851961", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "861b8fd2-57f3-4ee1-ab5d-c19c3b8c7a4a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8a2f40cf-8325-47f9-96e4-b1ca4c7389bd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f104855-e5b7-4077-b1f5-bc3103b41abe", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "954a1639-f2d6-407d-aef3-4917622ca493", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "959f3b19-2dc8-48d5-8942-c66813a5101a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "95e2cbae-d82c-4f7b-b63c-16462015d35d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "96eca9b9-b37f-42f1-96dc-a2c441403194", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "979adb5a-dc30-48f0-9e3d-9a26d866928c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9fa07bef-9c81-421e-a8e5-ad4366c5a925", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a009cb25-4801-4116-9105-80a91cf15c1b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a8839c95-029f-44cf-8f3d-a3cf2039e927", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ae9d818d-95d0-41da-b045-9cabea1ca164", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b136d088-a829-432c-ac26-5529c26d4c7e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b2056ff0-00b9-482e-b11c-c771daa5f28a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b7010785-699f-412f-ba49-524da6033c76", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b8902400-e6c5-4ba2-95aa-2d35b442b118", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bc76d0a4-db11-4551-9ac4-01a469cfb161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bd369cd9-abb8-41ce-b5bb-fff23ee86c00", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bdad6f3b-de88-42fa-9295-d29b5271808e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf48e7f8-752c-4ce8-bf8f-748edacd8fa6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c26f1c05-b861-4970-94dc-2f7f921a3074", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c3c8c916-2f3c-4e71-94b2-240bdfc996f0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ca9d3402-ada3-484d-876a-d717bd6e05f2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cbf646f1-7db5-4dc6-808b-0094313949df", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cff94884-3b1c-4987-a70b-6d5643c621c3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d4dc46e3-5ba5-45b9-8204-010867cacfcb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d8d19e33-94fd-4aa3-b94a-08ee801a2153", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e33e4603-afab-402d-b2a1-248d435b5fe0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6ef745b-077f-42e1-a37d-29eecff9c754", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e74de37c-a829-446c-937d-56a44f0e9306", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "eec23884-3fa1-4d8a-ac50-6f104d51e235", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f005e783-57d4-4837-88ad-dbe7faee1c51", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f232fa7a-025c-4d43-abc7-318e81a73d65", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f2877f7f-9a4c-4251-879f-1224e3006bee", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f303a39a-6255-4b89-aecc-18c4d8ca7163", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f59508a6-3615-47c3-b493-6676e1a39a87", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f6ad61ee-65f3-4bd0-a3f5-2f0accb36317", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f9cc4d06-775f-4ee1-b401-4e2cc0da30ba", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "fdc47f44-dd32-4b99-af5f-209f556f63c2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "899ce53f-13a0-479b-a0e4-67d46e241542", @@ -15464,8 +15464,8 @@ "refs": [ "https://attack.mitre.org/groups/G0012", "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08070903/darkhotel_kl_07.11.pdf", - "https://securelist.com/darkhotels-attacks-in-2015/71713/", "https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWxPuf", + "https://securelist.com/darkhotels-attacks-in-2015/71713/", "https://www.microsoft.com/security/blog/2016/06/09/reverse-engineering-dubnium-2/", "https://www.microsoft.com/security/blog/2016/06/20/reverse-engineering-dubniums-flash-targeting-exploit/", "https://www.microsoft.com/security/blog/2016/07/14/reverse-engineering-dubnium-stage-2-payload-analysis/" @@ -15476,48 +15476,6 @@ ] }, "related": [ - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "246fd3c7-f5e3-466d-8787-4c13d9e3b61c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "91541e7e-b969-40c6-bbd8-1b5352ec2938", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ @@ -15525,34 +15483,6 @@ ], "type": "uses" }, - { - "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "82caa33e-d11a-433a-94ea-9b5a5fbef81d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ @@ -15561,56 +15491,28 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "dest-uuid": "246fd3c7-f5e3-466d-8787-4c13d9e3b61c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15624,7 +15526,42 @@ "type": "uses" }, { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15637,6 +15574,48 @@ ], "type": "uses" }, + { + "dest-uuid": "82caa33e-d11a-433a-94ea-9b5a5fbef81d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "91541e7e-b969-40c6-bbd8-1b5352ec2938", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "tags": [ @@ -15644,12 +15623,33 @@ ], "type": "uses" }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "9e729a7e-0dd6-4097-95bf-db8d64911383", @@ -15669,56 +15669,7 @@ }, "related": [ { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bfd2738c-8b43-43c3-bc9f-d523c8e88bf4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7cdfccda-2950-4167-981a-60872ff5d0db", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b76b2d94-60e4-4107-a903-4a3a7622fb3b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", + "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15732,21 +15683,7 @@ "type": "uses" }, { - "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", + "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15759,12 +15696,75 @@ ], "type": "uses" }, + { + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7cdfccda-2950-4167-981a-60872ff5d0db", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b76b2d94-60e4-4107-a903-4a3a7622fb3b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bfd2738c-8b43-43c3-bc9f-d523c8e88bf4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "1f0f9a14-11aa-49aa-9174-bcd0eaa979de", @@ -15775,10 +15775,10 @@ "meta": { "external_id": "G0021", "refs": [ - "https://attack.mitre.org/groups/G0021", - "https://www.clearskysec.com/wp-content/uploads/2016/01/Operation%20DustySky_TLP_WHITE.pdf", "http://www.clearskysec.com/wp-content/uploads/2016/06/Operation-DustySky2_-6.2016_TLP_White.pdf", + "https://attack.mitre.org/groups/G0021", "https://securelist.com/gaza-cybergang-group1-operation-sneakypastes/90068/", + "https://www.clearskysec.com/wp-content/uploads/2016/01/Operation%20DustySky_TLP_WHITE.pdf", "https://www.cybereason.com/hubfs/dam/collateral/reports/Molerats-in-the-Cloud-New-Malware-Arsenal-Abuses-Cloud-Platforms-in-Middle-East-Espionage-Campaign.pdf", "https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-east-cyber-attacks-using-poison-ivy.html" ], @@ -15790,49 +15790,7 @@ }, "related": [ { - "dest-uuid": "f7c2e501-73b1-400f-a5d9-2e2e07b7dfde", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "b42378e0-f147-496f-992a-26a49705395b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15853,70 +15811,14 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ae6097d-d700-46c6-8b21-42fc0bcb48fa", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "687c23e4-4e25-4ee7-a870-c5e002511f54", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15929,6 +15831,55 @@ ], "type": "uses" }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ae6097d-d700-46c6-8b21-42fc0bcb48fa", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "687c23e4-4e25-4ee7-a870-c5e002511f54", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "8a59f456-79a0-4151-9f56-9b1a67332af2", "tags": [ @@ -15936,6 +15887,20 @@ ], "type": "uses" }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ @@ -15949,6 +15914,41 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "b42378e0-f147-496f-992a-26a49705395b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f7c2e501-73b1-400f-a5d9-2e2e07b7dfde", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "df71bb3b-813c-45eb-a8bc-f2a419837411", @@ -15968,119 +15968,7 @@ }, "related": [ { - "dest-uuid": "ac4bce1f-b3ec-4c44-bd36-b6cc986b319b", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "4664b683-f578-434f-919b-1c1aad2a1111", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b42378e0-f147-496f-992a-26a49705395b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "294e2560-bd48-44b2-9da2-833b5588ad11", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2a6f4c7b-e690-4cc7-ab6b-1f821fb6b80b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", + "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -16101,7 +15989,119 @@ "type": "uses" }, { - "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "294e2560-bd48-44b2-9da2-833b5588ad11", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2a6f4c7b-e690-4cc7-ab6b-1f821fb6b80b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4664b683-f578-434f-919b-1c1aad2a1111", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac4bce1f-b3ec-4c44-bd36-b6cc986b319b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "b42378e0-f147-496f-992a-26a49705395b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -16117,11 +16117,11 @@ "external_id": "G0073", "refs": [ "https://attack.mitre.org/groups/G0073", - "https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html", - "https://web.archive.org/web/20171017072306/https://icitech.org/icit-brief-chinas-espionage-dynasty-economic-death-by-a-thousand-cuts/", - "https://www.fireeye.com/current-threats/apt-groups.html#apt19", "https://researchcenter.paloaltonetworks.com/2016/01/new-attacks-linked-to-c0d0s0-group/", - "https://www.darkreading.com/attacks-breaches/chinese-hacking-group-codoso-team-uses-forbescom-as-watering-hole-/d/d-id/1319059" + "https://web.archive.org/web/20171017072306/https://icitech.org/icit-brief-chinas-espionage-dynasty-economic-death-by-a-thousand-cuts/", + "https://www.darkreading.com/attacks-breaches/chinese-hacking-group-codoso-team-uses-forbescom-as-watering-hole-/d/d-id/1319059", + "https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html", + "https://www.fireeye.com/current-threats/apt-groups.html#apt19" ], "synonyms": [ "APT19", @@ -16133,14 +16133,7 @@ }, "related": [ { - "dest-uuid": "3433a9e8-1c47-4320-b9bf-ed449061d1c3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -16154,7 +16147,14 @@ "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -16168,28 +16168,14 @@ "type": "uses" }, { - "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "dest-uuid": "3433a9e8-1c47-4320-b9bf-ed449061d1c3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -16203,14 +16189,56 @@ "type": "uses" }, { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -16231,14 +16259,14 @@ "type": "uses" }, { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -16259,35 +16287,7 @@ "type": "uses" }, { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -16310,20 +16310,6 @@ ] }, "related": [ - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "115f88dd-0618-4389-83cb-98d33ae81848", "tags": [ @@ -16345,6 +16331,13 @@ ], "type": "uses" }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "5763217a-05b6-4edd-9bca-057e47b5e403", "tags": [ @@ -16352,6 +16345,13 @@ ], "type": "uses" }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ @@ -16369,8 +16369,8 @@ "external_id": "G0096", "refs": [ "https://attack.mitre.org/groups/G0096", - "https://content.fireeye.com/apt-41/rpt-apt41", "https://blog.group-ib.com/colunmtk_apt41", + "https://content.fireeye.com/apt-41/rpt-apt41", "https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf" ], "synonyms": [ @@ -16379,258 +16379,6 @@ ] }, "related": [ - { - "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "633a100c-b2c9-41bf-9be5-905c1b16c825", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1b7b1806-7746-41a1-a35d-e48dae25ddba", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9de2308e-7bed-43a3-8e58-f194b3586700", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f244b8dd-af6c-4391-a497-fc03627ce995", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "118f61a5-eb3e-4fb6-931f-2096647f4ecd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a6937325-9321-4e2e-bb2b-3ed2d40b2a9d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3433a9e8-1c47-4320-b9bf-ed449061d1c3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "294e2560-bd48-44b2-9da2-833b5588ad11", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bd369cd9-abb8-41ce-b5bb-fff23ee86c00", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "56f46b17-8cfa-46c0-b501-dd52fef394e2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba78a1c-186f-4112-9e6a-be1839f030f7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3aef9463-9a7a-43ba-8957-a867e07c1e6a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cd25c1b4-935c-4f0e-ba8d-552f28bc4783", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d906e6f7-434c-44c0-b51a-ed50af8f7945", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ @@ -16638,265 +16386,6 @@ ], "type": "uses" }, - { - "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "70e52b04-2a0c-4cea-9d18-7149f1df9dc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1d24cdee-9ea2-4189-b08e-af110bf2435d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cf23bf4a-e003-4116-bbae-1ea6c558d565", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ec9e00dd-0313-4d5b-8105-c20aa47abffc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "88c621a7-aef9-4ae0-94e3-1fc87123eb24", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4664b683-f578-434f-919b-1c1aad2a1111", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c8e87b83-edbb-48d4-9295-4974897525b7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0a68f1f1-da74-4d28-8d9a-696c082706cc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "94379dec-5c87-49db-b36e-66abc0b81344", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "64764dc6-a032-495f-8250-1e4c06bdc163", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5a3a31fe-5a8f-48e1-bff0-a753e5b1be70", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8787e86d-8475-4f13-acea-d33eb83b6105", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9a60a291-8960-4387-8a4a-2ab5c18bb50b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "84e02621-8fdf-470f-bd58-993bb6a89d91", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f7827069-0bf2-4764-af4f-23fae0d181b7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b77b563c-34bb-4fb8-86a3-3694338f7b47", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ @@ -16905,42 +16394,63 @@ "type": "uses" }, { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", + "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "cfc75b0d-e579-40ae-ad07-a1ce00d49a6c", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d69c8146-ab35-4d50-8382-6fc80e641d43", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "9b19d6b4-cfcb-492f-8ca8-8449e7331573", + "dest-uuid": "0a68f1f1-da74-4d28-8d9a-696c082706cc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "118f61a5-eb3e-4fb6-931f-2096647f4ecd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -16953,12 +16463,502 @@ ], "type": "uses" }, + { + "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1b7b1806-7746-41a1-a35d-e48dae25ddba", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1d24cdee-9ea2-4189-b08e-af110bf2435d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "294e2560-bd48-44b2-9da2-833b5588ad11", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3433a9e8-1c47-4320-b9bf-ed449061d1c3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3aef9463-9a7a-43ba-8957-a867e07c1e6a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4664b683-f578-434f-919b-1c1aad2a1111", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "56f46b17-8cfa-46c0-b501-dd52fef394e2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5a3a31fe-5a8f-48e1-bff0-a753e5b1be70", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "633a100c-b2c9-41bf-9be5-905c1b16c825", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "64764dc6-a032-495f-8250-1e4c06bdc163", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "70e52b04-2a0c-4cea-9d18-7149f1df9dc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "84e02621-8fdf-470f-bd58-993bb6a89d91", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8787e86d-8475-4f13-acea-d33eb83b6105", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "88c621a7-aef9-4ae0-94e3-1fc87123eb24", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "94379dec-5c87-49db-b36e-66abc0b81344", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9a60a291-8960-4387-8a4a-2ab5c18bb50b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9b19d6b4-cfcb-492f-8ca8-8449e7331573", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9de2308e-7bed-43a3-8e58-f194b3586700", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "a6937325-9321-4e2e-bb2b-3ed2d40b2a9d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b77b563c-34bb-4fb8-86a3-3694338f7b47", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bd369cd9-abb8-41ce-b5bb-fff23ee86c00", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c8e87b83-edbb-48d4-9295-4974897525b7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba78a1c-186f-4112-9e6a-be1839f030f7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cd25c1b4-935c-4f0e-ba8d-552f28bc4783", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cf23bf4a-e003-4116-bbae-1ea6c558d565", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cfc75b0d-e579-40ae-ad07-a1ce00d49a6c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d69c8146-ab35-4d50-8382-6fc80e641d43", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d906e6f7-434c-44c0-b51a-ed50af8f7945", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ec9e00dd-0313-4d5b-8105-c20aa47abffc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f244b8dd-af6c-4391-a497-fc03627ce995", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f7827069-0bf2-4764-af4f-23fae0d181b7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "18854f55-ac7c-4634-bd9a-352dd07613b7", @@ -16978,35 +16978,70 @@ }, "related": [ { - "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", + "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "da04ac30-27da-4959-a67d-450ce47d9470", + "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "df9b350b-d4f9-4e79-a826-75cc75fbc1eb", + "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "c8655260-9f4b-44e3-85e1-6538a5f6e4f4", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3433a9e8-1c47-4320-b9bf-ed449061d1c3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ee16395-03f0-4690-a32e-69ce9ada0f9e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -17027,84 +17062,14 @@ "type": "uses" }, { - "dest-uuid": "3ee16395-03f0-4690-a32e-69ce9ada0f9e", + "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "911fe4c3-444d-4e92-83b8-cc761ac5fd3b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3433a9e8-1c47-4320-b9bf-ed449061d1c3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d906e6f7-434c-44c0-b51a-ed50af8f7945", + "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -17117,6 +17082,20 @@ ], "type": "uses" }, + { + "dest-uuid": "911fe4c3-444d-4e92-83b8-cc761ac5fd3b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ @@ -17124,34 +17103,6 @@ ], "type": "uses" }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ @@ -17160,7 +17111,56 @@ "type": "uses" }, { - "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", + "dest-uuid": "c8655260-9f4b-44e3-85e1-6538a5f6e4f4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d906e6f7-434c-44c0-b51a-ed50af8f7945", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "da04ac30-27da-4959-a67d-450ce47d9470", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df9b350b-d4f9-4e79-a826-75cc75fbc1eb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -17183,20 +17183,6 @@ ] }, "related": [ - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", "tags": [ @@ -17204,6 +17190,20 @@ ], "type": "uses" }, + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "tags": [ @@ -17212,7 +17212,7 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -17225,6 +17225,13 @@ ], "type": "uses" }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ @@ -17233,14 +17240,7 @@ "type": "uses" }, { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -17255,8 +17255,8 @@ "meta": { "external_id": "G0041", "refs": [ - "https://attack.mitre.org/groups/G0041", "http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets", + "https://attack.mitre.org/groups/G0041", "https://securelist.com/faq-the-projectsauron-apt/75533/", "https://securelist.com/files/2016/07/The-ProjectSauron-APT_research_KL.pdf" ], @@ -17267,14 +17267,14 @@ }, "related": [ { - "dest-uuid": "f3179cfb-9c86-4980-bd6b-e4fa74adaaa7", + "dest-uuid": "3731fbcd-0e43-47ae-ae6c-d15e510f0d42", "tags": [ - "estimative-language:likelihood-probability=\"likely\"" + "estimative-language:likelihood-probability=\"almost-certain\"" ], - "type": "similar" + "type": "uses" }, { - "dest-uuid": "3731fbcd-0e43-47ae-ae6c-d15e510f0d42", + "dest-uuid": "69d6f4a9-fcf0-4f51-bca7-597c51ad0bb8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -17288,11 +17288,11 @@ "type": "uses" }, { - "dest-uuid": "69d6f4a9-fcf0-4f51-bca7-597c51ad0bb8", + "dest-uuid": "f3179cfb-9c86-4980-bd6b-e4fa74adaaa7", "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" + "estimative-language:likelihood-probability=\"likely\"" ], - "type": "uses" + "type": "similar" }, { "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", @@ -17326,14 +17326,14 @@ "type": "uses" }, { - "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", + "dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529", + "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -17347,14 +17347,7 @@ "type": "uses" }, { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", + "dest-uuid": "96fd6cc4-a693-4118-83ec-619e5352d07d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -17368,14 +17361,7 @@ "type": "uses" }, { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "96fd6cc4-a693-4118-83ec-619e5352d07d", + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -17388,6 +17374,13 @@ ], "type": "uses" }, + { + "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "d40239b3-05ff-46d8-9bdd-b46d13463ef9", "tags": [ @@ -17396,7 +17389,14 @@ "type": "uses" }, { - "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -17435,8 +17435,8 @@ "external_id": "G0061", "refs": [ "https://attack.mitre.org/groups/G0061", - "https://www.fireeye.com/blog/threat-research/2017/06/obfuscation-in-the-wild.html", - "https://www.fireeye.com/blog/threat-research/2016/05/windows-zero-day-payment-cards.html" + "https://www.fireeye.com/blog/threat-research/2016/05/windows-zero-day-payment-cards.html", + "https://www.fireeye.com/blog/threat-research/2017/06/obfuscation-in-the-wild.html" ], "synonyms": [ "FIN8" @@ -17444,28 +17444,14 @@ }, "related": [ { - "dest-uuid": "a78ae9fe-71cd-4563-9213-7b6260bd9a73", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "981acc4c-2ede-4b56-be6e-fa1a75f37acf", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -17478,34 +17464,6 @@ ], "type": "uses" }, - { - "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "38952eac-cb1b-4a71-bad2-ee8223a1c8fe", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", "tags": [ @@ -17514,21 +17472,7 @@ "type": "uses" }, { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -17542,14 +17486,14 @@ "type": "uses" }, { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -17563,7 +17507,42 @@ "type": "uses" }, { - "dest-uuid": "7c0f17c9-1af6-4628-9cbd-9e45482dd605", + "dest-uuid": "38952eac-cb1b-4a71-bad2-ee8223a1c8fe", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5c6ed2dc-37f4-40ea-b2e1-4c76140a388c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -17577,7 +17556,84 @@ "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "7c0f17c9-1af6-4628-9cbd-9e45482dd605", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "86850eff-2729-40c3-b85e-c4af26da4a2d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "981acc4c-2ede-4b56-be6e-fa1a75f37acf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a78ae9fe-71cd-4563-9213-7b6260bd9a73", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c4de7d83-e875-4c88-8b5d-06c41e5b7e79", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -17598,7 +17654,14 @@ "type": "uses" }, { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -17611,76 +17674,6 @@ ], "type": "uses" }, - { - "dest-uuid": "c4de7d83-e875-4c88-8b5d-06c41e5b7e79", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5c6ed2dc-37f4-40ea-b2e1-4c76140a388c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ @@ -17689,7 +17682,7 @@ "type": "uses" }, { - "dest-uuid": "86850eff-2729-40c3-b85e-c4af26da4a2d", + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -17703,7 +17696,14 @@ "type": "uses" }, { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -17727,21 +17727,21 @@ }, "related": [ { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "dest-uuid": "03259939-0b57-482f-8eb5-87c0e0d54334", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "dest-uuid": "09b130a2-a77e-4af0-a361-f46f9aad1345", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -17755,14 +17755,7 @@ "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f7827069-0bf2-4764-af4f-23fae0d181b7", + "dest-uuid": "2acf44aa-542f-4366-b4eb-55ef5747759c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -17775,48 +17768,6 @@ ], "type": "uses" }, - { - "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "806a49c4-970d-43f9-9acc-ac0ee11e6662", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c726e0a2-a57a-4b7b-a973-d0f013246617", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", "tags": [ @@ -17832,21 +17783,7 @@ "type": "uses" }, { - "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "633a100c-b2c9-41bf-9be5-905c1b16c825", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", + "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -17860,98 +17797,14 @@ "type": "uses" }, { - "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", + "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "09b130a2-a77e-4af0-a361-f46f9aad1345", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03259939-0b57-482f-8eb5-87c0e0d54334", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cd25c1b4-935c-4f0e-ba8d-552f28bc4783", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfefe2ed-4389-4318-8762-f0272b350a1b", + "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -17965,7 +17818,133 @@ "type": "uses" }, { - "dest-uuid": "2acf44aa-542f-4366-b4eb-55ef5747759c", + "dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "633a100c-b2c9-41bf-9be5-905c1b16c825", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "806a49c4-970d-43f9-9acc-ac0ee11e6662", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c726e0a2-a57a-4b7b-a973-d0f013246617", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cd25c1b4-935c-4f0e-ba8d-552f28bc4783", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfefe2ed-4389-4318-8762-f0272b350a1b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -17977,6 +17956,27 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f7827069-0bf2-4764-af4f-23fae0d181b7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "44102191-3a31-45f8-acbe-34bdb441d5ad", @@ -17987,22 +17987,15 @@ "meta": { "external_id": "G0017", "refs": [ + "http://researchcenter.paloaltonetworks.com/2015/04/unit-42-identifies-new-dragonok-backdoor-malware-deployed-against-japanese-targets/", "https://attack.mitre.org/groups/G0017", - "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-operation-quantum-entanglement.pdf", - "http://researchcenter.paloaltonetworks.com/2015/04/unit-42-identifies-new-dragonok-backdoor-malware-deployed-against-japanese-targets/" + "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-operation-quantum-entanglement.pdf" ], "synonyms": [ "DragonOK" ] }, "related": [ - { - "dest-uuid": "a9b44750-992c-4743-8922-129880d277ea", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd", "tags": [ @@ -18010,6 +18003,13 @@ ], "type": "uses" }, + { + "dest-uuid": "a9b44750-992c-4743-8922-129880d277ea", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "b42378e0-f147-496f-992a-26a49705395b", "tags": [ @@ -18042,21 +18042,21 @@ "type": "uses" }, { - "dest-uuid": "bba595da-b73a-4354-aa6c-224d4de7cb4e", + "dest-uuid": "294e2560-bd48-44b2-9da2-833b5588ad11", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1", + "dest-uuid": "30489451-5886-4c46-90c9-0dff9adc5252", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "4664b683-f578-434f-919b-1c1aad2a1111", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -18070,7 +18070,14 @@ "type": "uses" }, { - "dest-uuid": "294e2560-bd48-44b2-9da2-833b5588ad11", + "dest-uuid": "7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bba595da-b73a-4354-aa6c-224d4de7cb4e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -18091,14 +18098,7 @@ "type": "uses" }, { - "dest-uuid": "4664b683-f578-434f-919b-1c1aad2a1111", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30489451-5886-4c46-90c9-0dff9adc5252", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -18122,14 +18122,21 @@ }, "related": [ { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -18150,7 +18157,21 @@ "type": "uses" }, { - "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -18169,27 +18190,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "b74f909f-8e52-4b69-b770-162bf59a1b4e", @@ -18200,8 +18200,8 @@ "meta": { "external_id": "G0019", "refs": [ - "https://attack.mitre.org/groups/G0019", "http://cdn2.hubspot.net/hubfs/454298/Project_CAMERASHY_ThreatConnect_Copyright_2015.pdf", + "https://attack.mitre.org/groups/G0019", "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07205555/TheNaikonAPT-MsnMM1.pdf", "https://securelist.com/the-naikon-apt/69953/" ], @@ -18211,161 +18211,7 @@ }, "related": [ { - "dest-uuid": "2f1fd017-9df6-4759-91fb-e7039609b5ff", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "5e0a7cf2-6107-4d5f-9dd0-9df38b1fcba8", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "f26144c5-8593-4e78-831a-11f6452d809b", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "22b17791-45bf-45c0-9322-ff1a0af5cf2b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cf23bf4a-e003-4116-bbae-1ea6c558d565", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b77b563c-34bb-4fb8-86a3-3694338f7b47", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "34f1d81d-fe88-4f97-bd3b-a3164536255d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7f8730af-f683-423f-9ee1-5f6875a80481", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5a63f900-5e7e-4928-a746-dd4558e1df71", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e45723a-31da-4a7e-aaa6-e01998a6788f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8c553311-0baa-4146-997a-f79acef3d831", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "22addc7b-b39f-483d-979a-1b35147da5de", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -18379,28 +18225,7 @@ "type": "uses" }, { - "dest-uuid": "29231689-5837-4a7a-aafc-1b65b3f50cc7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3161d76a-e2b2-4b97-9906-24909b735386", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -18414,7 +18239,147 @@ "type": "uses" }, { - "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "22addc7b-b39f-483d-979a-1b35147da5de", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "22b17791-45bf-45c0-9322-ff1a0af5cf2b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "29231689-5837-4a7a-aafc-1b65b3f50cc7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e45723a-31da-4a7e-aaa6-e01998a6788f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2f1fd017-9df6-4759-91fb-e7039609b5ff", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3161d76a-e2b2-4b97-9906-24909b735386", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "34f1d81d-fe88-4f97-bd3b-a3164536255d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5a63f900-5e7e-4928-a746-dd4558e1df71", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5e0a7cf2-6107-4d5f-9dd0-9df38b1fcba8", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7f8730af-f683-423f-9ee1-5f6875a80481", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8c553311-0baa-4146-997a-f79acef3d831", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b77b563c-34bb-4fb8-86a3-3694338f7b47", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -18428,7 +18393,42 @@ "type": "uses" }, { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "dest-uuid": "cf23bf4a-e003-4116-bbae-1ea6c558d565", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f26144c5-8593-4e78-831a-11f6452d809b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -18445,8 +18445,8 @@ "refs": [ "https://attack.mitre.org/groups/G0091", "https://cyberforensicator.com/2019/01/20/silence-dissecting-malicious-chm-files-and-performing-forensic-analysis/", - "https://securelist.com/the-silence/83009/", - "https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf" + "https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf", + "https://securelist.com/the-silence/83009/" ], "synonyms": [ "Silence", @@ -18455,105 +18455,7 @@ }, "related": [ { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "96fd6cc4-a693-4118-83ec-619e5352d07d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -18567,21 +18469,7 @@ "type": "uses" }, { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92a78814-b191-47ca-909c-1ccfe3777414", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3433a9e8-1c47-4320-b9bf-ed449061d1c3", + "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -18595,63 +18483,14 @@ "type": "uses" }, { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d8d19e33-94fd-4aa3-b94a-08ee801a2153", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -18664,12 +18503,173 @@ ], "type": "uses" }, + { + "dest-uuid": "3433a9e8-1c47-4320-b9bf-ed449061d1c3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92a78814-b191-47ca-909c-1ccfe3777414", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "96fd6cc4-a693-4118-83ec-619e5352d07d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "a6937325-9321-4e2e-bb2b-3ed2d40b2a9d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d8d19e33-94fd-4aa3-b94a-08ee801a2153", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "d13c8a7f-740b-4efa-a232-de7d6bb05321", @@ -18680,13 +18680,13 @@ "meta": { "external_id": "G0022", "refs": [ - "https://attack.mitre.org/groups/G0022", - "https://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-wolf-adobe-flash-zero-day.html", - "https://www.recordedfuture.com/chinese-mss-behind-apt3/", - "https://www.fireeye.com/blog/threat-research/2014/11/operation_doubletap.html", + "http://pwc.blogs.com/cyber_security_updates/2015/07/pirpi-scanbox.html", "http://www.symantec.com/connect/blogs/buckeye-cyberespionage-group-shifts-gaze-us-hong-kong", "https://attack.mitre.org/docs/APT3_Adversary_Emulation_Plan.pdf", - "http://pwc.blogs.com/cyber_security_updates/2015/07/pirpi-scanbox.html" + "https://attack.mitre.org/groups/G0022", + "https://www.fireeye.com/blog/threat-research/2014/11/operation_doubletap.html", + "https://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-wolf-adobe-flash-zero-day.html", + "https://www.recordedfuture.com/chinese-mss-behind-apt3/" ], "synonyms": [ "APT3", @@ -18699,13 +18699,6 @@ ] }, "related": [ - { - "dest-uuid": "d144c83e-2302-4947-9e24-856fbf7949ae", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ @@ -18713,230 +18706,6 @@ ], "type": "uses" }, - { - "dest-uuid": "b0533c6e-8fea-4788-874f-b799cacc4b92", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4e6b9625-bbda-4d96-a652-b3bb45453f26", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1d24cdee-9ea2-4189-b08e-af110bf2435d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "70e52b04-2a0c-4cea-9d18-7149f1df9dc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b76b2d94-60e4-4107-a903-4a3a7622fb3b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "58adaaa8-f1e8-4606-9a08-422e568461eb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f6d1d2cb-12f5-4221-9636-44606ea1f3f8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "84e02621-8fdf-470f-bd58-993bb6a89d91", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c9703cd3-141c-43a0-a926-380082be5d04", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ @@ -18944,55 +18713,6 @@ ], "type": "uses" }, - { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ @@ -19000,20 +18720,6 @@ ], "type": "uses" }, - { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ @@ -19021,6 +18727,62 @@ ], "type": "uses" }, + { + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1d24cdee-9ea2-4189-b08e-af110bf2435d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ @@ -19029,7 +18791,49 @@ "type": "uses" }, { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "dest-uuid": "4e6b9625-bbda-4d96-a652-b3bb45453f26", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "58adaaa8-f1e8-4606-9a08-422e568461eb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -19042,6 +18846,34 @@ ], "type": "uses" }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "70e52b04-2a0c-4cea-9d18-7149f1df9dc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", "tags": [ @@ -19049,6 +18881,20 @@ ], "type": "uses" }, + { + "dest-uuid": "84e02621-8fdf-470f-bd58-993bb6a89d91", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", "tags": [ @@ -19057,7 +18903,161 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b0533c6e-8fea-4788-874f-b799cacc4b92", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b76b2d94-60e4-4107-a903-4a3a7622fb3b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c9703cd3-141c-43a0-a926-380082be5d04", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d144c83e-2302-4947-9e24-856fbf7949ae", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f6d1d2cb-12f5-4221-9636-44606ea1f3f8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -19073,13 +19073,13 @@ "external_id": "G0082", "refs": [ "https://attack.mitre.org/groups/G0082", - "https://us-cert.cisa.gov/ncas/alerts/aa20-239a", "https://content.fireeye.com/apt/rpt-apt38", - "https://www.justice.gov/opa/pr/three-north-korean-military-hackers-indicted-wide-ranging-scheme-commit-cyberattacks-and", + "https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf", "https://securelist.com/lazarus-under-the-hood/77908/", - "https://www.secureworks.com/research/threat-profiles/nickel-gladstone", + "https://us-cert.cisa.gov/ncas/alerts/aa20-239a", "https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-april-stardust-chollima/", - "https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf" + "https://www.justice.gov/opa/pr/three-north-korean-military-hackers-indicted-wide-ranging-scheme-commit-cyberattacks-and", + "https://www.secureworks.com/research/threat-profiles/nickel-gladstone" ], "synonyms": [ "APT38", @@ -19090,6 +19090,34 @@ ] }, "related": [ + { + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ @@ -19097,6 +19125,139 @@ ], "type": "uses" }, + { + "dest-uuid": "0af0ca99-357d-4ba1-805f-674fdfb7bef9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1cfcb312-b8d7-47a4-b560-4b16cc677292", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2acf44aa-542f-4366-b4eb-55ef5747759c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "454fe82d-6fd2-4ac6-91ab-28a33fe01369", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "53ab35c2-d00e-491a-8753-41d35ae7e547", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5e4a2073-9643-44cb-a0b5-e7f4048446c7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", "tags": [ @@ -19111,125 +19272,6 @@ ], "type": "uses" }, - { - "dest-uuid": "32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2acf44aa-542f-4366-b4eb-55ef5747759c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5e4a2073-9643-44cb-a0b5-e7f4048446c7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a6937325-9321-4e2e-bb2b-3ed2d40b2a9d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d0613359-5781-4fd2-b5be-c269270be1f6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "454fe82d-6fd2-4ac6-91ab-28a33fe01369", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e221eb77-1502-4129-af1d-fe1ad55e7ec6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "53ab35c2-d00e-491a-8753-41d35ae7e547", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "tags": [ @@ -19237,125 +19279,6 @@ ], "type": "uses" }, - { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f504411-cb96-4dac-a537-8d2bb7679c59", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ff73aa03-0090-4464-83ac-f89e233c02bc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1cfcb312-b8d7-47a4-b560-4b16cc677292", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0af0ca99-357d-4ba1-805f-674fdfb7bef9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e928333f-f3df-4039-9b8b-556c2add0e42", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ @@ -19364,7 +19287,7 @@ "type": "uses" }, { - "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", + "dest-uuid": "8f504411-cb96-4dac-a537-8d2bb7679c59", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -19378,14 +19301,49 @@ "type": "uses" }, { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "a6937325-9321-4e2e-bb2b-3ed2d40b2a9d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d0613359-5781-4fd2-b5be-c269270be1f6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -19398,13 +19356,6 @@ ], "type": "uses" }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", "tags": [ @@ -19413,7 +19364,7 @@ "type": "uses" }, { - "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -19427,7 +19378,56 @@ "type": "uses" }, { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e221eb77-1502-4129-af1d-fe1ad55e7ec6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e928333f-f3df-4039-9b8b-556c2add0e42", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ff73aa03-0090-4464-83ac-f89e233c02bc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -19451,21 +19451,7 @@ }, "related": [ { - "dest-uuid": "c6472ae1-c6ad-4cf1-8d6e-8c94b94fe314", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -19479,7 +19465,7 @@ "type": "uses" }, { - "dest-uuid": "cafd0bf8-2b9c-46c7-ae3c-3e0f42c5062e", + "dest-uuid": "4ab44516-ad75-4e43-a280-705dc0420e2f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -19492,20 +19478,6 @@ ], "type": "uses" }, - { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "88c621a7-aef9-4ae0-94e3-1fc87123eb24", "tags": [ @@ -19514,7 +19486,35 @@ "type": "uses" }, { - "dest-uuid": "4ab44516-ad75-4e43-a280-705dc0420e2f", + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c6472ae1-c6ad-4cf1-8d6e-8c94b94fe314", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "cafd0bf8-2b9c-46c7-ae3c-3e0f42c5062e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -19533,19 +19533,19 @@ "synonyms": [] }, "related": [ - { - "dest-uuid": "18d473a5-831b-47a5-97a1-a32156299825", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "17862c7d-9e60-48a0-b48e-da4dc4c3f6b0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "revoked-by" + }, + { + "dest-uuid": "18d473a5-831b-47a5-97a1-a32156299825", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "9559ecaf-2e75-48a7-aee8-9974020bc772", @@ -19556,9 +19556,9 @@ "meta": { "external_id": "G0052", "refs": [ - "https://attack.mitre.org/groups/G0052", "http://www.clearskysec.com/copykitten-jpost/", "http://www.clearskysec.com/wp-content/uploads/2017/07/Operation_Wilted_Tulip.pdf", + "https://attack.mitre.org/groups/G0052", "https://s3-eu-west-1.amazonaws.com/minervaresearchpublic/CopyKittens/CopyKittens.pdf" ], "synonyms": [ @@ -19567,14 +19567,7 @@ }, "related": [ { - "dest-uuid": "8cca9a1d-66e4-4bc4-ad49-95f759f4c1ae", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "0b32ec39-ba61-4864-9ebe-b4b0b73caf9a", + "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -19588,14 +19581,7 @@ "type": "uses" }, { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", + "dest-uuid": "0b32ec39-ba61-4864-9ebe-b4b0b73caf9a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -19615,6 +19601,27 @@ ], "type": "uses" }, + { + "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3433a9e8-1c47-4320-b9bf-ed449061d1c3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8cca9a1d-66e4-4bc4-ad49-95f759f4c1ae", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ @@ -19623,7 +19630,7 @@ "type": "uses" }, { - "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -19642,13 +19649,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "3433a9e8-1c47-4320-b9bf-ed449061d1c3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "dcd81c6e-ebf7-4a16-93e0-9a97fa49c88a", @@ -19667,90 +19667,6 @@ ] }, "related": [ - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e45723a-31da-4a7e-aaa6-e01998a6788f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cde2d700-9ed1-46cf-9bce-07364fe8b24f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7d57b371-10c2-45e5-b3cc-83a8fb380e4c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", "tags": [ @@ -19758,55 +19674,6 @@ ], "type": "uses" }, - { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9a60a291-8960-4387-8a4a-2ab5c18bb50b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ @@ -19815,7 +19682,35 @@ "type": "uses" }, { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e45723a-31da-4a7e-aaa6-e01998a6788f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -19829,7 +19724,77 @@ "type": "uses" }, { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7d57b371-10c2-45e5-b3cc-83a8fb380e4c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9a60a291-8960-4387-8a4a-2ab5c18bb50b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -19841,6 +19806,41 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "cde2d700-9ed1-46cf-9bce-07364fe8b24f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "ebb73863-fa44-4617-b4cb-b9ed3414eb87", @@ -19852,8 +19852,8 @@ "external_id": "G0064", "refs": [ "https://attack.mitre.org/groups/G0064", - "https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html", "https://www.brighttalk.com/webcast/10703/275683", + "https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html", "https://www.microsoft.com/security/blog/2020/06/18/inside-microsoft-threat-protection-mapping-attack-chains-from-cloud-to-endpoint/", "https://www.symantec.com/blogs/threat-intelligence/elfin-apt33-espionage" ], @@ -19865,98 +19865,14 @@ }, "related": [ { - "dest-uuid": "4f69ec6d-cb6b-42af-b8e2-920a2aa4be10", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "accd848b-b8f4-46ba-a408-9063b35cfbf2", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "db1355a7-e5c9-4e2c-8da7-eccf2ae9bf5c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b4d80f8b-d2b9-4448-8844-4bef777ed676", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f232fa7a-025c-4d43-abc7-318e81a73d65", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cf23bf4a-e003-4116-bbae-1ea6c558d565", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8d7bd4f5-3a89-4453-9c82-2c8894d5655e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6add2ab5-2711-4e9d-87c8-7a0be8531530", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -19969,76 +19885,6 @@ ], "type": "uses" }, - { - "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cb69b20d-56d0-41ab-8440-4a4b251614d4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8dbadf80-468c-4a62-b817-4e4d8b606887", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3433a9e8-1c47-4320-b9bf-ed449061d1c3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ @@ -20046,69 +19892,6 @@ ], "type": "uses" }, - { - "dest-uuid": "4b57c098-f043-4da2-83ef-7588a6d426bc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f5352566-1a64-49ac-8f7f-97e1d1a03300", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "13cd9151-83b7-410d-9f98-25d0f0d1d80d", "tags": [ @@ -20117,28 +19900,21 @@ "type": "uses" }, { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -20152,7 +19928,98 @@ "type": "uses" }, { - "dest-uuid": "b76b2d94-60e4-4107-a903-4a3a7622fb3b", + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3433a9e8-1c47-4320-b9bf-ed449061d1c3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4b57c098-f043-4da2-83ef-7588a6d426bc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4f69ec6d-cb6b-42af-b8e2-920a2aa4be10", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6add2ab5-2711-4e9d-87c8-7a0be8531530", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8d7bd4f5-3a89-4453-9c82-2c8894d5655e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8dbadf80-468c-4a62-b817-4e4d8b606887", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -20165,6 +20032,41 @@ ], "type": "uses" }, + { + "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "accd848b-b8f4-46ba-a408-9063b35cfbf2", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ @@ -20173,21 +20075,49 @@ "type": "uses" }, { - "dest-uuid": "e85cae1a-bce3-4ac4-b36b-b00acac0567b", + "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", + "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b4d80f8b-d2b9-4448-8844-4bef777ed676", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b76b2d94-60e4-4107-a903-4a3a7622fb3b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -20201,7 +20131,77 @@ "type": "uses" }, { - "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", + "dest-uuid": "cb69b20d-56d0-41ab-8440-4a4b251614d4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cf23bf4a-e003-4116-bbae-1ea6c558d565", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "db1355a7-e5c9-4e2c-8da7-eccf2ae9bf5c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e85cae1a-bce3-4ac4-b36b-b00acac0567b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f232fa7a-025c-4d43-abc7-318e81a73d65", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f5352566-1a64-49ac-8f7f-97e1d1a03300", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -20259,13 +20259,6 @@ ], "type": "uses" }, - { - "dest-uuid": "d906e6f7-434c-44c0-b51a-ed50af8f7945", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ @@ -20293,6 +20286,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "d906e6f7-434c-44c0-b51a-ed50af8f7945", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "7331c66a-5601-4d3f-acf6-ad9e3035eb40", @@ -20304,64 +20304,15 @@ "external_id": "G0053", "refs": [ "https://attack.mitre.org/groups/G0053", - "https://www2.fireeye.com/WBNR-Are-you-ready-to-respond.html", + "https://www.darkreading.com/analytics/prolific-cybercrime-gang-favors-legit-login-credentials/d/d-id/1322645?", "https://www.youtube.com/watch?v=fevGZs0EQu8", - "https://www.darkreading.com/analytics/prolific-cybercrime-gang-favors-legit-login-credentials/d/d-id/1322645?" + "https://www2.fireeye.com/WBNR-Are-you-ready-to-respond.html" ], "synonyms": [ "FIN5" ] }, "related": [ - { - "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d8d19e33-94fd-4aa3-b94a-08ee801a2153", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9de2308e-7bed-43a3-8e58-f194b3586700", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "242f3da3-4425-4d11-8f5c-b842886da966", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0e18b800-906c-4e44-a143-b11c72b3448b", "tags": [ @@ -20370,35 +20321,7 @@ "type": "uses" }, { - "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -20412,7 +20335,35 @@ "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "242f3da3-4425-4d11-8f5c-b842886da966", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -20425,12 +20376,61 @@ ], "type": "uses" }, + { + "dest-uuid": "9de2308e-7bed-43a3-8e58-f194b3586700", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d8d19e33-94fd-4aa3-b94a-08ee801a2153", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "85403903-15e0-4f9f-9be4-a259ecad4022", @@ -20441,20 +20441,20 @@ "meta": { "external_id": "G0035", "refs": [ - "https://attack.mitre.org/groups/G0035", - "https://www.cisa.gov/uscert/ncas/alerts/aa20-296a#revisions", - "https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical", - "https://www.dragos.com/threat/dymalloy/", "http://fortune.com/2017/09/06/hack-energy-grid-symantec/", + "https://attack.mitre.org/groups/G0035", + "https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=7382dce7-0260-4782-84cc-890971ed3f17&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments", + "https://docs.broadcom.com/doc/dragonfly_threat_against_western_energy_suppliers", + "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/dragonfly-energy-sector-cyber-attacks", + "https://vblocalhost.com/uploads/VB2021-Slowik.pdf", + "https://www.cisa.gov/uscert/ncas/alerts/aa20-296a#revisions", + "https://www.dragos.com/threat/dymalloy/", + "https://www.gov.uk/government/publications/russias-fsb-malign-cyber-activity-factsheet/russias-fsb-malign-activity-factsheet", + "https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical", "https://www.mandiant.com/resources/ukraine-crisis-cyber-threats", "https://www.secureworks.com/research/mcmd-malware-analysis", "https://www.secureworks.com/research/resurgent-iron-liberty-targeting-energy-sector", - "https://www.secureworks.com/research/updated-karagany-malware-targets-energy-sector", - "https://vblocalhost.com/uploads/VB2021-Slowik.pdf", - "https://docs.broadcom.com/doc/dragonfly_threat_against_western_energy_suppliers", - "https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=7382dce7-0260-4782-84cc-890971ed3f17&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments", - "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/dragonfly-energy-sector-cyber-attacks", - "https://www.gov.uk/government/publications/russias-fsb-malign-cyber-activity-factsheet/russias-fsb-malign-activity-factsheet" + "https://www.secureworks.com/research/updated-karagany-malware-targets-energy-sector" ], "synonyms": [ "Dragonfly", @@ -20468,34 +20468,6 @@ ] }, "related": [ - { - "dest-uuid": "64d6559c-6d5c-4585-bbf9-c17868f763ee", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "79da0971-3147-4af6-a4f5-e8cd447cd795", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ @@ -20503,223 +20475,6 @@ ], "type": "uses" }, - { - "dest-uuid": "26c87906-d750-42c5-946c-d4162c73fc7b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8982a661-d84c-48c0-b4ec-1db29c6cf3bc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1d24cdee-9ea2-4189-b08e-af110bf2435d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "975737f1-b10d-476f-8bda-3ec26ea57172", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8c4aef43-48d5-49aa-b2af-c0cd58d30c3d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cde2d700-9ed1-46cf-9bce-07364fe8b24f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "31fe0ba2-62fd-4fd9-9293-4043d84f7fe9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ @@ -20728,56 +20483,7 @@ "type": "uses" }, { - "dest-uuid": "bd369cd9-abb8-41ce-b5bb-fff23ee86c00", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b77cf5f3-6060-475d-bd60-40ccbf28fdc2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -20791,84 +20497,21 @@ "type": "uses" }, { - "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", + "dest-uuid": "083bb47b-02c8-4423-81a2-f9ef58572974", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c4810609-7da6-48ec-8057-1b70a7814db0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", + "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -20882,28 +20525,35 @@ "type": "uses" }, { - "dest-uuid": "5a63f900-5e7e-4928-a746-dd4558e1df71", + "dest-uuid": "1d24cdee-9ea2-4189-b08e-af110bf2435d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "083bb47b-02c8-4423-81a2-f9ef58572974", + "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "82cb34ba-02b5-432b-b2d2-07f55cbf674d", + "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "26c87906-d750-42c5-946c-d4162c73fc7b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -20916,6 +20566,139 @@ ], "type": "uses" }, + { + "dest-uuid": "2d3f5b3c-54ca-4f4d-bb1f-849346d31230", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "31fe0ba2-62fd-4fd9-9293-4043d84f7fe9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5a63f900-5e7e-4928-a746-dd4558e1df71", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "64d6559c-6d5c-4585-bbf9-c17868f763ee", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "6ee2dc99-91ad-4534-a7d8-a649358c331f", "tags": [ @@ -20924,7 +20707,196 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "79da0971-3147-4af6-a4f5-e8cd447cd795", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "82cb34ba-02b5-432b-b2d2-07f55cbf674d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8982a661-d84c-48c0-b4ec-1db29c6cf3bc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8c4aef43-48d5-49aa-b2af-c0cd58d30c3d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "975737f1-b10d-476f-8bda-3ec26ea57172", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b77cf5f3-6060-475d-bd60-40ccbf28fdc2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bd369cd9-abb8-41ce-b5bb-fff23ee86c00", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c4810609-7da6-48ec-8057-1b70a7814db0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cde2d700-9ed1-46cf-9bce-07364fe8b24f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -20938,7 +20910,35 @@ "type": "uses" }, { - "dest-uuid": "2d3f5b3c-54ca-4f4d-bb1f-849346d31230", + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -20953,13 +20953,13 @@ "meta": { "external_id": "G0067", "refs": [ - "https://attack.mitre.org/groups/G0067", - "https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf", - "https://securelist.com/operation-daybreak/75100/", - "https://blog.talosintelligence.com/2018/01/korea-in-crosshairs.html", "https://adversary.crowdstrike.com/en-US/adversary/ricochet-chollima/", + "https://attack.mitre.org/groups/G0067", + "https://blog.talosintelligence.com/2018/01/korea-in-crosshairs.html", + "https://securelist.com/operation-daybreak/75100/", + "https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/", "https://www.volexity.com/blog/2021/08/17/north-korean-apt-inkysquid-infects-victims-using-browser-exploits/", - "https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/" + "https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf" ], "synonyms": [ "APT37", @@ -20973,56 +20973,7 @@ }, "related": [ { - "dest-uuid": "50cd027f-df14-40b2-aa22-bf5de5061163", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "4189a679-72ed-4a89-a57c-7f689712ecf8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "414dc555-c79e-4b24-a2da-9b607f7eaf16", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "49abab73-3c5c-476e-afd5-69b5c732d845", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -21036,28 +20987,7 @@ "type": "uses" }, { - "dest-uuid": "a2282af0-f9dd-4373-9b92-eaf9e11e0c71", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "0852567d-7958-4f4b-8947-4f840ec8d57d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -21070,111 +21000,6 @@ ], "type": "uses" }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "211cfe9f-2676-4e1c-a5f5-2c8091da2a68", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b4b7458f-81f2-4d38-84be-1c5ba0167a52", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967", "tags": [ @@ -21182,69 +21007,6 @@ ], "type": "uses" }, - { - "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0852567d-7958-4f4b-8947-4f840ec8d57d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ff73aa03-0090-4464-83ac-f89e233c02bc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "53a42597-1974-4b8e-84fd-3675e8992053", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "53d47b09-09c2-4015-8d37-6633ecd53f79", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", "tags": [ @@ -21253,21 +21015,49 @@ "type": "uses" }, { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "dest-uuid": "211cfe9f-2676-4e1c-a5f5-2c8091da2a68", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -21280,12 +21070,222 @@ ], "type": "uses" }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "414dc555-c79e-4b24-a2da-9b607f7eaf16", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4189a679-72ed-4a89-a57c-7f689712ecf8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "49abab73-3c5c-476e-afd5-69b5c732d845", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "50cd027f-df14-40b2-aa22-bf5de5061163", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "53a42597-1974-4b8e-84fd-3675e8992053", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "53d47b09-09c2-4015-8d37-6633ecd53f79", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a2282af0-f9dd-4373-9b92-eaf9e11e0c71", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b4b7458f-81f2-4d38-84be-1c5ba0167a52", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ff73aa03-0090-4464-83ac-f89e233c02bc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "4a2ce82e-1a74-468a-a6fb-bbead541383c", @@ -21297,11 +21297,11 @@ "external_id": "G0037", "refs": [ "https://attack.mitre.org/groups/G0037", - "https://www2.fireeye.com/rs/848-DID-242/images/rpt-fin6.pdf", - "https://www.fireeye.com/blog/threat-research/2019/04/pick-six-intercepting-a-fin6-intrusion.html", - "https://securityintelligence.com/posts/itg08-aka-fin6-partners-with-trickbot-gang-uses-anchor-framework/", "https://crowdstrike.lookbookhq.com/global-threat-report-2018-web/cs-2018-global-threat-report", - "https://securityintelligence.com/posts/more_eggs-anyone-threat-actor-itg08-strikes-again/" + "https://securityintelligence.com/posts/itg08-aka-fin6-partners-with-trickbot-gang-uses-anchor-framework/", + "https://securityintelligence.com/posts/more_eggs-anyone-threat-actor-itg08-strikes-again/", + "https://www.fireeye.com/blog/threat-research/2019/04/pick-six-intercepting-a-fin6-intrusion.html", + "https://www2.fireeye.com/rs/848-DID-242/images/rpt-fin6.pdf" ], "synonyms": [ "FIN6", @@ -21312,133 +21312,7 @@ }, "related": [ { - "dest-uuid": "647894f6-1723-4cba-aba4-0ef0966d5302", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5af7a825-2d9f-400d-931a-e00eb9e27f48", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "242f3da3-4425-4d11-8f5c-b842886da966", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1cdbbcab-903a-414d-8eb0-439a97343737", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f59508a6-3615-47c3-b493-6676e1a39a87", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -21452,70 +21326,7 @@ "type": "uses" }, { - "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "359b00ad-9425-420b-bba5-6de8d600cbc0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f6ad61ee-65f3-4bd0-a3f5-2f0accb36317", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d9f7383c-95ec-4080-bbce-121c9384457b", + "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -21529,21 +21340,14 @@ "type": "uses" }, { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "1cdbbcab-903a-414d-8eb0-439a97343737", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", + "dest-uuid": "1d24cdee-9ea2-4189-b08e-af110bf2435d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -21557,21 +21361,21 @@ "type": "uses" }, { - "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "dest-uuid": "242f3da3-4425-4d11-8f5c-b842886da966", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -21585,28 +21389,21 @@ "type": "uses" }, { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "a020a61c-423f-4195-8c46-ba1d21abba37", + "dest-uuid": "359b00ad-9425-420b-bba5-6de8d600cbc0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -21619,13 +21416,6 @@ ], "type": "uses" }, - { - "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "432555de-63bf-4f2a-a3fa-f720a4561078", "tags": [ @@ -21634,21 +21424,49 @@ "type": "uses" }, { - "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", + "dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "bfd2738c-8b43-43c3-bc9f-d523c8e88bf4", + "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5af7a825-2d9f-400d-931a-e00eb9e27f48", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "647894f6-1723-4cba-aba4-0ef0966d5302", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -21661,6 +21479,104 @@ ], "type": "uses" }, + { + "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a020a61c-423f-4195-8c46-ba1d21abba37", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bfd2738c-8b43-43c3-bc9f-d523c8e88bf4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "c9b99d03-ff11-4a48-95f0-82660d582c25", "tags": [ @@ -21668,6 +21584,13 @@ ], "type": "uses" }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416", "tags": [ @@ -21676,7 +21599,84 @@ "type": "uses" }, { - "dest-uuid": "1d24cdee-9ea2-4189-b08e-af110bf2435d", + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d9f7383c-95ec-4080-bbce-121c9384457b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f59508a6-3615-47c3-b493-6676e1a39a87", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f6ad61ee-65f3-4bd0-a3f5-2f0accb36317", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -21700,11 +21700,11 @@ }, "related": [ { - "dest-uuid": "d93889de-b4bc-4a29-9ce7-d67717c140a0", + "dest-uuid": "01327cde-66c4-4123-bf34-5f258d59457b", "tags": [ - "estimative-language:likelihood-probability=\"likely\"" + "estimative-language:likelihood-probability=\"almost-certain\"" ], - "type": "similar" + "type": "uses" }, { "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", @@ -21714,11 +21714,11 @@ "type": "uses" }, { - "dest-uuid": "01327cde-66c4-4123-bf34-5f258d59457b", + "dest-uuid": "d93889de-b4bc-4a29-9ce7-d67717c140a0", "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" + "estimative-language:likelihood-probability=\"likely\"" ], - "type": "uses" + "type": "similar" } ], "uuid": "0ea72cd5-ca30-46ba-bc04-378f701c658f", @@ -21730,8 +21730,8 @@ "external_id": "G0063", "refs": [ "https://attack.mitre.org/groups/G0063", - "https://securelist.com/blackoasis-apt-and-new-targeted-attacks-leveraging-zero-day-exploit/82732/", "https://securelist.com/apt-trends-report-q2-2017/79332/", + "https://securelist.com/blackoasis-apt-and-new-targeted-attacks-leveraging-zero-day-exploit/82732/", "https://www.cyberscoop.com/middle-eastern-hacking-group-using-finfisher-malware-conduct-international-espionage/" ], "synonyms": [ @@ -21756,13 +21756,13 @@ "external_id": "G0087", "refs": [ "https://attack.mitre.org/groups/G0087", - "https://www.fireeye.com/blog/threat-research/2019/01/apt39-iranian-cyber-espionage-group-focused-on-personal-information.html", - "https://www.symantec.com/connect/blogs/iran-based-attackers-use-back-door-threats-spy-middle-eastern-targets", - "https://www.iranwatch.org/sites/default/files/public-intelligence-alert.pdf", - "https://home.treasury.gov/news/press-releases/sm1127", - "https://www.justice.gov/opa/pr/department-justice-and-partner-departments-and-agencies-conduct-coordinated-actions-disrupt", "https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf", - "https://www.darkreading.com/attacks-breaches/iran-ups-its-traditional-cyber-espionage-tradecraft/d/d-id/1333764" + "https://home.treasury.gov/news/press-releases/sm1127", + "https://www.darkreading.com/attacks-breaches/iran-ups-its-traditional-cyber-espionage-tradecraft/d/d-id/1333764", + "https://www.fireeye.com/blog/threat-research/2019/01/apt39-iranian-cyber-espionage-group-focused-on-personal-information.html", + "https://www.iranwatch.org/sites/default/files/public-intelligence-alert.pdf", + "https://www.justice.gov/opa/pr/department-justice-and-partner-departments-and-agencies-conduct-coordinated-actions-disrupt", + "https://www.symantec.com/connect/blogs/iran-based-attackers-use-back-door-threats-spy-middle-eastern-targets" ], "synonyms": [ "APT39", @@ -21772,48 +21772,6 @@ ] }, "related": [ - { - "dest-uuid": "9de2308e-7bed-43a3-8e58-f194b3586700", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ @@ -21821,6 +21779,13 @@ ], "type": "uses" }, + { + "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ @@ -21829,21 +21794,21 @@ "type": "uses" }, { - "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -21856,6 +21821,251 @@ ], "type": "uses" }, + { + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "242f3da3-4425-4d11-8f5c-b842886da966", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "565275d5-fcc3-4b66-b4e7-928e4cac6b8c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "56f46b17-8cfa-46c0-b501-dd52fef394e2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9de2308e-7bed-43a3-8e58-f194b3586700", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a705b085-1eae-455e-8f4d-842483d814eb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b63970b7-ddfb-4aee-97b1-80d335e033a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", "tags": [ @@ -21863,6 +22073,20 @@ ], "type": "uses" }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c4810609-7da6-48ec-8057-1b70a7814db0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "c8e87b83-edbb-48d4-9295-4974897525b7", "tags": [ @@ -21878,49 +22102,7 @@ "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", + "dest-uuid": "cc89ecbd-3d33-4a41-bcca-001e702d18fd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -21934,91 +22116,7 @@ "type": "uses" }, { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfa03c7d-79ed-4ce2-b9d1-ddc9dbf56ad2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b63970b7-ddfb-4aee-97b1-80d335e033a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "565275d5-fcc3-4b66-b4e7-928e4cac6b8c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -22032,49 +22130,14 @@ "type": "uses" }, { - "dest-uuid": "ecc2f65a-b452-4eaf-9689-7e181f17f7a5", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "cc89ecbd-3d33-4a41-bcca-001e702d18fd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a705b085-1eae-455e-8f4d-842483d814eb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "dest-uuid": "dfa03c7d-79ed-4ce2-b9d1-ddc9dbf56ad2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -22088,35 +22151,14 @@ "type": "uses" }, { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "c4810609-7da6-48ec-8057-1b70a7814db0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -22130,49 +22172,21 @@ "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", + "dest-uuid": "ecc2f65a-b452-4eaf-9689-7e181f17f7a5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "56f46b17-8cfa-46c0-b501-dd52fef394e2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -22186,28 +22200,14 @@ "type": "uses" }, { - "dest-uuid": "242f3da3-4425-4d11-8f5c-b842886da966", + "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -22232,14 +22232,7 @@ }, "related": [ { - "dest-uuid": "e7a5229f-05eb-440e-b982-9a6d2b2b87c8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9a60a291-8960-4387-8a4a-2ab5c18bb50b", + "dest-uuid": "2a70812b-f1ef-44db-8578-a496a227aef2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -22252,20 +22245,6 @@ ], "type": "uses" }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2a70812b-f1ef-44db-8578-a496a227aef2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b", "tags": [ @@ -22273,6 +22252,20 @@ ], "type": "uses" }, + { + "dest-uuid": "9a60a291-8960-4387-8a4a-2ab5c18bb50b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b4d80f8b-d2b9-4448-8844-4bef777ed676", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "cb741463-f0fe-42e0-8d45-bc7e8335f5ae", "tags": [ @@ -22281,7 +22274,14 @@ "type": "uses" }, { - "dest-uuid": "b4d80f8b-d2b9-4448-8844-4bef777ed676", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e7a5229f-05eb-440e-b982-9a6d2b2b87c8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -22307,119 +22307,7 @@ }, "related": [ { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b42378e0-f147-496f-992a-26a49705395b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cde2d700-9ed1-46cf-9bce-07364fe8b24f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "242f3da3-4425-4d11-8f5c-b842886da966", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "63c4511b-2d6e-4bb2-b582-e2e99a8a467d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0c8465c0-d0b4-4670-992e-4eee8d7ff952", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bba595da-b73a-4354-aa6c-224d4de7cb4e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5a3a31fe-5a8f-48e1-bff0-a753e5b1be70", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -22433,14 +22321,35 @@ "type": "uses" }, { - "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", + "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "0c8465c0-d0b4-4670-992e-4eee8d7ff952", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -22454,7 +22363,14 @@ "type": "uses" }, { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "242f3da3-4425-4d11-8f5c-b842886da966", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -22468,28 +22384,28 @@ "type": "uses" }, { - "dest-uuid": "7610cada-1499-41a4-b3dd-46467b68d177", + "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "b0533c6e-8fea-4788-874f-b799cacc4b92", + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "b63970b7-ddfb-4aee-97b1-80d335e033a8", + "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "dest-uuid": "5a3a31fe-5a8f-48e1-bff0-a753e5b1be70", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -22503,42 +22419,14 @@ "type": "uses" }, { - "dest-uuid": "b77b563c-34bb-4fb8-86a3-3694338f7b47", + "dest-uuid": "60c4b628-4807-4b0b-bbf5-fdac8643c337", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", + "dest-uuid": "63c4511b-2d6e-4bb2-b582-e2e99a8a467d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -22552,35 +22440,42 @@ "type": "uses" }, { - "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", + "dest-uuid": "7610cada-1499-41a4-b3dd-46467b68d177", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "60c4b628-4807-4b0b-bbf5-fdac8643c337", + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -22594,7 +22489,63 @@ "type": "uses" }, { - "dest-uuid": "d5e96a35-7b0b-4c6a-9533-d63ecbda563e", + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b0533c6e-8fea-4788-874f-b799cacc4b92", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b42378e0-f147-496f-992a-26a49705395b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b63970b7-ddfb-4aee-97b1-80d335e033a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b77b563c-34bb-4fb8-86a3-3694338f7b47", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bba595da-b73a-4354-aa6c-224d4de7cb4e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -22615,14 +22566,63 @@ "type": "uses" }, { - "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", + "dest-uuid": "cde2d700-9ed1-46cf-9bce-07364fe8b24f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d5e96a35-7b0b-4c6a-9533-d63ecbda563e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -22637,15 +22637,29 @@ "meta": { "external_id": "G0039", "refs": [ - "https://attack.mitre.org/groups/G0039", + "http://www.symantec.com/connect/blogs/indian-organizations-targeted-suckfly-attacks", "http://www.symantec.com/connect/blogs/suckfly-revealing-secret-life-your-code-signing-certificates", - "http://www.symantec.com/connect/blogs/indian-organizations-targeted-suckfly-attacks" + "https://attack.mitre.org/groups/G0039" ], "synonyms": [ "Suckfly" ] }, "related": [ + { + "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "5abb12e7-5066-4f84-a109-49a037205c76", "tags": [ @@ -22674,20 +22688,6 @@ ], "type": "uses" }, - { - "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", "tags": [ @@ -22705,8 +22705,8 @@ "external_id": "G0085", "refs": [ "https://attack.mitre.org/groups/G0085", - "https://www.fireeye.com/current-threats/threat-intelligence-reports/rpt-fin4.html", "https://www.fireeye.com/blog/threat-research/2014/11/fin4_stealing_insid.html", + "https://www.fireeye.com/current-threats/threat-intelligence-reports/rpt-fin4.html", "https://www2.fireeye.com/WBNR-14Q4NAMFIN4.html" ], "synonyms": [ @@ -22721,27 +22721,6 @@ ], "type": "uses" }, - { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0cf55441-b176-4332-89e7-2c4c7799d0ff", "tags": [ @@ -22756,6 +22735,34 @@ ], "type": "uses" }, + { + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a2029942-0a85-4947-b23c-ca434698171d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ @@ -22763,6 +22770,20 @@ ], "type": "uses" }, + { + "dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ @@ -22776,27 +22797,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a2029942-0a85-4947-b23c-ca434698171d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "d0b3393b-3bec-4ba3-bda9-199d30db47b6", @@ -22807,17 +22807,17 @@ "meta": { "external_id": "G0045", "refs": [ - "https://attack.mitre.org/groups/G0045", - "https://www.justice.gov/opa/pr/two-chinese-hackers-associated-ministry-state-security-charged-global-computer-intrusion", - "https://www.justice.gov/opa/page/file/1122671/download", "http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-malware-new-attacks-japanese-academics-organizations/", - "https://www.slideshare.net/CrowdStrike/crowd-casts-monthly-you-have-an-adversary-problem", - "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-poison-ivy.pdf", - "https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-report-final-v4.pdf", - "https://www.fireeye.com/blog/threat-research/2017/04/apt10_menupass_grou.html", + "https://attack.mitre.org/groups/G0045", "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-japan-espionage", "https://www.accenture.com/t20180423T055005Z_w_/se-en/_acnmedia/PDF-76/Accenture-Hogfish-Threat-Analysis.pdf", - "https://www.fireeye.com/blog/threat-research/2018/09/apt10-targeting-japanese-corporations-using-updated-ttps.html" + "https://www.fireeye.com/blog/threat-research/2017/04/apt10_menupass_grou.html", + "https://www.fireeye.com/blog/threat-research/2018/09/apt10-targeting-japanese-corporations-using-updated-ttps.html", + "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-poison-ivy.pdf", + "https://www.justice.gov/opa/page/file/1122671/download", + "https://www.justice.gov/opa/pr/two-chinese-hackers-associated-ministry-state-security-charged-global-computer-intrusion", + "https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-report-final-v4.pdf", + "https://www.slideshare.net/CrowdStrike/crowd-casts-monthly-you-have-an-adversary-problem" ], "synonyms": [ "menuPass", @@ -22831,13 +22831,6 @@ ] }, "related": [ - { - "dest-uuid": "56b37b05-72e7-4a89-ba8a-61ce45269a8c", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ @@ -22845,90 +22838,6 @@ ], "type": "uses" }, - { - "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "359b00ad-9425-420b-bba5-6de8d600cbc0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "94d6d788-07bb-4dcc-b62f-e02626b00108", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ @@ -22937,84 +22846,7 @@ "type": "uses" }, { - "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b42378e0-f147-496f-992a-26a49705395b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7c58fff0-d206-4db1-96b1-e3a9e0e320b9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f59508a6-3615-47c3-b493-6676e1a39a87", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "da04ac30-27da-4959-a67d-450ce47d9470", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "17b40f60-729f-4fe8-8aea-cc9ee44a95d5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "26c87906-d750-42c5-946c-d4162c73fc7b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b77b563c-34bb-4fb8-86a3-3694338f7b47", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -23028,35 +22860,7 @@ "type": "uses" }, { - "dest-uuid": "bba595da-b73a-4354-aa6c-224d4de7cb4e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -23069,76 +22873,6 @@ ], "type": "uses" }, - { - "dest-uuid": "3240cbe4-c550-443b-aa76-cc2a7058b870", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9de2308e-7bed-43a3-8e58-f194b3586700", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3aef9463-9a7a-43ba-8957-a867e07c1e6a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9fa07bef-9c81-421e-a8e5-ad4366c5a925", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "13cd9151-83b7-410d-9f98-25d0f0d1d80d", "tags": [ @@ -23147,7 +22881,56 @@ "type": "uses" }, { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "17b40f60-729f-4fe8-8aea-cc9ee44a95d5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "26c87906-d750-42c5-946c-d4162c73fc7b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -23161,21 +22944,21 @@ "type": "uses" }, { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "dest-uuid": "29ba5a15-3b7b-4732-b817-65ea8f6468e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", + "dest-uuid": "2cd950a6-16c4-404a-aa01-044322395107", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", + "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -23196,70 +22979,49 @@ "type": "uses" }, { - "dest-uuid": "fb4e3792-e915-4fdd-a9cd-92dfa2ace7aa", + "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "dest-uuid": "3240cbe4-c550-443b-aa76-cc2a7058b870", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "dc5d1a33-62aa-4a0c-aa8c-589b87beb11e", + "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "359b00ad-9425-420b-bba5-6de8d600cbc0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "dest-uuid": "3aef9463-9a7a-43ba-8957-a867e07c1e6a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -23273,35 +23035,28 @@ "type": "uses" }, { - "dest-uuid": "29ba5a15-3b7b-4732-b817-65ea8f6468e6", + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b", + "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "ae676644-d2d2-41b7-af7e-9bed1b55898c", + "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", + "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -23315,7 +23070,168 @@ "type": "uses" }, { - "dest-uuid": "2cd950a6-16c4-404a-aa01-044322395107", + "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "56b37b05-72e7-4a89-ba8a-61ce45269a8c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7c58fff0-d206-4db1-96b1-e3a9e0e320b9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "94d6d788-07bb-4dcc-b62f-e02626b00108", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9de2308e-7bed-43a3-8e58-f194b3586700", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9fa07bef-9c81-421e-a8e5-ad4366c5a925", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ae676644-d2d2-41b7-af7e-9bed1b55898c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b42378e0-f147-496f-992a-26a49705395b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b77b563c-34bb-4fb8-86a3-3694338f7b47", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bba595da-b73a-4354-aa6c-224d4de7cb4e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -23329,7 +23245,91 @@ "type": "uses" }, { - "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "da04ac30-27da-4959-a67d-450ce47d9470", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dc5d1a33-62aa-4a0c-aa8c-589b87beb11e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f59508a6-3615-47c3-b493-6676e1a39a87", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "fb4e3792-e915-4fdd-a9cd-92dfa2ace7aa", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -23353,28 +23353,7 @@ }, "related": [ { - "dest-uuid": "1ca3b039-404e-4132-88c2-4e41235cd2f5", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "96566860-9f11-4b6f-964d-1c924e4f24a4", + "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -23388,21 +23367,14 @@ "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "196f1f32-e0c2-4d46-99cd-234d4b6befe1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -23416,7 +23388,35 @@ "type": "uses" }, { - "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", + "dest-uuid": "1ca3b039-404e-4132-88c2-4e41235cd2f5", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "96566860-9f11-4b6f-964d-1c924e4f24a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -23430,7 +23430,7 @@ "type": "uses" }, { - "dest-uuid": "196f1f32-e0c2-4d46-99cd-234d4b6befe1", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -23445,16 +23445,16 @@ "meta": { "external_id": "G0046", "refs": [ + "http://blog.morphisec.com/fin7-attacks-restaurant-industry", "https://attack.mitre.org/groups/G0046", + "https://securityintelligence.com/posts/ransomware-2020-attack-trends-new-techniques-affecting-organizations-worldwide/", + "https://www.crowdstrike.com/blog/carbon-spider-embraces-big-game-hunting-part-1/", "https://www.fireeye.com/blog/threat-research/2017/03/fin7_spear_phishing.html", "https://www.fireeye.com/blog/threat-research/2017/04/fin7-phishing-lnk.html", + "https://www.fireeye.com/blog/threat-research/2017/05/fin7-shim-databases-persistence.html", "https://www.fireeye.com/blog/threat-research/2017/06/behind-the-carbanak-backdoor.html", "https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html", - "https://www.crowdstrike.com/blog/carbon-spider-embraces-big-game-hunting-part-1/", - "http://blog.morphisec.com/fin7-attacks-restaurant-industry", - "https://www.fireeye.com/blog/threat-research/2017/05/fin7-shim-databases-persistence.html", - "https://www.secureworks.com/research/threat-profiles/gold-niagara", - "https://securityintelligence.com/posts/ransomware-2020-attack-trends-new-techniques-affecting-organizations-worldwide/" + "https://www.secureworks.com/research/threat-profiles/gold-niagara" ], "synonyms": [ "FIN7", @@ -23471,27 +23471,6 @@ ], "type": "similar" }, - { - "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "42fe883a-21ea-4cfb-b94a-78b6476dcc83", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ @@ -23499,104 +23478,6 @@ ], "type": "uses" }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f2877f7f-9a4c-4251-879f-1224e3006bee", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "72f54d66-675d-4587-9bd3-4ed09f9522e4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "91541e7e-b969-40c6-bbd8-1b5352ec2938", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "13cd9151-83b7-410d-9f98-25d0f0d1d80d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4f6aa78c-c3d4-4883-9840-96ca2f5d6d47", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "01327cde-66c4-4123-bf34-5f258d59457b", "tags": [ @@ -23605,21 +23486,7 @@ "type": "uses" }, { - "dest-uuid": "17e919aa-4a49-445c-b103-dbb8df9e7351", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f559f945-eb8b-48b1-904c-68568deebed3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -23632,118 +23499,6 @@ ], "type": "uses" }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0ced8926-914e-4c78-bc93-356fb90dbd1f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8fc6c9e7-a162-4ca4-a488-f1819e9a7b06", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f74a5069-015d-4404-83ad-5ca01056c0dc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "212306d8-efa4-44c9-8c2d-ed3d2e224aa0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "04fc1842-f9e4-47cf-8cb8-5c61becad142", "tags": [ @@ -23751,90 +23506,6 @@ ], "type": "uses" }, - { - "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c4810609-7da6-48ec-8057-1b70a7814db0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bd7a9e13-69fa-4243-a5e5-04326a63f9f2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "56d10a7f-bb42-4267-9b4c-63abb9c06010", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f59508a6-3615-47c3-b493-6676e1a39a87", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "065196de-d7e8-4888-acfb-b2134022ba1b", "tags": [ @@ -23843,14 +23514,98 @@ "type": "uses" }, { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "dest-uuid": "0ced8926-914e-4c78-bc93-356fb90dbd1f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", + "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "13cd9151-83b7-410d-9f98-25d0f0d1d80d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "17e919aa-4a49-445c-b103-dbb8df9e7351", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "212306d8-efa4-44c9-8c2d-ed3d2e224aa0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -23863,12 +23618,257 @@ ], "type": "uses" }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "42fe883a-21ea-4cfb-b94a-78b6476dcc83", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4f6aa78c-c3d4-4883-9840-96ca2f5d6d47", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "56d10a7f-bb42-4267-9b4c-63abb9c06010", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "72f54d66-675d-4587-9bd3-4ed09f9522e4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8fc6c9e7-a162-4ca4-a488-f1819e9a7b06", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "91541e7e-b969-40c6-bbd8-1b5352ec2938", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bd7a9e13-69fa-4243-a5e5-04326a63f9f2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c4810609-7da6-48ec-8057-1b70a7814db0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f2877f7f-9a4c-4251-879f-1224e3006bee", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f559f945-eb8b-48b1-904c-68568deebed3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f59508a6-3615-47c3-b493-6676e1a39a87", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f74a5069-015d-4404-83ad-5ca01056c0dc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "3753cc21-2dae-4dfb-8481-d004e74502cc", @@ -23887,6 +23887,20 @@ ] }, "related": [ + { + "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ @@ -23902,7 +23916,7 @@ "type": "uses" }, { - "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -23914,20 +23928,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "2fd2be6a-d3a2-4a65-b499-05ea2693abee", @@ -23947,21 +23947,7 @@ }, "related": [ { - "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f7827069-0bf2-4764-af4f-23fae0d181b7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92ec0cbd-2c30-44a2-b270-73f4ec949841", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -23975,14 +23961,28 @@ "type": "uses" }, { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92ec0cbd-2c30-44a2-b270-73f4ec949841", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -23996,7 +23996,7 @@ "type": "uses" }, { - "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", + "dest-uuid": "f7827069-0bf2-4764-af4f-23fae0d181b7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -24011,18 +24011,18 @@ "meta": { "external_id": "G0094", "refs": [ + "https://asert.arbornetworks.com/stolen-pencil-campaign-targets-academia/", "https://attack.mitre.org/groups/G0094", "https://blog.alyac.co.kr/2234", - "https://brica.de/alerts/alert/public/1255063/kimsuky-unveils-apt-campaign-smoke-screen-aimed-at-korea-and-america/", - "https://www.cybereason.com/blog/back-to-the-future-inside-the-kimsuky-kgh-spyware-suite", - "https://blog.malwarebytes.com/threat-analysis/2021/06/kimsuky-apt-continues-to-target-south-korean-government-using-appleseed-backdoor/", - "https://us-cert.cisa.gov/ncas/alerts/aa20-301a", - "https://asert.arbornetworks.com/stolen-pencil-campaign-targets-academia/", "https://blog.alyac.co.kr/attachment/cfile5.uf@99A0CD415CB67E210DCEB3.pdf", + "https://blog.malwarebytes.com/threat-analysis/2021/06/kimsuky-apt-continues-to-target-south-korean-government-using-appleseed-backdoor/", + "https://brica.de/alerts/alert/public/1255063/kimsuky-unveils-apt-campaign-smoke-screen-aimed-at-korea-and-america/", "https://global.ahnlab.com/global/upload/download/techreport/[Analysis_Report]Operation%20Kabar%20Cobra.pdf", "https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/", - "https://www.zdnet.com/article/cyber-espionage-group-uses-chrome-extension-to-infect-victims/", - "https://threatconnect.com/blog/kimsuky-phishing-operations-putting-in-work/" + "https://threatconnect.com/blog/kimsuky-phishing-operations-putting-in-work/", + "https://us-cert.cisa.gov/ncas/alerts/aa20-301a", + "https://www.cybereason.com/blog/back-to-the-future-inside-the-kimsuky-kgh-spyware-suite", + "https://www.zdnet.com/article/cyber-espionage-group-uses-chrome-extension-to-infect-victims/" ], "synonyms": [ "Kimsuky", @@ -24033,433 +24033,6 @@ ] }, "related": [ - { - "dest-uuid": "5256c0f8-9108-4c92-8b09-482dfacdcd94", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bbe5b322-e2af-4a5e-9625-a4e62bf84ed3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65013dd2-bc61-43e3-afb5-a14c4fa7437a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2d3f5b3c-54ca-4f4d-bb1f-849346d31230", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9e7452df-5144-4b6e-b04a-b66dd4016747", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "035bb001-ab69-4a0b-9f6c-2de8b09e1b9d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f9cc4d06-775f-4ee1-b401-4e2cc0da30ba", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "fdc47f44-dd32-4b99-af5f-209f556f63c2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "98034fef-d9fb-4667-8dc4-2eab6231724c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6e561441-8431-4773-a9b8-ccf28ef6a968", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f4b843c1-7e92-4701-8fed-ce82f8be2636", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "071d5d65-83ec-4a55-acfa-be7d5f28ba9a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ee16395-03f0-4690-a32e-69ce9ada0f9e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "69f897fd-12a9-4c89-ad6a-46d2f3c38262", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c9703cd3-141c-43a0-a926-380082be5d04", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9a60a291-8960-4387-8a4a-2ab5c18bb50b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b1ccd744-3f78-4a0e-9bb2-2002057f7928", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1b7830a-fced-4be3-a99c-f495af9d9e1b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b9799466-9dd7-4098-b2d6-f999ce50b9a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "389735f1-f21c-4208-b8f0-f8031e7169b8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ @@ -24467,111 +24040,6 @@ ], "type": "uses" }, - { - "dest-uuid": "295721d2-ee20-4fa3-ade3-37f4146b4570", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "212306d8-efa4-44c9-8c2d-ed3d2e224aa0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8bdfe255-e658-4ddd-a11c-b854762e451d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "60c4b628-4807-4b0b-bbf5-fdac8643c337", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "937e4772-8441-4e4a-8bf0-8d447d667e23", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ @@ -24580,28 +24048,252 @@ "type": "uses" }, { - "dest-uuid": "8c4aef43-48d5-49aa-b2af-c0cd58d30c3d", + "dest-uuid": "035bb001-ab69-4a0b-9f6c-2de8b09e1b9d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", + "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "76551c52-b111-4884-bc47-ff3e728f0156", + "dest-uuid": "071d5d65-83ec-4a55-acfa-be7d5f28ba9a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "16cdd21f-da65-4e4f-bc04-dd7d198c7b26", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "212306d8-efa4-44c9-8c2d-ed3d2e224aa0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "28b97733-ef07-4414-aaa5-df50b2d30cc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "295721d2-ee20-4fa3-ade3-37f4146b4570", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2d3f5b3c-54ca-4f4d-bb1f-849346d31230", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "389735f1-f21c-4208-b8f0-f8031e7169b8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ee16395-03f0-4690-a32e-69ce9ada0f9e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5256c0f8-9108-4c92-8b09-482dfacdcd94", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -24615,7 +24307,133 @@ "type": "uses" }, { - "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "60c4b628-4807-4b0b-bbf5-fdac8643c337", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "65013dd2-bc61-43e3-afb5-a14c4fa7437a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "69f897fd-12a9-4c89-ad6a-46d2f3c38262", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6e561441-8431-4773-a9b8-ccf28ef6a968", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "76551c52-b111-4884-bc47-ff3e728f0156", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7d77a07d-02fe-4e88-8bd9-e9c008c01bf0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8bdfe255-e658-4ddd-a11c-b854762e451d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8c4aef43-48d5-49aa-b2af-c0cd58d30c3d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -24629,7 +24447,189 @@ "type": "uses" }, { - "dest-uuid": "7d77a07d-02fe-4e88-8bd9-e9c008c01bf0", + "dest-uuid": "937e4772-8441-4e4a-8bf0-8d447d667e23", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "98034fef-d9fb-4667-8dc4-2eab6231724c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9a60a291-8960-4387-8a4a-2ab5c18bb50b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9e7452df-5144-4b6e-b04a-b66dd4016747", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b1ccd744-3f78-4a0e-9bb2-2002057f7928", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b9799466-9dd7-4098-b2d6-f999ce50b9a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bbe5b322-e2af-4a5e-9625-a4e62bf84ed3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c9703cd3-141c-43a0-a926-380082be5d04", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1b7830a-fced-4be3-a99c-f495af9d9e1b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -24650,7 +24650,35 @@ "type": "uses" }, { - "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -24664,63 +24692,35 @@ "type": "uses" }, { - "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "f4b843c1-7e92-4701-8fed-ce82f8be2636", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", + "dest-uuid": "f9cc4d06-775f-4ee1-b401-4e2cc0da30ba", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "dest-uuid": "fdc47f44-dd32-4b99-af5f-209f556f63c2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "28b97733-ef07-4414-aaa5-df50b2d30cc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "16cdd21f-da65-4e4f-bc04-dd7d198c7b26", + "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -24735,17 +24735,17 @@ "meta": { "external_id": "G0049", "refs": [ - "https://attack.mitre.org/groups/G0049", - "https://research.checkpoint.com/2021/irans-apt34-returns-with-an-updated-arsenal/", - "http://www.clearskysec.com/oilrig/", "http://researchcenter.paloaltonetworks.com/2016/05/the-oilrig-campaign-attacks-on-saudi-arabian-organizations-deliver-helminth-backdoor/", - "http://researchcenter.paloaltonetworks.com/2017/04/unit42-oilrig-actors-provide-glimpse-development-testing-efforts/", "http://researchcenter.paloaltonetworks.com/2016/10/unit42-oilrig-malware-campaign-updates-toolset-and-expands-targets/", + "http://researchcenter.paloaltonetworks.com/2017/04/unit42-oilrig-actors-provide-glimpse-development-testing-efforts/", + "http://www.clearskysec.com/oilrig/", + "https://attack.mitre.org/groups/G0049", + "https://pan-unit42.github.io/playbook_viewer/", + "https://research.checkpoint.com/2021/irans-apt34-returns-with-an-updated-arsenal/", "https://researchcenter.paloaltonetworks.com/2018/07/unit42-oilrig-targets-technology-service-provider-government-agency-quadagent/", "https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-november-helix-kitten/", "https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html", - "https://www.secureworks.com/research/threat-profiles/cobalt-gypsy", - "https://pan-unit42.github.io/playbook_viewer/" + "https://www.secureworks.com/research/threat-profiles/cobalt-gypsy" ], "synonyms": [ "OilRig", @@ -24757,28 +24757,7 @@ }, "related": [ { - "dest-uuid": "42be2a84-5a5c-4c6d-9864-3f09d75bb0ba", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "a0082cfa-32e2-42b8-92d8-5c7a7409dcf1", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0998045d-f96e-4284-95ce-3c8219707486", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -24792,49 +24771,35 @@ "type": "uses" }, { - "dest-uuid": "b0533c6e-8fea-4788-874f-b799cacc4b92", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77", + "dest-uuid": "0998045d-f96e-4284-95ce-3c8219707486", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "cf23bf4a-e003-4116-bbae-1ea6c558d565", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -24848,84 +24813,35 @@ "type": "uses" }, { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "0a68f1f1-da74-4d28-8d9a-696c082706cc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", + "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "2e45723a-31da-4a7e-aaa6-e01998a6788f", + "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", + "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b76b2d94-60e4-4107-a903-4a3a7622fb3b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf147104-abf9-4221-95d1-e81585859441", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cde2d700-9ed1-46cf-9bce-07364fe8b24f", + "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -24939,42 +24855,56 @@ "type": "uses" }, { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "dest-uuid": "294e2560-bd48-44b2-9da2-833b5588ad11", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", + "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1", + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e45723a-31da-4a7e-aaa6-e01998a6788f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -24987,6 +24917,27 @@ ], "type": "uses" }, + { + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ @@ -24994,6 +24945,118 @@ ], "type": "uses" }, + { + "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "42be2a84-5a5c-4c6d-9864-3f09d75bb0ba", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4664b683-f578-434f-919b-1c1aad2a1111", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4b346d12-7f91-48d2-8f06-b26ffa0d825b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5be33fef-39c0-4532-84ee-bea31e1b5324", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6add2ab5-2711-4e9d-87c8-7a0be8531530", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", "tags": [ @@ -25009,35 +25072,28 @@ "type": "uses" }, { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b", + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", + "dest-uuid": "a0082cfa-32e2-42b8-92d8-5c7a7409dcf1", "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" + "estimative-language:likelihood-probability=\"likely\"" ], - "type": "uses" + "type": "similar" }, { - "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -25051,91 +25107,7 @@ "type": "uses" }, { - "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d336b553-5da9-46ca-98a8-0b23f49fb447", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4664b683-f578-434f-919b-1c1aad2a1111", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df4cd566-ff2f-4d08-976d-8c86e95782de", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "eff1a885-6f90-42a1-901f-eef6e7a1905e", + "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -25149,161 +25121,21 @@ "type": "uses" }, { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "dest-uuid": "b0533c6e-8fea-4788-874f-b799cacc4b92", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", + "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "f6ad61ee-65f3-4bd0-a3f5-2f0accb36317", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "294e2560-bd48-44b2-9da2-833b5588ad11", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5be33fef-39c0-4532-84ee-bea31e1b5324", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4b346d12-7f91-48d2-8f06-b26ffa0d825b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0a68f1f1-da74-4d28-8d9a-696c082706cc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6add2ab5-2711-4e9d-87c8-7a0be8531530", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d5268dfb-ae2b-4e0e-ac07-02a460613d8a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b9eec47e-98f4-4b3c-b574-3fa8a87ebe05", + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -25316,12 +25148,180 @@ ], "type": "uses" }, + { + "dest-uuid": "b76b2d94-60e4-4107-a903-4a3a7622fb3b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b9eec47e-98f4-4b3c-b574-3fa8a87ebe05", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf147104-abf9-4221-95d1-e81585859441", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cde2d700-9ed1-46cf-9bce-07364fe8b24f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cf23bf4a-e003-4116-bbae-1ea6c558d565", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d336b553-5da9-46ca-98a8-0b23f49fb447", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d5268dfb-ae2b-4e0e-ac07-02a460613d8a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df4cd566-ff2f-4d08-976d-8c86e95782de", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "eff1a885-6f90-42a1-901f-eef6e7a1905e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f6ad61ee-65f3-4bd0-a3f5-2f0accb36317", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "4ca1929c-7d64-4aab-b849-badbfc0c760d", @@ -25332,9 +25332,9 @@ "meta": { "external_id": "G0055", "refs": [ + "http://download.microsoft.com/download/E/B/0/EB0F50CC-989C-4B66-B7F6-68CD3DC90DE3/Microsoft_Security_Intelligence_Report_Volume_21_English.pdf", "https://attack.mitre.org/groups/G0055", "https://blogs.technet.microsoft.com/mmpc/2016/12/14/twin-zero-day-attacks-promethium-and-neodymium-target-individuals-in-europe/", - "http://download.microsoft.com/download/E/B/0/EB0F50CC-989C-4B66-B7F6-68CD3DC90DE3/Microsoft_Security_Intelligence_Report_Volume_21_English.pdf", "https://www.cyberscoop.com/middle-eastern-hacking-group-using-finfisher-malware-conduct-international-espionage/" ], "synonyms": [ @@ -25349,19 +25349,19 @@ ], "type": "similar" }, - { - "dest-uuid": "ada08ea8-4517-4eea-aff1-3ad69e5466bb", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "a8d3d497-2da9-4797-8e0b-ed176be08654", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "ada08ea8-4517-4eea-aff1-3ad69e5466bb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "025bdaa9-897d-4bad-afa6-013ba5734653", @@ -25372,10 +25372,10 @@ "meta": { "external_id": "G0056", "refs": [ - "https://attack.mitre.org/groups/G0056", - "https://blogs.technet.microsoft.com/mmpc/2016/12/14/twin-zero-day-attacks-promethium-and-neodymium-target-individuals-in-europe/", "http://download.microsoft.com/download/E/B/0/EB0F50CC-989C-4B66-B7F6-68CD3DC90DE3/Microsoft_Security_Intelligence_Report_Volume_21_English.pdf", + "https://attack.mitre.org/groups/G0056", "https://blog.talosintelligence.com/2020/06/promethium-extends-with-strongpity3.html", + "https://blogs.technet.microsoft.com/mmpc/2016/12/14/twin-zero-day-attacks-promethium-and-neodymium-target-individuals-in-europe/", "https://www.bitdefender.com/files/News/CaseStudies/study/353/Bitdefender-Whitepaper-StrongPity-APT.pdf" ], "synonyms": [ @@ -25384,27 +25384,6 @@ ] }, "related": [ - { - "dest-uuid": "5744f91a-d2d8-4f92-920f-943dd80c578f", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "43894e2a-174e-4931-94a8-2296afe8f650", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "8868cb5b-d575-4a60-acb2-07d37389a2fd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ @@ -25412,55 +25391,6 @@ ], "type": "uses" }, - { - "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "20945359-3b39-4542-85ef-08ecb4e1c174", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "34b3f738-bd64-40e5-a112-29b0542bc8bf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1cec9319-743b-4840-bb65-431547bce82a", "tags": [ @@ -25469,7 +25399,14 @@ "type": "uses" }, { - "dest-uuid": "691c60e2-273d-4d56-9ce6-b67e0f8719ad", + "dest-uuid": "20945359-3b39-4542-85ef-08ecb4e1c174", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -25482,6 +25419,69 @@ ], "type": "uses" }, + { + "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "34b3f738-bd64-40e5-a112-29b0542bc8bf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "43894e2a-174e-4931-94a8-2296afe8f650", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "5744f91a-d2d8-4f92-920f-943dd80c578f", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "691c60e2-273d-4d56-9ce6-b67e0f8719ad", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8868cb5b-d575-4a60-acb2-07d37389a2fd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "fdc47f44-dd32-4b99-af5f-209f556f63c2", "tags": [ @@ -25499,13 +25499,13 @@ "external_id": "G0065", "refs": [ "https://attack.mitre.org/groups/G0065", + "https://us-cert.cisa.gov/ncas/alerts/aa21-200a", "https://www.accenture.com/us-en/blogs/cyber-defense/mudcarps-focus-on-submarine-technologies", "https://www.crowdstrike.com/blog/two-birds-one-stone-panda/", - "https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets", - "https://www.microsoft.com/security/blog/2020/09/24/gadolinium-detecting-empires-cloud/", - "https://us-cert.cisa.gov/ncas/alerts/aa21-200a", "https://www.fireeye.com/blog/threat-research/2018/03/suspected-chinese-espionage-group-targeting-maritime-and-engineering-industries.html", "https://www.fireeye.com/blog/threat-research/2019/03/apt40-examining-a-china-nexus-espionage-actor.html", + "https://www.microsoft.com/security/blog/2020/09/24/gadolinium-detecting-empires-cloud/", + "https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets", "https://www.secureworks.com/research/threat-profiles/bronze-mohawk" ], "synonyms": [ @@ -25521,56 +25521,35 @@ }, "related": [ { - "dest-uuid": "5b4b6980-3bc7-11e8-84d6-879aaac37dd9", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "5a3a31fe-5a8f-48e1-bff0-a753e5b1be70", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "dest-uuid": "049ff071-0b3c-4712-95d2-d21c6aa54501", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "274770e0-2612-4ccf-a678-ef8e7bad365d", + "dest-uuid": "06d735e7-1db1-4dbe-ab4b-acbe419f902b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "b1ccd744-3f78-4a0e-9bb2-2002057f7928", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9c99724c-a483-4d60-ad9d-7f004e42e8e8", + "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -25590,111 +25569,6 @@ ], "type": "uses" }, - { - "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bc76d0a4-db11-4551-9ac4-01a469cfb161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "64764dc6-a032-495f-8250-1e4c06bdc163", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "049ff071-0b3c-4712-95d2-d21c6aa54501", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "94379dec-5c87-49db-b36e-66abc0b81344", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c8e87b83-edbb-48d4-9295-4974897525b7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "359b00ad-9425-420b-bba5-6de8d600cbc0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "13cd9151-83b7-410d-9f98-25d0f0d1d80d", "tags": [ @@ -25702,139 +25576,6 @@ ], "type": "uses" }, - { - "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7451bcf9-e6e6-4a70-bc3d-1599173d0035", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d69c8146-ab35-4d50-8382-6fc80e641d43", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3433a9e8-1c47-4320-b9bf-ed449061d1c3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9e7452df-5144-4b6e-b04a-b66dd4016747", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ @@ -25843,84 +25584,7 @@ "type": "uses" }, { - "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65013dd2-bc61-43e3-afb5-a14c4fa7437a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "06d735e7-1db1-4dbe-ab4b-acbe419f902b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "242f3da3-4425-4d11-8f5c-b842886da966", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "705f0783-5f7d-4491-b6b7-9628e6e006d2", + "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -25934,7 +25598,168 @@ "type": "uses" }, { - "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", + "dest-uuid": "242f3da3-4425-4d11-8f5c-b842886da966", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "274770e0-2612-4ccf-a678-ef8e7bad365d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3433a9e8-1c47-4320-b9bf-ed449061d1c3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "359b00ad-9425-420b-bba5-6de8d600cbc0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57d83eac-a2ea-42b0-a7b2-c80c55157790", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5a3a31fe-5a8f-48e1-bff0-a753e5b1be70", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5b4b6980-3bc7-11e8-84d6-879aaac37dd9", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "64764dc6-a032-495f-8250-1e4c06bdc163", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "65013dd2-bc61-43e3-afb5-a14c4fa7437a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "705f0783-5f7d-4491-b6b7-9628e6e006d2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7451bcf9-e6e6-4a70-bc3d-1599173d0035", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -25948,7 +25773,182 @@ "type": "uses" }, { - "dest-uuid": "57d83eac-a2ea-42b0-a7b2-c80c55157790", + "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "94379dec-5c87-49db-b36e-66abc0b81344", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9c99724c-a483-4d60-ad9d-7f004e42e8e8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9e7452df-5144-4b6e-b04a-b66dd4016747", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b1ccd744-3f78-4a0e-9bb2-2002057f7928", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bc76d0a4-db11-4551-9ac4-01a469cfb161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c8e87b83-edbb-48d4-9295-4974897525b7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d69c8146-ab35-4d50-8382-6fc80e641d43", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -25972,7 +25972,14 @@ }, "related": [ { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "0a68f1f1-da74-4d28-8d9a-696c082706cc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -25986,28 +25993,7 @@ "type": "uses" }, { - "dest-uuid": "cde2d700-9ed1-46cf-9bce-07364fe8b24f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -26020,6 +26006,20 @@ ], "type": "uses" }, + { + "dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cde2d700-9ed1-46cf-9bce-07364fe8b24f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "d186c1d6-e3ac-4c3d-a534-9ddfeb8c57bb", "tags": [ @@ -26027,6 +26027,13 @@ ], "type": "uses" }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ @@ -26035,14 +26042,7 @@ "type": "uses" }, { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0a68f1f1-da74-4d28-8d9a-696c082706cc", + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -26065,10 +26065,10 @@ "external_id": "G0095", "refs": [ "https://attack.mitre.org/groups/G0095", - "https://threatvector.cylance.com/en_us/home/el-machete-malware-attacks-cut-through-latam.html", + "https://blog.360totalsecurity.com/en/apt-c-43-steals-venezuelan-military-secrets-to-provide-intelligence-support-for-the-reactionaries-hpreact-campaign/", "https://securelist.com/el-machete/66108/", - "https://www.welivesecurity.com/wp-content/uploads/2019/08/ESET_Machete.pdf", - "https://blog.360totalsecurity.com/en/apt-c-43-steals-venezuelan-military-secrets-to-provide-intelligence-support-for-the-reactionaries-hpreact-campaign/" + "https://threatvector.cylance.com/en_us/home/el-machete-malware-attacks-cut-through-latam.html", + "https://www.welivesecurity.com/wp-content/uploads/2019/08/ESET_Machete.pdf" ], "synonyms": [ "Machete", @@ -26078,28 +26078,14 @@ }, "related": [ { - "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4b74a1d4-b0e9-4ef1-93f1-14ecc6e2f5b5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "35cd1d01-1ede-44d2-b073-a264d727bc04", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -26113,7 +26099,7 @@ "type": "uses" }, { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -26127,28 +26113,7 @@ "type": "uses" }, { - "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "dest-uuid": "35cd1d01-1ede-44d2-b073-a264d727bc04", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -26162,7 +26127,42 @@ "type": "uses" }, { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "dest-uuid": "4b74a1d4-b0e9-4ef1-93f1-14ecc6e2f5b5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -26177,8 +26177,8 @@ "meta": { "external_id": "G0066", "refs": [ - "https://attack.mitre.org/groups/G0066", "http://securityaffairs.co/wordpress/8528/hacking/elderwood-project-who-is-behind-op-aurora-and-ongoing-attacks.html", + "https://attack.mitre.org/groups/G0066", "https://web.archive.org/web/20190717233006/http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-elderwood-project.pdf", "https://www.csmonitor.com/USA/2012/0914/Stealing-US-business-secrets-Experts-ID-two-huge-cyber-gangs-in-China" ], @@ -26190,48 +26190,6 @@ ] }, "related": [ - { - "dest-uuid": "da754aeb-a86d-4874-b388-d1d2028a56be", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "e9e9bfe2-76f4-4870-a2a1-b7af89808613", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "48523614-309e-43bf-a2b8-705c2b45d7b2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c251e4a5-9a2e-4166-8e42-442af75c3b9a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "039814a0-88de-46c5-a4fb-b293db21880a", "tags": [ @@ -26239,55 +26197,6 @@ ], "type": "uses" }, - { - "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b42378e0-f147-496f-992a-26a49705395b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f4d8a2d6-c684-453a-8a14-cf4a94f755c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e811ff6a-4cef-4856-a6ae-a7daf9ed39ae", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ @@ -26296,7 +26205,21 @@ "type": "uses" }, { - "dest-uuid": "79499993-a8d6-45eb-b343-bf58dea5bdde", + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "48523614-309e-43bf-a2b8-705c2b45d7b2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -26310,7 +26233,7 @@ "type": "uses" }, { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "dest-uuid": "79499993-a8d6-45eb-b343-bf58dea5bdde", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -26322,6 +26245,83 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "b42378e0-f147-496f-992a-26a49705395b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c251e4a5-9a2e-4166-8e42-442af75c3b9a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "da754aeb-a86d-4874-b388-d1d2028a56be", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e811ff6a-4cef-4856-a6ae-a7daf9ed39ae", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e9e9bfe2-76f4-4870-a2a1-b7af89808613", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f4d8a2d6-c684-453a-8a14-cf4a94f755c5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "03506554-5f37-4f8f-9ce4-0e9f01a1b484", @@ -26341,14 +26341,14 @@ }, "related": [ { - "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", + "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", + "dest-uuid": "8d9e758b-735f-4cbc-ba7c-32cd15138b2a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -26376,14 +26376,14 @@ "type": "uses" }, { - "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", + "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "8d9e758b-735f-4cbc-ba7c-32cd15138b2a", + "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -26406,6 +26406,20 @@ ] }, "related": [ + { + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "0f1ad2ef-41d4-4b7a-9304-ddae68ea3005", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "154e97b5-47ef-415a-99a6-2157f1b50339", "tags": [ @@ -26421,42 +26435,7 @@ "type": "similar" }, { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e170995d-4f61-4f17-b60e-04f9a06ee517", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f5946b5e-9408-485f-a7f7-b5efc88909b6", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -26470,7 +26449,21 @@ "type": "uses" }, { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -26484,14 +26477,14 @@ "type": "uses" }, { - "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -26505,14 +26498,7 @@ "type": "uses" }, { - "dest-uuid": "0f1ad2ef-41d4-4b7a-9304-ddae68ea3005", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "dest-uuid": "e170995d-4f61-4f17-b60e-04f9a06ee517", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -26524,6 +26510,20 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "f5946b5e-9408-485f-a7f7-b5efc88909b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "f9c06633-dcff-48a1-8588-759e7cec5694", @@ -26535,14 +26535,14 @@ "external_id": "G0069", "refs": [ "https://attack.mitre.org/groups/G0069", + "https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/", "https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-targeted-attacks-in-the-middle-east/", - "https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group", + "https://www.anomali.com/blog/probable-iranian-cyber-actors-static-kitten-conducting-cyberespionage-campaign-targeting-uae-and-kuwait-government-agencies", "https://www.clearskysec.com/wp-content/uploads/2018/11/MuddyWater-Operations-in-Lebanon-and-Oman.pdf", "https://www.clearskysec.com/wp-content/uploads/2019/06/Clearsky-Iranian-APT-group-%E2%80%98MuddyWater%E2%80%99-Adds-Exploits-to-Their-Arsenal.pdf", - "https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/", - "https://www.trendmicro.com/en_us/research/21/c/earth-vetala---muddywater-continues-to-target-organizations-in-t.html", - "https://www.anomali.com/blog/probable-iranian-cyber-actors-static-kitten-conducting-cyberespionage-campaign-targeting-uae-and-kuwait-government-agencies", - "https://www.fireeye.com/blog/threat-research/2018/03/iranian-threat-group-updates-ttps-in-spear-phishing-campaign.html" + "https://www.fireeye.com/blog/threat-research/2018/03/iranian-threat-group-updates-ttps-in-spear-phishing-campaign.html", + "https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group", + "https://www.trendmicro.com/en_us/research/21/c/earth-vetala---muddywater-continues-to-target-organizations-in-t.html" ], "synonyms": [ "MuddyWater", @@ -26555,231 +26555,21 @@ }, "related": [ { - "dest-uuid": "a29af069-03c3-4534-b78b-7d1a77ea085b", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "b76b2d94-60e4-4107-a903-4a3a7622fb3b", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c726e0a2-a57a-4b7b-a973-d0f013246617", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c4810609-7da6-48ec-8057-1b70a7814db0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "79a47ad0-fc3b-4821-9f01-a026b1ddba21", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4cbc6a62-9e34-4f94-8a19-5c1a11392a49", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "13cd9151-83b7-410d-9f98-25d0f0d1d80d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6add2ab5-2711-4e9d-87c8-7a0be8531530", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "73c4711b-407a-449d-b269-e3b1531fe7a9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "69f897fd-12a9-4c89-ad6a-46d2f3c38262", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03c6e0ea-96d3-4b23-9afb-05055663cf4b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "84e02621-8fdf-470f-bd58-993bb6a89d91", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c8655260-9f4b-44e3-85e1-6538a5f6e4f4", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -26793,56 +26583,7 @@ "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "80c815bb-b24a-4b9c-9d73-ff4c075a278d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "dest-uuid": "03c6e0ea-96d3-4b23-9afb-05055663cf4b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -26856,35 +26597,7 @@ "type": "uses" }, { - "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -26898,21 +26611,77 @@ "type": "uses" }, { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", + "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", + "dest-uuid": "13cd9151-83b7-410d-9f98-25d0f0d1d80d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -26933,28 +26702,7 @@ "type": "uses" }, { - "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "842976c7-f9c8-41b2-8371-41dc64fbe261", + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -26974,6 +26722,20 @@ ], "type": "uses" }, + { + "dest-uuid": "4cbc6a62-9e34-4f94-8a19-5c1a11392a49", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ @@ -26982,14 +26744,98 @@ "type": "uses" }, { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", + "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "dest-uuid": "69f897fd-12a9-4c89-ad6a-46d2f3c38262", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6add2ab5-2711-4e9d-87c8-7a0be8531530", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "73c4711b-407a-449d-b269-e3b1531fe7a9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "79a47ad0-fc3b-4821-9f01-a026b1ddba21", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "80c815bb-b24a-4b9c-9d73-ff4c075a278d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "842976c7-f9c8-41b2-8371-41dc64fbe261", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "84e02621-8fdf-470f-bd58-993bb6a89d91", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -27002,6 +26848,153 @@ ], "type": "uses" }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a29af069-03c3-4534-b78b-7d1a77ea085b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b76b2d94-60e4-4107-a903-4a3a7622fb3b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c4810609-7da6-48ec-8057-1b70a7814db0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c726e0a2-a57a-4b7b-a973-d0f013246617", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c8655260-9f4b-44e3-85e1-6538a5f6e4f4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ @@ -27015,6 +27008,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "269e8108-68c6-4f99-b911-14b2e765dec2", @@ -27026,8 +27026,8 @@ "external_id": "G0077", "refs": [ "https://attack.mitre.org/groups/G0077", - "https://www.symantec.com/blogs/threat-intelligence/leafminer-espionage-middle-east", - "https://www.dragos.com/blog/20180802Raspite.html" + "https://www.dragos.com/blog/20180802Raspite.html", + "https://www.symantec.com/blogs/threat-intelligence/leafminer-espionage-middle-east" ], "synonyms": [ "Leafminer", @@ -27035,6 +27035,13 @@ ] }, "related": [ + { + "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", "tags": [ @@ -27043,42 +27050,7 @@ "type": "uses" }, { - "dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", + "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -27092,21 +27064,21 @@ "type": "uses" }, { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "999c4e6e-b8dc-4b4f-8d6e-1b829f29997e", + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -27127,35 +27099,35 @@ "type": "uses" }, { - "dest-uuid": "b76b2d94-60e4-4107-a903-4a3a7622fb3b", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", + "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", + "dest-uuid": "999c4e6e-b8dc-4b4f-8d6e-1b829f29997e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", + "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -27169,14 +27141,42 @@ "type": "uses" }, { - "dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c", + "dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", + "dest-uuid": "b76b2d94-60e4-4107-a903-4a3a7622fb3b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -27192,8 +27192,8 @@ "external_id": "G0079", "refs": [ "https://attack.mitre.org/groups/G0079", - "https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/", - "https://pan-unit42.github.io/playbook_viewer/" + "https://pan-unit42.github.io/playbook_viewer/", + "https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/" ], "synonyms": [ "DarkHydrus" @@ -27201,14 +27201,28 @@ }, "related": [ { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8ec6e3b4-b06d-4805-b6aa-af916acc2122", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -27229,35 +27243,7 @@ "type": "uses" }, { - "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8ec6e3b4-b06d-4805-b6aa-af916acc2122", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -27269,6 +27255,20 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "6b9ebeb5-20bf-48b0-afb7-988d769a2f01", @@ -27281,9 +27281,9 @@ "refs": [ "https://attack.mitre.org/groups/G0098", "https://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blacktech-cyber-espionage-campaigns/", + "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt", "https://www.ironnet.com/blog/china-cyber-attacks-the-current-threat-landscape", - "https://www.reuters.com/article/us-taiwan-cyber-china/taiwan-says-china-behind-cyberattacks-on-government-agencies-emails-idUSKCN25F0JK", - "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt" + "https://www.reuters.com/article/us-taiwan-cyber-china/taiwan-says-china-behind-cyberattacks-on-government-agencies-emails-idUSKCN25F0JK" ], "synonyms": [ "BlackTech", @@ -27291,55 +27291,6 @@ ] }, "related": [ - { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "76ac7989-c5cc-42e2-93e3-d6c476f01ace", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "77eae145-55db-4519-8ae5-77b0c7215d69", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "19401639-28d0-4c3c-adcc-bc2ba22f6421", "tags": [ @@ -27348,35 +27299,14 @@ "type": "uses" }, { - "dest-uuid": "592260fb-dd5c-4a30-8d99-106a0485be0d", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f3f1fbed-7e29-49cb-8579-4a378f858deb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -27390,7 +27320,7 @@ "type": "uses" }, { - "dest-uuid": "b2d134a1-7bd5-4293-94d4-8fc978cb1cd7", + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -27411,7 +27341,63 @@ "type": "uses" }, { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "dest-uuid": "592260fb-dd5c-4a30-8d99-106a0485be0d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "76ac7989-c5cc-42e2-93e3-d6c476f01ace", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "77eae145-55db-4519-8ae5-77b0c7215d69", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b2d134a1-7bd5-4293-94d4-8fc978cb1cd7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b57f419e-8b12-49d3-886b-145383725dcd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -27425,7 +27411,21 @@ "type": "uses" }, { - "dest-uuid": "b57f419e-8b12-49d3-886b-145383725dcd", + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3f1fbed-7e29-49cb-8579-4a378f858deb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -27441,10 +27441,10 @@ "external_id": "G0118", "refs": [ "https://attack.mitre.org/groups/G0118", + "https://www.crowdstrike.com/blog/sunspot-malware-technical-analysis/", "https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html", - "https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/", "https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/", - "https://www.crowdstrike.com/blog/sunspot-malware-technical-analysis/" + "https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/" ], "synonyms": [ "UNC2452", @@ -27455,14 +27455,98 @@ }, "related": [ { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "f9cc4d06-775f-4ee1-b401-4e2cc0da30ba", + "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "132d5b37-aac5-4378-a8dc-3127b18a73dc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1f9c2bae-b441-4f66-a8af-b65946ee72f2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "212306d8-efa4-44c9-8c2d-ed3d2e224aa0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "24769ab5-14bd-4f4e-a752-cfb185da53ee", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "32f49626-87f4-4d6c-8f59-a0dca953fe26", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -27476,42 +27560,14 @@ "type": "uses" }, { - "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "8a2f40cf-8325-47f9-96e4-b1ca4c7389bd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a8839c95-029f-44cf-8f3d-a3cf2039e927", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -27532,245 +27588,7 @@ "type": "uses" }, { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "51a14c76-dd3b-440b-9c20-2bf91d25a814", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "767dbf9e-df3f-45cb-8998-4903ab5f80c0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e74de37c-a829-446c-937d-56a44f0e9306", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "212306d8-efa4-44c9-8c2d-ed3d2e224aa0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c3c8c916-2f3c-4e71-94b2-240bdfc996f0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5c747acd-47f0-4c5a-b9e5-213541fc01e0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f2877f7f-9a4c-4251-879f-1224e3006bee", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "979adb5a-dc30-48f0-9e3d-9a26d866928c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f303a39a-6255-4b89-aecc-18c4d8ca7163", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "72b74d71-8169-42aa-92e0-e7b04b9f5a08", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1f9c2bae-b441-4f66-a8af-b65946ee72f2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f59508a6-3615-47c3-b493-6676e1a39a87", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", + "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -27783,6 +27601,13 @@ ], "type": "uses" }, + { + "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "4eb28bed-d11a-4641-9863-c2ac017d910a", "tags": [ @@ -27790,41 +27615,6 @@ ], "type": "uses" }, - { - "dest-uuid": "7bd9c723-2f78-4309-82c5-47cad406572b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "32f49626-87f4-4d6c-8f59-a0dca953fe26", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "4efc3e00-72f2-466a-ab7c-8a7dc6603b19", "tags": [ @@ -27833,56 +27623,77 @@ "type": "uses" }, { - "dest-uuid": "132d5b37-aac5-4378-a8dc-3127b18a73dc", + "dest-uuid": "51a14c76-dd3b-440b-9c20-2bf91d25a814", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", + "dest-uuid": "5c747acd-47f0-4c5a-b9e5-213541fc01e0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "bf48e7f8-752c-4ce8-bf8f-748edacd8fa6", + "dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "24769ab5-14bd-4f4e-a752-cfb185da53ee", + "dest-uuid": "60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "dest-uuid": "72b74d71-8169-42aa-92e0-e7b04b9f5a08", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "bd369cd9-abb8-41ce-b5bb-fff23ee86c00", + "dest-uuid": "767dbf9e-df3f-45cb-8998-4903ab5f80c0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", + "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bd9c723-2f78-4309-82c5-47cad406572b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -27901,44 +27712,79 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "revoked-by" - } - ], - "uuid": "dc5e2999-ca1a-47d4-8d12-a6984b138a1b", - "value": "UNC2452 - G0118" - }, - { - "description": "[TA551](https://attack.mitre.org/groups/G0127) is a financially-motivated threat group that has been active since at least 2018. (Citation: Secureworks GOLD CABIN) The group has primarily targeted English, German, Italian, and Japanese speakers through email-based malware distribution campaigns. (Citation: Unit 42 TA551 Jan 2021)", - "meta": { - "external_id": "G0127", - "refs": [ - "https://attack.mitre.org/groups/G0127", - "https://www.secureworks.com/research/threat-profiles/gold-cabin", - "https://unit42.paloaltonetworks.com/ta551-shathak-icedid/", - "https://unit42.paloaltonetworks.com/valak-evolution/" - ], - "synonyms": [ - "TA551", - "GOLD CABIN", - "Shathak" - ] - }, - "related": [ + }, { - "dest-uuid": "1492d0f8-7e14-4af3-9239-bc3fe10d3407", + "dest-uuid": "8a2f40cf-8325-47f9-96e4-b1ca4c7389bd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "edc5e045-5401-42bb-ad92-52b5b2ee0de9", + "dest-uuid": "8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "979adb5a-dc30-48f0-9e3d-9a26d866928c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a8839c95-029f-44cf-8f3d-a3cf2039e927", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -27952,21 +27798,28 @@ "type": "uses" }, { - "dest-uuid": "118f61a5-eb3e-4fb6-931f-2096647f4ecd", + "dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", + "dest-uuid": "bd369cd9-abb8-41ce-b5bb-fff23ee86c00", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", + "dest-uuid": "bf48e7f8-752c-4ce8-bf8f-748edacd8fa6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c3c8c916-2f3c-4e71-94b2-240bdfc996f0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -27980,56 +27833,7 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "69f897fd-12a9-4c89-ad6a-46d2f3c38262", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5147ef15-1cae-4707-8ea1-bee8d98b7f1d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -28042,12 +27846,208 @@ ], "type": "uses" }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e74de37c-a829-446c-937d-56a44f0e9306", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f2877f7f-9a4c-4251-879f-1224e3006bee", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f303a39a-6255-4b89-aecc-18c4d8ca7163", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f59508a6-3615-47c3-b493-6676e1a39a87", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f9cc4d06-775f-4ee1-b401-4e2cc0da30ba", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], + "uuid": "dc5e2999-ca1a-47d4-8d12-a6984b138a1b", + "value": "UNC2452 - G0118" + }, + { + "description": "[TA551](https://attack.mitre.org/groups/G0127) is a financially-motivated threat group that has been active since at least 2018. (Citation: Secureworks GOLD CABIN) The group has primarily targeted English, German, Italian, and Japanese speakers through email-based malware distribution campaigns. (Citation: Unit 42 TA551 Jan 2021)", + "meta": { + "external_id": "G0127", + "refs": [ + "https://attack.mitre.org/groups/G0127", + "https://unit42.paloaltonetworks.com/ta551-shathak-icedid/", + "https://unit42.paloaltonetworks.com/valak-evolution/", + "https://www.secureworks.com/research/threat-profiles/gold-cabin" + ], + "synonyms": [ + "TA551", + "GOLD CABIN", + "Shathak" + ] + }, + "related": [ + { + "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "118f61a5-eb3e-4fb6-931f-2096647f4ecd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1492d0f8-7e14-4af3-9239-bc3fe10d3407", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5147ef15-1cae-4707-8ea1-bee8d98b7f1d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "69f897fd-12a9-4c89-ad6a-46d2f3c38262", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "ade37ada-14af-4b44-b36c-210eec255d53", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "edc5e045-5401-42bb-ad92-52b5b2ee0de9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "94873029-f950-4268-9cfd-5032e15cb182", @@ -28060,8 +28060,8 @@ "refs": [ "https://attack.mitre.org/groups/G0121", "https://cdn-cybersecurity.att.com/docs/global-perspective-of-the-sidewinder-apt.pdf", - "https://securelist.com/apt-trends-report-q1-2018/85280/", - "https://cybleinc.com/2020/09/26/sidewinder-apt-targets-with-futuristic-tactics-and-techniques/" + "https://cybleinc.com/2020/09/26/sidewinder-apt-targets-with-futuristic-tactics-and-techniques/", + "https://securelist.com/apt-trends-report-q1-2018/85280/" ], "synonyms": [ "Sidewinder", @@ -28071,70 +28071,7 @@ }, "related": [ { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c8655260-9f4b-44e3-85e1-6538a5f6e4f4", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -28148,7 +28085,7 @@ "type": "uses" }, { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -28161,76 +28098,6 @@ ], "type": "uses" }, - { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8982a661-d84c-48c0-b4ec-1db29c6cf3bc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", "tags": [ @@ -28238,6 +28105,13 @@ ], "type": "uses" }, + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ @@ -28253,7 +28127,56 @@ "type": "uses" }, { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8982a661-d84c-48c0-b4ec-1db29c6cf3bc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -28266,6 +28189,41 @@ ], "type": "uses" }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c8655260-9f4b-44e3-85e1-6538a5f6e4f4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "tags": [ @@ -28273,12 +28231,54 @@ ], "type": "uses" }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "3fc023b2-c5cc-481d-9c3e-70141ae1a87e", @@ -28290,9 +28290,9 @@ "external_id": "G0112", "refs": [ "https://attack.mitre.org/groups/G0112", - "https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1554718868.pdf", "https://objective-see.com/blog/blog_0x3B.html", - "https://objective-see.com/blog/blog_0x3D.html" + "https://objective-see.com/blog/blog_0x3D.html", + "https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1554718868.pdf" ], "synonyms": [ "Windshift", @@ -28300,27 +28300,6 @@ ] }, "related": [ - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f6ad61ee-65f3-4bd0-a3f5-2f0accb36317", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ @@ -28328,6 +28307,13 @@ ], "type": "uses" }, + { + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "0d1f9f5b-11ea-42c3-b5f4-63cce0122541", "tags": [ @@ -28335,6 +28321,13 @@ ], "type": "uses" }, + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ @@ -28343,7 +28336,91 @@ "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "786f488c-cb1f-4602-89c5-86d982ee326b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8197f026-64da-4700-93b9-b55ba55f3b31", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a8c31121-852b-46bd-9ba4-674ae5afe7ad", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -28356,20 +28433,6 @@ ], "type": "uses" }, - { - "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "b4b7458f-81f2-4d38-84be-1c5ba0167a52", "tags": [ @@ -28385,105 +28448,7 @@ "type": "uses" }, { - "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8197f026-64da-4700-93b9-b55ba55f3b31", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "786f488c-cb1f-4602-89c5-86d982ee326b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ed2c05a1-4f81-4d97-9e1b-aff01c34ae84", + "dest-uuid": "cde2cb84-455e-410c-8aa9-086f2788bcd2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -28496,27 +28461,6 @@ ], "type": "uses" }, - { - "dest-uuid": "cde2cb84-455e-410c-8aa9-086f2788bcd2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", "tags": [ @@ -28525,21 +28469,7 @@ "type": "uses" }, { - "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a8c31121-852b-46bd-9ba4-674ae5afe7ad", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", + "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -28552,12 +28482,82 @@ ], "type": "uses" }, + { + "dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ed2c05a1-4f81-4d97-9e1b-aff01c34ae84", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f6ad61ee-65f3-4bd0-a3f5-2f0accb36317", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "afec6dc3-a18e-4b62-b1a4-5510e1a498d1", @@ -28578,49 +28578,42 @@ }, "related": [ { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", + "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "5e4a2073-9643-44cb-a0b5-e7f4048446c7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ae676644-d2d2-41b7-af7e-9bed1b55898c", + "dest-uuid": "066b057c-944e-4cfc-b654-e3dfba04b926", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -28634,42 +28627,56 @@ "type": "uses" }, { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "1e9eb839-294b-48cc-b0d3-c45555a2a004", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "b2d03cea-aec1-45ca-9744-9ee583c1e1cc", + "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -28682,6 +28689,41 @@ ], "type": "uses" }, + { + "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "359b00ad-9425-420b-bba5-6de8d600cbc0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", "tags": [ @@ -28690,14 +28732,56 @@ "type": "uses" }, { - "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", + "dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "c256da91-6dd5-40b2-beeb-ee3b22ab3d27", + "dest-uuid": "5e4a2073-9643-44cb-a0b5-e7f4048446c7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "767dbf9e-df3f-45cb-8998-4903ab5f80c0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -28710,6 +28794,104 @@ ], "type": "uses" }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ae676644-d2d2-41b7-af7e-9bed1b55898c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b2d03cea-aec1-45ca-9744-9ee583c1e1cc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b6075259-dba3-44e9-87c7-e954f37ec0d5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bc76d0a4-db11-4551-9ac4-01a469cfb161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", "tags": [ @@ -28725,252 +28907,14 @@ "type": "uses" }, { - "dest-uuid": "b6075259-dba3-44e9-87c7-e954f37ec0d5", + "dest-uuid": "c256da91-6dd5-40b2-beeb-ee3b22ab3d27", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d4b96d2c-1032-4b22-9235-2b5b649d0605", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "767dbf9e-df3f-45cb-8998-4903ab5f80c0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bc76d0a4-db11-4551-9ac4-01a469cfb161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1e9eb839-294b-48cc-b0d3-c45555a2a004", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dd43c543-bb85-4a6f-aa6e-160d90d06a49", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "359b00ad-9425-420b-bba5-6de8d600cbc0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "066b057c-944e-4cfc-b654-e3dfba04b926", + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -28984,35 +28928,28 @@ "type": "uses" }, { - "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "dest-uuid": "d4b96d2c-1032-4b22-9235-2b5b649d0605", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "dest-uuid": "dd43c543-bb85-4a6f-aa6e-160d90d06a49", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -29026,7 +28963,70 @@ "type": "uses" }, { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -29050,7 +29050,14 @@ }, "related": [ { - "dest-uuid": "bd369cd9-abb8-41ce-b5bb-fff23ee86c00", + "dest-uuid": "60c4b628-4807-4b0b-bbf5-fdac8643c337", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bd9c723-2f78-4309-82c5-47cad406572b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -29064,7 +29071,7 @@ "type": "uses" }, { - "dest-uuid": "60c4b628-4807-4b0b-bbf5-fdac8643c337", + "dest-uuid": "bd369cd9-abb8-41ce-b5bb-fff23ee86c00", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -29076,13 +29083,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "7bd9c723-2f78-4309-82c5-47cad406572b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "99910207-1741-4da1-9b5d-537410186b51", @@ -29102,7 +29102,7 @@ }, "related": [ { - "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -29116,42 +29116,7 @@ "type": "uses" }, { - "dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5d342981-5194-41e7-b33f-8e91998d7d88", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "dest-uuid": "13cd9151-83b7-410d-9f98-25d0f0d1d80d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -29164,6 +29129,20 @@ ], "type": "uses" }, + { + "dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5d342981-5194-41e7-b33f-8e91998d7d88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ @@ -29172,7 +29151,28 @@ "type": "uses" }, { - "dest-uuid": "13cd9151-83b7-410d-9f98-25d0f0d1d80d", + "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -29187,30 +29187,16 @@ "meta": { "external_id": "G0142", "refs": [ + " https://www.uptycs.com/blog/confucius-apt-deploys-warzone-rat", "https://attack.mitre.org/groups/G0142", "https://www.trendmicro.com/en_us/research/18/b/deciphering-confucius-cyberespionage-operations.html", - "https://www.trendmicro.com/en_us/research/21/h/confucius-uses-pegasus-spyware-related-lures-to-target-pakistani.html", - " https://www.uptycs.com/blog/confucius-apt-deploys-warzone-rat" + "https://www.trendmicro.com/en_us/research/21/h/confucius-uses-pegasus-spyware-related-lures-to-target-pakistani.html" ], "synonyms": [ "Confucius APT" ] }, "related": [ - { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ @@ -29218,55 +29204,6 @@ ], "type": "uses" }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "fde19a18-e502-467f-be14-58c71b4e7f4b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ @@ -29274,13 +29211,6 @@ ], "type": "uses" }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ @@ -29288,13 +29218,6 @@ ], "type": "uses" }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ @@ -29303,21 +29226,7 @@ "type": "uses" }, { - "dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -29330,12 +29239,103 @@ ], "type": "uses" }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "fde19a18-e502-467f-be14-58c71b4e7f4b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "6eded342-33e5-4451-b6b2-e1c62863129f", @@ -29347,8 +29347,8 @@ "external_id": "G0124", "refs": [ "https://attack.mitre.org/groups/G0124", - "https://www.welivesecurity.com/2014/03/18/operation-windigo-the-vivisection-of-a-large-linux-server-side-credential-stealing-malware-campaign/", - "https://security.web.cern.ch/advisories/windigo/windigo.shtml" + "https://security.web.cern.ch/advisories/windigo/windigo.shtml", + "https://www.welivesecurity.com/2014/03/18/operation-windigo-the-vivisection-of-a-large-linux-server-side-credential-stealing-malware-campaign/" ], "synonyms": [ "Windigo" @@ -29356,7 +29356,7 @@ }, "related": [ { - "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -29370,7 +29370,21 @@ "type": "uses" }, { - "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", + "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -29391,21 +29405,7 @@ "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -29421,8 +29421,8 @@ "external_id": "G0125", "refs": [ "https://attack.mitre.org/groups/G0125", - "https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/", - "https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/" + "https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/", + "https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/" ], "synonyms": [ "HAFNIUM", @@ -29430,48 +29430,6 @@ ] }, "related": [ - { - "dest-uuid": "79da0971-3147-4af6-a4f5-e8cd447cd795", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9d48cab2-7929-4812-ad22-f536665f0109", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "774ad5bb-2366-4c13-a8a9-65e50b292e7c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ @@ -29480,14 +29438,14 @@ "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -29508,28 +29466,7 @@ "type": "uses" }, { - "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "fdc47f44-dd32-4b99-af5f-209f556f63c2", + "dest-uuid": "56f46b17-8cfa-46c0-b501-dd52fef394e2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -29543,35 +29480,7 @@ "type": "uses" }, { - "dest-uuid": "7610cada-1499-41a4-b3dd-46467b68d177", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "69f897fd-12a9-4c89-ad6a-46d2f3c38262", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a", + "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -29585,7 +29494,84 @@ "type": "uses" }, { - "dest-uuid": "56f46b17-8cfa-46c0-b501-dd52fef394e2", + "dest-uuid": "69f897fd-12a9-4c89-ad6a-46d2f3c38262", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7610cada-1499-41a4-b3dd-46467b68d177", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "774ad5bb-2366-4c13-a8a9-65e50b292e7c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "79da0971-3147-4af6-a4f5-e8cd447cd795", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9d48cab2-7929-4812-ad22-f536665f0109", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -29597,6 +29583,20 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "fdc47f44-dd32-4b99-af5f-209f556f63c2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "2688b13e-8e71-405a-9c40-0dee94bddf87", @@ -29609,8 +29609,8 @@ "refs": [ "https://attack.mitre.org/groups/G0126", "https://blog.malwarebytes.com/threat-analysis/2020/06/higaisa/", - "https://www.zscaler.com/blogs/security-research/return-higaisa-apt", - "https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/covid-19-and-new-year-greetings-the-higaisa-group/" + "https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/covid-19-and-new-year-greetings-the-higaisa-group/", + "https://www.zscaler.com/blogs/security-research/return-higaisa-apt" ], "synonyms": [ "Higaisa" @@ -29618,7 +29618,7 @@ }, "related": [ { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -29631,13 +29631,6 @@ ], "type": "uses" }, - { - "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "tags": [ @@ -29645,34 +29638,6 @@ ], "type": "uses" }, - { - "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ @@ -29681,14 +29646,7 @@ "type": "uses" }, { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -29702,70 +29660,21 @@ "type": "uses" }, { - "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c325b232-d5bc-4dde-a3ec-71f3db9e8adc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "88c621a7-aef9-4ae0-94e3-1fc87123eb24", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ebbe170d-aa74-4946-8511-9921243415a3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -29779,7 +29688,21 @@ "type": "uses" }, { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -29793,7 +29716,21 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "88c621a7-aef9-4ae0-94e3-1fc87123eb24", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -29807,14 +29744,77 @@ "type": "uses" }, { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c325b232-d5bc-4dde-a3ec-71f3db9e8adc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ebbe170d-aa74-4946-8511-9921243415a3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -29840,21 +29840,49 @@ }, "related": [ { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -29875,7 +29903,14 @@ "type": "uses" }, { - "dest-uuid": "cca0ccb6-a068-4574-a722-b1556f86833a", + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -29889,91 +29924,14 @@ "type": "uses" }, { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -29986,13 +29944,6 @@ ], "type": "uses" }, - { - "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", "tags": [ @@ -30001,7 +29952,49 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cca0ccb6-a068-4574-a722-b1556f86833a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -30013,6 +30006,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "4283ae19-69c7-4347-a35e-b56f08eb660b", @@ -30032,28 +30032,7 @@ }, "related": [ { - "dest-uuid": "7807d3a4-a885-4639-a786-c1ed41484970", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -30067,7 +30046,14 @@ "type": "uses" }, { - "dest-uuid": "b63970b7-ddfb-4aee-97b1-80d335e033a8", + "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -30081,35 +30067,7 @@ "type": "uses" }, { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -30122,6 +30080,20 @@ ], "type": "uses" }, + { + "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7807d3a4-a885-4639-a786-c1ed41484970", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", "tags": [ @@ -30130,14 +30102,14 @@ "type": "uses" }, { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -30150,6 +30122,27 @@ ], "type": "uses" }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b63970b7-ddfb-4aee-97b1-80d335e033a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "da04ac30-27da-4959-a67d-450ce47d9470", "tags": [ @@ -30158,14 +30151,21 @@ "type": "uses" }, { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -30181,9 +30181,9 @@ "external_id": "G0136", "refs": [ "https://attack.mitre.org/groups/G0136", - "https://thehackernews.com/2021/07/indigozebra-apt-hacking-campaign.html", "https://research.checkpoint.com/2021/indigozebra-apt-continues-to-attack-central-asia-with-evolving-tools/", - "https://securelist.com/apt-trends-report-q2-2017/79332/" + "https://securelist.com/apt-trends-report-q2-2017/79332/", + "https://thehackernews.com/2021/07/indigozebra-apt-hacking-campaign.html" ], "synonyms": [ "IndigoZebra" @@ -30191,35 +30191,7 @@ }, "related": [ { - "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "919a056e-5104-43b9-ad55-2ac929108b71", + "dest-uuid": "21583311-6321-4891-8a37-3eb4e57b0fb1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -30233,14 +30205,42 @@ "type": "uses" }, { - "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "919a056e-5104-43b9-ad55-2ac929108b71", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -30254,7 +30254,7 @@ "type": "uses" }, { - "dest-uuid": "21583311-6321-4891-8a37-3eb4e57b0fb1", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -30269,13 +30269,13 @@ "meta": { "external_id": "G0138", "refs": [ - "https://attack.mitre.org/groups/G0138", - "https://www.fsec.or.kr/user/bbs/fsec/163/344/bbsDataView/1680.do", - "http://www.issuemakerslab.com/research3/", "http://download.ahnlab.com/global/brochure/[Analysis]Andariel_Group.pdf", - "https://www.trendmicro.com/en_us/research/18/g/new-andariel-reconnaissance-tactics-hint-at-next-targets.html", + "http://www.issuemakerslab.com/research3/", "https://adversary.crowdstrike.com/en-US/adversary/silent-chollima/", - "https://home.treasury.gov/news/press-releases/sm774" + "https://attack.mitre.org/groups/G0138", + "https://home.treasury.gov/news/press-releases/sm774", + "https://www.fsec.or.kr/user/bbs/fsec/163/344/bbsDataView/1680.do", + "https://www.trendmicro.com/en_us/research/18/g/new-andariel-reconnaissance-tactics-hint-at-next-targets.html" ], "synonyms": [ "Andariel", @@ -30283,6 +30283,62 @@ ] }, "related": [ + { + "dest-uuid": "0dda99f0-4701-48ca-9774-8504922e92d3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "44c75271-0e4d-496f-ae0a-a6d883a42a65", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7807d3a4-a885-4639-a786-c1ed41484970", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "88c621a7-aef9-4ae0-94e3-1fc87123eb24", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ @@ -30297,41 +30353,6 @@ ], "type": "uses" }, - { - "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "44c75271-0e4d-496f-ae0a-a6d883a42a65", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "88c621a7-aef9-4ae0-94e3-1fc87123eb24", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ @@ -30339,13 +30360,6 @@ ], "type": "uses" }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", "tags": [ @@ -30354,28 +30368,14 @@ "type": "uses" }, { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "7807d3a4-a885-4639-a786-c1ed41484970", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0dda99f0-4701-48ca-9774-8504922e92d3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -30391,14 +30391,14 @@ "external_id": "G0139", "refs": [ "https://attack.mitre.org/groups/G0139", + "https://blog.aquasec.com/container-security-tnt-container-attack", "https://cybersecurity.att.com/blogs/labs-research/teamtnt-with-new-campaign-aka-chimaera", - "https://www.cadosecurity.com/team-tnt-the-first-crypto-mining-worm-to-steal-aws-credentials/", - "https://unit42.paloaltonetworks.com/hildegard-malware-teamtnt/", "https://documents.trendmicro.com/assets/white_papers/wp-tracking-the-activities-of-teamTNT.pdf", + "https://unit42.paloaltonetworks.com/black-t-cryptojacking-variant/", + "https://unit42.paloaltonetworks.com/hildegard-malware-teamtnt/", + "https://www.cadosecurity.com/team-tnt-the-first-crypto-mining-worm-to-steal-aws-credentials/", "https://www.intezer.com/blog/cloud-security/attackers-abusing-legitimate-cloud-monitoring-tools-to-conduct-cyber-attacks/", "https://www.intezer.com/wp-content/uploads/2021/09/TeamTNT-Cryptomining-Explosion.pdf", - "https://blog.aquasec.com/container-security-tnt-container-attack", - "https://unit42.paloaltonetworks.com/black-t-cryptojacking-variant/", "https://www.lacework.com/blog/taking-teamtnt-docker-images-offline/" ], "synonyms": [ @@ -30406,6 +30406,202 @@ ] }, "related": [ + { + "dest-uuid": "0470e792-32f8-46b0-a351-652bc35e9336", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "09b130a2-a77e-4af0-a361-f46f9aad1345", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "19bf235b-8620-4997-b5b4-94e0659ed7c3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "212306d8-efa4-44c9-8c2d-ed3d2e224aa0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2bce5b30-7014-4a5d-ade7-12913fe6ac36", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3aef9463-9a7a-43ba-8957-a867e07c1e6a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ee16395-03f0-4690-a32e-69ce9ada0f9e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "40a1b8ec-7295-416c-a6b1-68181d86f120", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4a5b7ade-8bb5-4853-84ed-23f262002665", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "56e0d8b8-3e25-49dd-9050-3aa252f5aa92", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5a33468d-844d-4b1f-98c9-0e786c556b27", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6b57dc31-b814-4a03-8706-28bc20d739c4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "79dd477a-8226-4b3d-ad15-28623675f221", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7b50a1d3-4ca7-45d1-989d-a6503f04bfe1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", "tags": [ @@ -30413,6 +30609,83 @@ ], "type": "uses" }, + { + "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b0c74ef9-c61e-4986-88cb-78da98a355ec", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b76b2d94-60e4-4107-a903-4a3a7622fb3b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cd25c1b4-935c-4f0e-ba8d-552f28bc4783", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ @@ -30427,160 +30700,6 @@ ], "type": "uses" }, - { - "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4a5b7ade-8bb5-4853-84ed-23f262002665", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09b130a2-a77e-4af0-a361-f46f9aad1345", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfefe2ed-4389-4318-8762-f0272b350a1b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ee16395-03f0-4690-a32e-69ce9ada0f9e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "40a1b8ec-7295-416c-a6b1-68181d86f120", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0470e792-32f8-46b0-a351-652bc35e9336", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "db8f5003-3b20-48f0-9b76-123e44208120", "tags": [ @@ -30588,104 +30707,6 @@ ], "type": "uses" }, - { - "dest-uuid": "2bce5b30-7014-4a5d-ade7-12913fe6ac36", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6b57dc31-b814-4a03-8706-28bc20d739c4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cd25c1b4-935c-4f0e-ba8d-552f28bc4783", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b0c74ef9-c61e-4986-88cb-78da98a355ec", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5a33468d-844d-4b1f-98c9-0e786c556b27", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b76b2d94-60e4-4107-a903-4a3a7622fb3b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "79dd477a-8226-4b3d-ad15-28623675f221", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", "tags": [ @@ -30694,49 +30715,28 @@ "type": "uses" }, { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "3aef9463-9a7a-43ba-8957-a867e07c1e6a", + "dest-uuid": "dfefe2ed-4389-4318-8762-f0272b350a1b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "7b50a1d3-4ca7-45d1-989d-a6503f04bfe1", + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "56e0d8b8-3e25-49dd-9050-3aa252f5aa92", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "212306d8-efa4-44c9-8c2d-ed3d2e224aa0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "19bf235b-8620-4997-b5b4-94e0659ed7c3", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -30747,5 +30747,5 @@ "value": "TeamTNT - G0139" } ], - "version": 24 + "version": 25 } diff --git a/clusters/mitre-malware.json b/clusters/mitre-malware.json index 0ec4873..9ae4aef 100644 --- a/clusters/mitre-malware.json +++ b/clusters/mitre-malware.json @@ -15,21 +15,14 @@ "external_id": "S0047", "mitre_platforms": [], "refs": [ - "https://attack.mitre.org/software/S0047", - "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-uses-uefi-bios-rootkit-to-keep-rcs-9-agent-in-target-systems/" + "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-uses-uefi-bios-rootkit-to-keep-rcs-9-agent-in-target-systems/", + "https://attack.mitre.org/software/S0047" ], "synonyms": [ "Hacking Team UEFI Rootkit" ] }, "related": [ - { - "dest-uuid": "6856ddd6-2df3-4379-8b87-284603c189c3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", "tags": [ @@ -43,6 +36,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "6856ddd6-2df3-4379-8b87-284603c189c3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "4b62ab58-c23b-4704-9c15-edd568cd59f8", @@ -71,13 +71,6 @@ ], "type": "similar" }, - { - "dest-uuid": "3e2c99f9-66cd-48be-86e9-d7c1c164d87c", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf", "tags": [ @@ -86,14 +79,21 @@ "type": "similar" }, { - "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", + "dest-uuid": "3e2c99f9-66cd-48be-86e9-d7c1c164d87c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", + "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -120,14 +120,7 @@ }, "related": [ { - "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", + "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -141,14 +134,35 @@ "type": "uses" }, { - "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", + "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -169,7 +183,7 @@ "type": "uses" }, { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -182,27 +196,6 @@ ], "type": "uses" }, - { - "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "c6a146ae-9c63-4606-97ff-e261e76e8380", "tags": [ @@ -211,7 +204,14 @@ "type": "uses" }, { - "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", + "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -238,14 +238,7 @@ }, "related": [ { - "dest-uuid": "2acf44aa-542f-4366-b4eb-55ef5747759c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -259,7 +252,7 @@ "type": "uses" }, { - "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", + "dest-uuid": "2acf44aa-542f-4366-b4eb-55ef5747759c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -272,13 +265,6 @@ ], "type": "uses" }, - { - "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "6831414d-bb70-42b7-8030-d4e06b2660c9", "tags": [ @@ -287,21 +273,14 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfefe2ed-4389-4318-8762-f0272b350a1b", + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -315,7 +294,28 @@ "type": "uses" }, { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfefe2ed-4389-4318-8762-f0272b350a1b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -342,14 +342,7 @@ }, "related": [ { - "dest-uuid": "451a9977-d255-43c9-b431-66de80130c8c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -363,21 +356,14 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "dest-uuid": "451a9977-d255-43c9-b431-66de80130c8c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -390,12 +376,26 @@ ], "type": "uses" }, + { + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "8787e86d-8475-4f13-acea-d33eb83b6105", @@ -417,6 +417,20 @@ ] }, "related": [ + { + "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "cde2cb84-455e-410c-8aa9-086f2788bcd2", "tags": [ @@ -437,20 +451,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "29944858-da52-4d3d-b428-f8a6eb8dde6f", @@ -464,12 +464,12 @@ "Windows" ], "refs": [ + "http://www.novetta.com/wp-content/uploads/2015/04/novetta_winntianalysis.pdf", + "https://401trg.github.io/pages/burning-umbrella.html", "https://attack.mitre.org/software/S0141", "https://blogs.technet.microsoft.com/mmpc/2017/01/25/detecting-threat-actors-in-recent-german-industrial-attacks-with-windows-defender-atp/", "https://medium.com/chronicle-blog/winnti-more-than-just-windows-and-gates-e4f03436031a", - "https://401trg.github.io/pages/burning-umbrella.html", - "https://securelist.com/winnti-more-than-just-a-game/37029/", - "http://www.novetta.com/wp-content/uploads/2015/04/novetta_winntianalysis.pdf" + "https://securelist.com/winnti-more-than-just-a-game/37029/" ], "synonyms": [ "Winnti for Windows" @@ -477,21 +477,7 @@ }, "related": [ { - "dest-uuid": "9b3a4cff-1c5a-4fd6-b49c-27240b6d622c", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "7f8166e2-c7f4-4b48-a07b-681b61a8f2c1", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -505,77 +491,7 @@ "type": "uses" }, { - "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f244b8dd-af6c-4391-a497-fc03627ce995", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -589,21 +505,14 @@ "type": "uses" }, { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -617,7 +526,14 @@ "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -631,7 +547,91 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7f8166e2-c7f4-4b48-a07b-681b61a8f2c1", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9b3a4cff-1c5a-4fd6-b49c-27240b6d622c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f244b8dd-af6c-4391-a497-fc03627ce995", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -649,9 +649,9 @@ "Android" ], "refs": [ + "https://android-developers.googleblog.com/2017/04/an-investigation-of-chrysaor-malware-on.html", "https://attack.mitre.org/software/S0316", - "https://blog.lookout.com/blog/2017/04/03/pegasus-android/", - "https://android-developers.googleblog.com/2017/04/an-investigation-of-chrysaor-malware-on.html" + "https://blog.lookout.com/blog/2017/04/03/pegasus-android/" ], "synonyms": [ "Pegasus for Android", @@ -660,11 +660,25 @@ }, "related": [ { - "dest-uuid": "9d7c772b-43f1-49cf-bc70-7a7cd2ed34c8", + "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", "tags": [ - "estimative-language:likelihood-probability=\"likely\"" + "estimative-language:likelihood-probability=\"almost-certain\"" ], - "type": "similar" + "type": "uses" + }, + { + "dest-uuid": "351c0927-2fc1-4a2c-ad84-cbbee7eb8172", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" }, { "dest-uuid": "52acea22-7d88-433c-99e6-8fef1657e3ad", @@ -673,13 +687,6 @@ ], "type": "similar" }, - { - "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "62adb627-f647-498e-b4cc-41499361bacb", "tags": [ @@ -688,7 +695,35 @@ "type": "uses" }, { - "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", + "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "702055ac-4e54-4ae9-9527-e23a38e0b160", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9d7c772b-43f1-49cf-bc70-7a7cd2ed34c8", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "b3c2e5de-0941-4b57-ba61-af029eb5517a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -709,49 +744,7 @@ "type": "uses" }, { - "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "351c0927-2fc1-4a2c-ad84-cbbee7eb8172", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3c2e5de-0941-4b57-ba61-af029eb5517a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "702055ac-4e54-4ae9-9527-e23a38e0b160", + "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -763,6 +756,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "93799a9d-3537-43d8-b6f4-17215de1657c", @@ -786,7 +786,7 @@ }, "related": [ { - "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -806,13 +806,6 @@ ], "type": "uses" }, - { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", "tags": [ @@ -820,13 +813,6 @@ ], "type": "uses" }, - { - "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "c6a146ae-9c63-4606-97ff-e261e76e8380", "tags": [ @@ -835,7 +821,7 @@ "type": "uses" }, { - "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -847,6 +833,20 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "2740eaf6-2db2-4a40-a63f-f5b166c7059c", @@ -861,28 +861,14 @@ ], "refs": [ "https://attack.mitre.org/software/S0289", - "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf", - "https://citizenlab.ca/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/" + "https://citizenlab.ca/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/", + "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf" ], "synonyms": [ "Pegasus for iOS" ] }, "related": [ - { - "dest-uuid": "9d7c772b-43f1-49cf-bc70-7a7cd2ed34c8", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "52acea22-7d88-433c-99e6-8fef1657e3ad", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "2d646840-f6f5-4619-a5a8-29c8316bbac5", "tags": [ @@ -890,41 +876,6 @@ ], "type": "uses" }, - { - "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3c2e5de-0941-4b57-ba61-af029eb5517a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "351c0927-2fc1-4a2c-ad84-cbbee7eb8172", "tags": [ @@ -933,7 +884,21 @@ "type": "uses" }, { - "dest-uuid": "fd339382-bfec-4bf0-8d47-1caedc9e7e57", + "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "52acea22-7d88-433c-99e6-8fef1657e3ad", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -946,6 +911,34 @@ ], "type": "uses" }, + { + "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9d7c772b-43f1-49cf-bc70-7a7cd2ed34c8", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "b3c2e5de-0941-4b57-ba61-af029eb5517a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "c5089859-b21f-40a3-8be4-63e381b8b1c0", "tags": [ @@ -961,14 +954,21 @@ "type": "uses" }, { - "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "fd339382-bfec-4bf0-8d47-1caedc9e7e57", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -995,7 +995,7 @@ }, "related": [ { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1009,7 +1009,14 @@ "type": "uses" }, { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1030,14 +1037,7 @@ "type": "uses" }, { - "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1057,8 +1057,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0598", - "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf", - "https://us-cert.cisa.gov/sites/default/files/publications/AR-17-20045_Enhanced_Analysis_of_GRIZZLY_STEPPE_Activity.pdf" + "https://us-cert.cisa.gov/sites/default/files/publications/AR-17-20045_Enhanced_Analysis_of_GRIZZLY_STEPPE_Activity.pdf", + "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf" ], "synonyms": [ "P.A.S. Webshell", @@ -1066,34 +1066,6 @@ ] }, "related": [ - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "09b130a2-a77e-4af0-a361-f46f9aad1345", "tags": [ @@ -1101,34 +1073,6 @@ ], "type": "uses" }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119", "tags": [ @@ -1137,14 +1081,21 @@ "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1157,6 +1108,55 @@ ], "type": "uses" }, + { + "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", "tags": [ @@ -1165,7 +1165,7 @@ "type": "uses" }, { - "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1184,11 +1184,11 @@ "macOS" ], "refs": [ - "https://attack.mitre.org/software/S0032", - "https://www.fireeye.com/blog/threat-research/2015/07/demonstrating_hustle.html", "http://www.novetta.com/wp-content/uploads/2014/11/Executive_Summary-Final_1.pdf", + "https://attack.mitre.org/software/S0032", "https://research.nccgroup.com/2018/04/17/decoding-network-data-from-a-gh0st-rat-variant/", - "https://www.arbornetworks.com/blog/asert/musical-chairs-playing-tetris/" + "https://www.arbornetworks.com/blog/asert/musical-chairs-playing-tetris/", + "https://www.fireeye.com/blog/threat-research/2015/07/demonstrating_hustle.html" ], "synonyms": [ "gh0st RAT", @@ -1198,112 +1198,7 @@ }, "related": [ { - "dest-uuid": "1b1ae63f-bcee-4aba-8994-6c60cee5e16f", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0a5231ec-41af-4a35-83d0-6bdf11f28c65", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "29ba5a15-3b7b-4732-b817-65ea8f6468e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b8902400-e6c5-4ba2-95aa-2d35b442b118", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1317,28 +1212,35 @@ "type": "uses" }, { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "dest-uuid": "0a5231ec-41af-4a35-83d0-6bdf11f28c65", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "dest-uuid": "1b1ae63f-bcee-4aba-8994-6c60cee5e16f", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1352,7 +1254,63 @@ "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "29ba5a15-3b7b-4732-b817-65ea8f6468e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1365,12 +1323,54 @@ ], "type": "uses" }, + { + "dest-uuid": "b8902400-e6c5-4ba2-95aa-2d35b442b118", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "88c621a7-aef9-4ae0-94e3-1fc87123eb24", @@ -1386,9 +1386,9 @@ "refs": [ "https://attack.mitre.org/software/S0020", "https://us-cert.cisa.gov/ncas/alerts/aa21-200a", - "https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage", + "https://www.fireeye.com/blog/threat-research/2013/08/breaking-down-the-china-chopper-web-shell-part-i.html", "https://www.fireeye.com/blog/threat-research/2018/03/suspected-chinese-espionage-group-targeting-maritime-and-engineering-industries.html", - "https://www.fireeye.com/blog/threat-research/2013/08/breaking-down-the-china-chopper-web-shell-part-i.html" + "https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage" ], "synonyms": [ "China Chopper" @@ -1396,35 +1396,7 @@ }, "related": [ { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1438,7 +1410,28 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1452,14 +1445,21 @@ "type": "uses" }, { - "dest-uuid": "09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1504,8 +1504,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0016", - "http://www.secureworks.com/cyber-threat-intelligence/threats/The_Lifecycle_of_Peer_to_Peer_Gameover_ZeuS/" + "http://www.secureworks.com/cyber-threat-intelligence/threats/The_Lifecycle_of_Peer_to_Peer_Gameover_ZeuS/", + "https://attack.mitre.org/software/S0016" ], "synonyms": [ "P2P ZeuS", @@ -1541,13 +1541,6 @@ ] }, "related": [ - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ @@ -1570,7 +1563,7 @@ "type": "uses" }, { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1584,7 +1577,14 @@ "type": "uses" }, { - "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1618,14 +1618,14 @@ }, "related": [ { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "cc89ecbd-3d33-4a41-bcca-001e702d18fd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "cc89ecbd-3d33-4a41-bcca-001e702d18fd", + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1659,13 +1659,6 @@ ] }, "related": [ - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ @@ -1673,97 +1666,6 @@ ], "type": "uses" }, - { - "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f5946b5e-9408-485f-a7f7-b5efc88909b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "806a49c4-970d-43f9-9acc-ac0ee11e6662", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ @@ -1772,14 +1674,70 @@ "type": "uses" }, { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "806a49c4-970d-43f9-9acc-ac0ee11e6662", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1792,13 +1750,6 @@ ], "type": "uses" }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "c1b68a96-3c48-49ea-a6c0-9b27359f9c19", "tags": [ @@ -1807,7 +1758,56 @@ "type": "uses" }, { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f5946b5e-9408-485f-a7f7-b5efc88909b6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1833,6 +1833,20 @@ ] }, "related": [ + { + "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", "tags": [ @@ -1847,20 +1861,6 @@ ], "type": "uses" }, - { - "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", "tags": [ @@ -1869,7 +1869,7 @@ "type": "uses" }, { - "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1887,14 +1887,28 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0066", - "http://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf" + "http://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf", + "https://attack.mitre.org/software/S0066" ], "synonyms": [ "3PARA RAT" ] }, "related": [ + { + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "59fb0222-0e7d-4f5f-92ac-e68012fb927d", "tags": [ @@ -1915,20 +1929,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "7bec698a-7e20-4fd3-bb6a-12787770fb1a", @@ -1950,55 +1950,6 @@ ] }, "related": [ - { - "dest-uuid": "351c0927-2fc1-4a2c-ad84-cbbee7eb8172", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f981d199-2720-467e-9dc9-eea04dbe05cf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8e27551a-5080-4148-a584-c64348212e4f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "fd658820-cbba-4c95-8ac9-0fac6b1099e2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d3bc5020-f6a2-41c0-8ccb-5e563101b60c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", "tags": [ @@ -2013,12 +1964,61 @@ ], "type": "uses" }, + { + "dest-uuid": "351c0927-2fc1-4a2c-ad84-cbbee7eb8172", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "8e27551a-5080-4148-a584-c64348212e4f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d3bc5020-f6a2-41c0-8ccb-5e563101b60c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f981d199-2720-467e-9dc9-eea04dbe05cf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "fd658820-cbba-4c95-8ac9-0fac6b1099e2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "a6228601-03f6-4949-ae22-c1087627a637", @@ -2032,8 +2032,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0065", - "http://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf" + "http://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf", + "https://attack.mitre.org/software/S0065" ], "synonyms": [ "4H RAT" @@ -2041,28 +2041,7 @@ }, "related": [ { - "dest-uuid": "d8aad68d-a68f-42e1-b755-d5f383b73401", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2076,14 +2055,35 @@ "type": "uses" }, { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d8aad68d-a68f-42e1-b755-d5f383b73401", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2109,13 +2109,6 @@ ] }, "related": [ - { - "dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", "tags": [ @@ -2124,49 +2117,7 @@ "type": "uses" }, { - "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3c2e5de-0941-4b57-ba61-af029eb5517a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "702055ac-4e54-4ae9-9527-e23a38e0b160", + "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2179,6 +2130,20 @@ ], "type": "uses" }, + { + "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "702055ac-4e54-4ae9-9527-e23a38e0b160", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "8e27551a-5080-4148-a584-c64348212e4f", "tags": [ @@ -2187,7 +2152,21 @@ "type": "uses" }, { - "dest-uuid": "e3b936a4-6321-4172-9114-038a866362ec", + "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b327a9c0-e709-495c-aa6e-00b042136e2b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3c2e5de-0941-4b57-ba61-af029eb5517a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2207,33 +2186,54 @@ ], "type": "uses" }, + { + "dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3b936a4-6321-4172-9114-038a866362ec", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "fd658820-cbba-4c95-8ac9-0fac6b1099e2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b327a9c0-e709-495c-aa6e-00b042136e2b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "3271c107-92c4-442e-9506-e76d62230ee8", @@ -2264,14 +2264,14 @@ "type": "similar" }, { - "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", + "dest-uuid": "1d24cdee-9ea2-4189-b08e-af110bf2435d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2285,7 +2285,7 @@ "type": "uses" }, { - "dest-uuid": "1d24cdee-9ea2-4189-b08e-af110bf2435d", + "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2305,8 +2305,8 @@ "refs": [ "https://attack.mitre.org/software/S0606", "https://securelist.com/bad-rabbit-ransomware/82851/", - "https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back/", - "https://www.dragos.com/blog/industry-news/implications-of-it-ransomware-for-ics-environments/" + "https://www.dragos.com/blog/industry-news/implications-of-it-ransomware-for-ics-environments/", + "https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back/" ], "synonyms": [ "Bad Rabbit", @@ -2315,63 +2315,7 @@ }, "related": [ { - "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2385,7 +2329,7 @@ "type": "uses" }, { - "dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c", + "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2398,6 +2342,41 @@ ], "type": "uses" }, + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ @@ -2406,14 +2385,35 @@ "type": "uses" }, { - "dest-uuid": "f5bb433e-bdf6-4781-84bc-35e97e43be89", + "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f5bb433e-bdf6-4781-84bc-35e97e43be89", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2435,8 +2435,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0690", - "https://securelist.com/unraveling-the-lamberts-toolkit/77990/", - "https://objective-see.com/blog/blog_0x68.html" + "https://objective-see.com/blog/blog_0x68.html", + "https://securelist.com/unraveling-the-lamberts-toolkit/77990/" ], "synonyms": [ "Green Lambert" @@ -2444,14 +2444,7 @@ }, "related": [ { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", + "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2465,21 +2458,7 @@ "type": "uses" }, { - "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "84601337-6a55-4ad7-9c35-79e0d1ea2ab3", + "dest-uuid": "1eaebf46-e361-4437-bc23-d5d65a3b92e3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2493,7 +2472,21 @@ "type": "uses" }, { - "dest-uuid": "1eaebf46-e361-4437-bc23-d5d65a3b92e3", + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "573ad264-1371-4ae0-8482-d2673b719dba", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2507,28 +2500,21 @@ "type": "uses" }, { - "dest-uuid": "dca670cf-eeec-438f-8185-fd959d9ef211", + "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "dest-uuid": "84601337-6a55-4ad7-9c35-79e0d1ea2ab3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2541,6 +2527,13 @@ ], "type": "uses" }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b63a34e8-0a61-4c97-a23b-bf8a2ed812e2", "tags": [ @@ -2556,14 +2549,21 @@ "type": "uses" }, { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "573ad264-1371-4ae0-8482-d2673b719dba", + "dest-uuid": "dca670cf-eeec-438f-8185-fd959d9ef211", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2590,14 +2590,14 @@ }, "related": [ { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2611,7 +2611,7 @@ "type": "uses" }, { - "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2630,11 +2630,11 @@ ], "refs": [ "https://attack.mitre.org/software/S0331", - "https://www.fortinet.com/blog/threat-research/analysis-of-new-agent-tesla-spyware-variant.html", - "https://labs.bitdefender.com/2020/04/oil-gas-spearphishing-campaigns-drop-agent-tesla-spyware-in-advance-of-historic-opec-deal/", "https://blog.malwarebytes.com/threat-analysis/2020/04/new-agenttesla-variant-steals-wifi-credentials/", "https://blog.talosintelligence.com/2018/10/old-dog-new-tricks-analysing-new-rtf_15.html", - "https://www.digitrustgroup.com/agent-tesla-keylogger/" + "https://labs.bitdefender.com/2020/04/oil-gas-spearphishing-campaigns-drop-agent-tesla-spyware-in-advance-of-historic-opec-deal/", + "https://www.digitrustgroup.com/agent-tesla-keylogger/", + "https://www.fortinet.com/blog/threat-research/analysis-of-new-agent-tesla-spyware-variant.html" ], "synonyms": [ "Agent Tesla" @@ -2642,14 +2642,14 @@ }, "related": [ { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2663,7 +2663,14 @@ "type": "uses" }, { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2677,14 +2684,203 @@ "type": "uses" }, { - "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", + "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "341e222a-a6e3-4f6f-b69c-831d792b1580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "544b0346-29ad-41e1-a808-501bb4193f47", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "82caa33e-d11a-433a-94ea-9b5a5fbef81d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c48a67ee-b657-45c1-91bf-6cdbe27205f8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2703,202 +2899,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "544b0346-29ad-41e1-a808-501bb4193f47", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c48a67ee-b657-45c1-91bf-6cdbe27205f8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "82caa33e-d11a-433a-94ea-9b5a5fbef81d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "341e222a-a6e3-4f6f-b69c-831d792b1580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "e7a5229f-05eb-440e-b982-9a6d2b2b87c8", @@ -2922,181 +2922,6 @@ ] }, "related": [ - { - "dest-uuid": "ca9d3402-ada3-484d-876a-d717bd6e05f2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c3888c54-775d-4b2f-b759-75a2ececcbfd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8cdeb020-e31e-4f88-a582-f53dcfbda819", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b0533c6e-8fea-4788-874f-b799cacc4b92", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "544b0346-29ad-41e1-a808-501bb4193f47", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "68a0c5ed-bee2-4513-830d-5b0d650139bd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c325b232-d5bc-4dde-a3ec-71f3db9e8adc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "93591901-3172-4e94-abf8-6034ab26f44a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ @@ -3104,265 +2929,6 @@ ], "type": "uses" }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "79a47ad0-fc3b-4821-9f01-a026b1ddba21", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c8e87b83-edbb-48d4-9295-4974897525b7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "99709758-2b96-48f2-a68a-ad7fbd828091", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4eeaf8a9-c86b-4954-a663-9555fb406466", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "fdc47f44-dd32-4b99-af5f-209f556f63c2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4933e63b-9b77-476e-ab29-761bc5b7d15a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "86850eff-2729-40c3-b85e-c4af26da4a2d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ @@ -3370,20 +2936,6 @@ ], "type": "uses" }, - { - "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ @@ -3392,28 +2944,28 @@ "type": "uses" }, { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", + "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -3427,7 +2979,161 @@ "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4933e63b-9b77-476e-ab29-761bc5b7d15a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4eeaf8a9-c86b-4954-a663-9555fb406466", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "544b0346-29ad-41e1-a808-501bb4193f47", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -3439,6 +3145,300 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "68a0c5ed-bee2-4513-830d-5b0d650139bd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "79a47ad0-fc3b-4821-9f01-a026b1ddba21", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "86850eff-2729-40c3-b85e-c4af26da4a2d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8cdeb020-e31e-4f88-a582-f53dcfbda819", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "93591901-3172-4e94-abf8-6034ab26f44a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "99709758-2b96-48f2-a68a-ad7fbd828091", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b0533c6e-8fea-4788-874f-b799cacc4b92", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c325b232-d5bc-4dde-a3ec-71f3db9e8adc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c3888c54-775d-4b2f-b759-75a2ececcbfd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c8e87b83-edbb-48d4-9295-4974897525b7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ca9d3402-ada3-484d-876a-d717bd6e05f2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "fdc47f44-dd32-4b99-af5f-209f556f63c2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", @@ -3462,14 +3462,7 @@ }, "related": [ { - "dest-uuid": "e69f9836-873a-43d3-92a8-97ab783a4171", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336", + "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -3483,7 +3476,28 @@ "type": "uses" }, { - "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -3504,28 +3518,7 @@ "type": "uses" }, { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -3539,18 +3532,18 @@ "type": "uses" }, { - "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", + "dest-uuid": "e69f9836-873a-43d3-92a8-97ab783a4171", "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" + "estimative-language:likelihood-probability=\"likely\"" ], - "type": "uses" + "type": "similar" }, { "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", @@ -3558,6 +3551,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "54895630-efd2-4608-9c24-319de972a9eb", @@ -3572,8 +3572,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0519", - "https://www.mandiant.com/resources/synful-knock-acis", - "https://blogs.cisco.com/security/evolution-of-attacks-on-cisco-ios-devices" + "https://blogs.cisco.com/security/evolution-of-attacks-on-cisco-ios-devices", + "https://www.mandiant.com/resources/synful-knock-acis" ], "synonyms": [ "SYNful Knock" @@ -3588,14 +3588,14 @@ "type": "uses" }, { - "dest-uuid": "fa44a152-ac48-441e-a524-dd7b04b8adcd", + "dest-uuid": "d245808a-7086-4310-984a-a84aaaa43f8f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d245808a-7086-4310-984a-a84aaaa43f8f", + "dest-uuid": "fa44a152-ac48-441e-a524-dd7b04b8adcd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -3660,7 +3660,7 @@ "type": "uses" }, { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -3681,7 +3681,7 @@ "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -3717,18 +3717,46 @@ }, "related": [ { - "dest-uuid": "81f41bae-2ba9-4cec-9613-776be71645ca", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ - "estimative-language:likelihood-probability=\"likely\"" + "estimative-language:likelihood-probability=\"almost-certain\"" ], - "type": "similar" + "type": "uses" }, { - "dest-uuid": "ba91d713-c36e-4d98-9fb7-e16496a69eec", + "dest-uuid": "1e9eb839-294b-48cc-b0d3-c45555a2a004", "tags": [ - "estimative-language:likelihood-probability=\"likely\"" + "estimative-language:likelihood-probability=\"almost-certain\"" ], - "type": "similar" + "type": "uses" + }, + { + "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", @@ -3738,7 +3766,14 @@ "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "81f41bae-2ba9-4cec-9613-776be71645ca", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -3758,27 +3793,6 @@ ], "type": "uses" }, - { - "dest-uuid": "1e9eb839-294b-48cc-b0d3-c45555a2a004", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ @@ -3787,28 +3801,14 @@ "type": "uses" }, { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "dest-uuid": "ba91d713-c36e-4d98-9fb7-e16496a69eec", "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" + "estimative-language:likelihood-probability=\"likely\"" ], - "type": "uses" + "type": "similar" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -3822,7 +3822,7 @@ "type": "uses" }, { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -3848,6 +3848,13 @@ ] }, "related": [ + { + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", "tags": [ @@ -3856,7 +3863,7 @@ "type": "uses" }, { - "dest-uuid": "b63a34e8-0a61-4c97-a23b-bf8a2ed812e2", + "dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -3869,6 +3876,13 @@ ], "type": "uses" }, + { + "dest-uuid": "b63a34e8-0a61-4c97-a23b-bf8a2ed812e2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f", "tags": [ @@ -3876,20 +3890,6 @@ ], "type": "uses" }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", "tags": [ @@ -3918,7 +3918,14 @@ }, "related": [ { - "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", + "dest-uuid": "0d95940f-9583-4e0f-824c-a42c1be47fad", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -3931,34 +3938,6 @@ ], "type": "uses" }, - { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "fd339382-bfec-4bf0-8d47-1caedc9e7e57", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "62adb627-f647-498e-b4cc-41499361bacb", "tags": [ @@ -3974,14 +3953,28 @@ "type": "uses" }, { - "dest-uuid": "b3c2e5de-0941-4b57-ba61-af029eb5517a", + "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", + "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b327a9c0-e709-495c-aa6e-00b042136e2b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3c2e5de-0941-4b57-ba61-af029eb5517a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -3994,13 +3987,6 @@ ], "type": "uses" }, - { - "dest-uuid": "0d95940f-9583-4e0f-824c-a42c1be47fad", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6", "tags": [ @@ -4009,7 +3995,21 @@ "type": "uses" }, { - "dest-uuid": "b327a9c0-e709-495c-aa6e-00b042136e2b", + "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "fd339382-bfec-4bf0-8d47-1caedc9e7e57", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4038,7 +4038,7 @@ }, "related": [ { - "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "dest-uuid": "39dd7871-f59b-495f-a9a5-3cb8cc50c9b2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4052,14 +4052,7 @@ "type": "uses" }, { - "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4073,28 +4066,7 @@ "type": "uses" }, { - "dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "39dd7871-f59b-495f-a9a5-3cb8cc50c9b2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4107,6 +4079,20 @@ ], "type": "uses" }, + { + "dest-uuid": "b327a9c0-e709-495c-aa6e-00b042136e2b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6", "tags": [ @@ -4115,14 +4101,28 @@ "type": "uses" }, { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "b327a9c0-e709-495c-aa6e-00b042136e2b", + "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4148,27 +4148,6 @@ ] }, "related": [ - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ @@ -4184,21 +4163,7 @@ "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4211,6 +4176,20 @@ ], "type": "uses" }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ @@ -4219,14 +4198,14 @@ "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4240,7 +4219,28 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4259,8 +4259,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0572", - "https://www.clearskysec.com/wp-content/uploads/2021/01/Lebanese-Cedar-APT.pdf", - "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2015/03/20082004/volatile-cedar-technical-report.pdf" + "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2015/03/20082004/volatile-cedar-technical-report.pdf", + "https://www.clearskysec.com/wp-content/uploads/2021/01/Lebanese-Cedar-APT.pdf" ], "synonyms": [ "Caterpillar WebShell" @@ -4268,35 +4268,7 @@ }, "related": [ { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4310,42 +4282,7 @@ "type": "uses" }, { - "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4359,7 +4296,49 @@ "type": "uses" }, { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4371,6 +4350,27 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "751b77e6-af1f-483b-93fe-eddf17f92a64", @@ -4392,41 +4392,6 @@ ] }, "related": [ - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ @@ -4441,12 +4406,47 @@ ], "type": "uses" }, + { + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "aa1462a1-d065-416c-b354-bedd04998c7f", @@ -4469,21 +4469,7 @@ }, "related": [ { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4496,62 +4482,6 @@ ], "type": "uses" }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c726e0a2-a57a-4b7b-a973-d0f013246617", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "41868330-6ee2-4d0f-b743-9f2294c3c9b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ @@ -4559,34 +4489,6 @@ ], "type": "uses" }, - { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ @@ -4595,7 +4497,56 @@ "type": "uses" }, { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "41868330-6ee2-4d0f-b743-9f2294c3c9b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4608,6 +4559,13 @@ ], "type": "uses" }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ @@ -4615,6 +4573,34 @@ ], "type": "uses" }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c726e0a2-a57a-4b7b-a973-d0f013246617", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ @@ -4623,7 +4609,21 @@ "type": "uses" }, { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4650,42 +4650,7 @@ }, "related": [ { - "dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cf28ca46-1fd3-46b4-b1f6-ec0b72361848", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4698,6 +4663,27 @@ ], "type": "uses" }, + { + "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", "tags": [ @@ -4706,7 +4692,7 @@ "type": "uses" }, { - "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", + "dest-uuid": "cf28ca46-1fd3-46b4-b1f6-ec0b72361848", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4719,6 +4705,27 @@ ], "type": "uses" }, + { + "dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", "tags": [ @@ -4734,14 +4741,7 @@ "type": "uses" }, { - "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4769,35 +4769,14 @@ }, "related": [ { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "ff73aa03-0090-4464-83ac-f89e233c02bc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", + "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4811,14 +4790,14 @@ "type": "uses" }, { - "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", + "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4839,14 +4818,28 @@ "type": "uses" }, { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", + "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4860,7 +4853,14 @@ "type": "uses" }, { - "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", + "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ff73aa03-0090-4464-83ac-f89e233c02bc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4879,8 +4879,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0379", - "https://www.cylance.com/content/dam/cylance-web/en-us/resources/knowledge-center/resource-library/reports/WhiteCompanyOperationShaheenReport.pdf?_ga=2.161661948.1943296560.1555683782-1066572390.1555511517", - "https://cofense.com/upgrades-delivery-support-infrastructure-revenge-rat-malware-bigger-threat/" + "https://cofense.com/upgrades-delivery-support-infrastructure-revenge-rat-malware-bigger-threat/", + "https://www.cylance.com/content/dam/cylance-web/en-us/resources/knowledge-center/resource-library/reports/WhiteCompanyOperationShaheenReport.pdf?_ga=2.161661948.1943296560.1555683782-1066572390.1555511517" ], "synonyms": [ "Revenge RAT" @@ -4888,42 +4888,7 @@ }, "related": [ { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3b0e52ce-517a-4614-a523-1bd5deef6c5e", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4936,13 +4901,6 @@ ], "type": "uses" }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ @@ -4951,35 +4909,14 @@ "type": "uses" }, { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4993,14 +4930,7 @@ "type": "uses" }, { - "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5014,7 +4944,77 @@ "type": "uses" }, { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "dest-uuid": "3b0e52ce-517a-4614-a523-1bd5deef6c5e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5040,27 +5040,6 @@ ] }, "related": [ - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ @@ -5069,7 +5048,56 @@ "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5089,41 +5117,6 @@ ], "type": "uses" }, - { - "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ @@ -5132,14 +5125,21 @@ "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5158,8 +5158,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0648", - "https://www.esentire.com/security-advisories/notorious-cybercrime-gang-fin7-lands-malware-in-law-firm-using-fake-legal-complaint-against-jack-daniels-owner-brown-forman-inc", - "https://www.crowdstrike.com/blog/carbon-spider-embraces-big-game-hunting-part-1/" + "https://www.crowdstrike.com/blog/carbon-spider-embraces-big-game-hunting-part-1/", + "https://www.esentire.com/security-advisories/notorious-cybercrime-gang-fin7-lands-malware-in-law-firm-using-fake-legal-complaint-against-jack-daniels-owner-brown-forman-inc" ], "synonyms": [ "JSS Loader" @@ -5167,14 +5167,7 @@ }, "related": [ { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5187,6 +5180,20 @@ ], "type": "uses" }, + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ @@ -5194,26 +5201,19 @@ ], "type": "uses" }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "f559f945-eb8b-48b1-904c-68568deebed3", @@ -5236,7 +5236,14 @@ }, "related": [ { - "dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a", + "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5249,20 +5256,6 @@ ], "type": "uses" }, - { - "dest-uuid": "d1f1337e-aea7-454c-86bd-482a98ffaf62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "bd4d32f5-eed4-4018-a649-40b229dd1d69", "tags": [ @@ -5271,7 +5264,14 @@ "type": "uses" }, { - "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", + "dest-uuid": "d1f1337e-aea7-454c-86bd-482a98ffaf62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5298,70 +5298,7 @@ }, "related": [ { - "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "fd658820-cbba-4c95-8ac9-0fac6b1099e2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3dd58c80-4c2e-458c-9503-1b2cd273c4d2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "73c26732-6422-4081-8b63-6d0ae93d449e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bd4d32f5-eed4-4018-a649-40b229dd1d69", + "dest-uuid": "00290ac5-551e-44aa-bbd8-c4b913488a6d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5375,14 +5312,49 @@ "type": "uses" }, { - "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", + "dest-uuid": "3dd58c80-4c2e-458c-9503-1b2cd273c4d2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "73c26732-6422-4081-8b63-6d0ae93d449e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5396,7 +5368,14 @@ "type": "uses" }, { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5409,6 +5388,13 @@ ], "type": "uses" }, + { + "dest-uuid": "bd4d32f5-eed4-4018-a649-40b229dd1d69", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "cf28ca46-1fd3-46b4-b1f6-ec0b72361848", "tags": [ @@ -5417,14 +5403,7 @@ "type": "uses" }, { - "dest-uuid": "00290ac5-551e-44aa-bbd8-c4b913488a6d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5438,7 +5417,28 @@ "type": "uses" }, { - "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", + "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "fd658820-cbba-4c95-8ac9-0fac6b1099e2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5457,71 +5457,15 @@ ], "refs": [ "https://attack.mitre.org/software/S0687", - "https://www.trendmicro.com/en_us/research/22/c/cyclops-blink-sets-sights-on-asus-routers--.html", + "https://www.ncsc.gov.uk/files/Cyclops-Blink-Malware-Analysis-Report.pdf", "https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter", - "https://www.ncsc.gov.uk/files/Cyclops-Blink-Malware-Analysis-Report.pdf" + "https://www.trendmicro.com/en_us/research/22/c/cyclops-blink-sets-sights-on-asus-routers--.html" ], "synonyms": [ "Cyclops Blink" ] }, "related": [ - { - "dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "acd0ba37-7ba9-4cc5-ac61-796586cd856d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ @@ -5536,6 +5480,27 @@ ], "type": "uses" }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", "tags": [ @@ -5543,6 +5508,20 @@ ], "type": "uses" }, + { + "dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ @@ -5551,7 +5530,56 @@ "type": "uses" }, { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "dest-uuid": "791481f8-e96a-41be-b089-a088763083d4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "acd0ba37-7ba9-4cc5-ac61-796586cd856d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5572,42 +5600,14 @@ "type": "uses" }, { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "791481f8-e96a-41be-b089-a088763083d4", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5715,28 +5715,7 @@ }, "related": [ { - "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5750,28 +5729,21 @@ "type": "uses" }, { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5792,14 +5764,42 @@ "type": "uses" }, { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5826,35 +5826,7 @@ }, "related": [ { - "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5868,14 +5840,14 @@ "type": "uses" }, { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5901,6 +5873,34 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "66b1dcde-17a0-4c7b-95fa-b08d430c2131", @@ -5923,11 +5923,18 @@ }, "related": [ { - "dest-uuid": "d22a3e65-75e5-4970-b424-bdc06ec33dba", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ - "estimative-language:likelihood-probability=\"likely\"" + "estimative-language:likelihood-probability=\"almost-certain\"" ], - "type": "similar" + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", @@ -5936,6 +5943,13 @@ ], "type": "uses" }, + { + "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", "tags": [ @@ -5943,6 +5957,20 @@ ], "type": "uses" }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d22a3e65-75e5-4970-b424-bdc06ec33dba", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ @@ -5970,34 +5998,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "5967cc93-57c9-404a-8ffd-097edfa7bdfc", @@ -6009,8 +6009,8 @@ "external_id": "S0133", "mitre_platforms": [], "refs": [ - "https://attack.mitre.org/software/S0133", - "http://news.softpedia.com/news/cryptocurrency-mining-malware-discovered-targeting-seagate-nas-hard-drives-508119.shtml" + "http://news.softpedia.com/news/cryptocurrency-mining-malware-discovered-targeting-seagate-nas-hard-drives-508119.shtml", + "https://attack.mitre.org/software/S0133" ], "synonyms": [] }, @@ -6042,13 +6042,6 @@ ] }, "related": [ - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", "tags": [ @@ -6062,6 +6055,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "f931a0b9-0361-4b1b-bacf-955062c35746", @@ -6084,21 +6084,14 @@ }, "related": [ { - "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6111,62 +6104,6 @@ ], "type": "uses" }, - { - "dest-uuid": "677569f9-a8b0-459e-ab24-7f18091fa7bf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec", "tags": [ @@ -6174,13 +6111,6 @@ ], "type": "uses" }, - { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ @@ -6189,35 +6119,14 @@ "type": "uses" }, { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "86850eff-2729-40c3-b85e-c4af26da4a2d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6230,6 +6139,69 @@ ], "type": "uses" }, + { + "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "677569f9-a8b0-459e-ab24-7f18091fa7bf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "86850eff-2729-40c3-b85e-c4af26da4a2d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ @@ -6238,7 +6210,35 @@ "type": "uses" }, { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6264,6 +6264,13 @@ ] }, "related": [ + { + "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", "tags": [ @@ -6278,20 +6285,6 @@ ], "type": "uses" }, - { - "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3c2e5de-0941-4b57-ba61-af029eb5517a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", "tags": [ @@ -6307,7 +6300,7 @@ "type": "uses" }, { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "dest-uuid": "b3c2e5de-0941-4b57-ba61-af029eb5517a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6319,6 +6312,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "d05f7357-4cbe-47ea-bf83-b8604226d533", @@ -6347,6 +6347,13 @@ ], "type": "uses" }, + { + "dest-uuid": "9d7c32f4-ab39-49dc-8055-8106bc2294a1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", "tags": [ @@ -6361,13 +6368,6 @@ ], "type": "uses" }, - { - "dest-uuid": "9d7c32f4-ab39-49dc-8055-8106bc2294a1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", "tags": [ @@ -6395,20 +6395,6 @@ ] }, "related": [ - { - "dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", "tags": [ @@ -6416,34 +6402,6 @@ ], "type": "uses" }, - { - "dest-uuid": "bd4d32f5-eed4-4018-a649-40b229dd1d69", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "fd658820-cbba-4c95-8ac9-0fac6b1099e2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "786f488c-cb1f-4602-89c5-86d982ee326b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", "tags": [ @@ -6452,7 +6410,21 @@ "type": "uses" }, { - "dest-uuid": "f981d199-2720-467e-9dc9-eea04dbe05cf", + "dest-uuid": "786f488c-cb1f-4602-89c5-86d982ee326b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bd4d32f5-eed4-4018-a649-40b229dd1d69", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6464,6 +6436,34 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f981d199-2720-467e-9dc9-eea04dbe05cf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "fd658820-cbba-4c95-8ac9-0fac6b1099e2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "f7e7b736-2cff-4c2a-9232-352cd383463a", @@ -6477,8 +6477,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0001", - "http://www.symantec.com/connect/blogs/bios-threat-showing-again" + "http://www.symantec.com/connect/blogs/bios-threat-showing-again", + "https://attack.mitre.org/software/S0001" ], "synonyms": [ "Trojan.Mebromi" @@ -6511,14 +6511,21 @@ "Android" ], "refs": [ - "https://attack.mitre.org/software/S0310", - "http://blog.trendmicro.com/trendlabs-security-intelligence/android-malware-uses-blog-posts-as-cc/" + "http://blog.trendmicro.com/trendlabs-security-intelligence/android-malware-uses-blog-posts-as-cc/", + "https://attack.mitre.org/software/S0310" ], "synonyms": [ "ANDROIDOS_ANSERVER.A" ] }, "related": [ + { + "dest-uuid": "c6a146ae-9c63-4606-97ff-e261e76e8380", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", "tags": [ @@ -6532,13 +6539,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "c6a146ae-9c63-4606-97ff-e261e76e8380", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "4bf6ba32-4165-42c1-b911-9c36165891c8", @@ -6560,6 +6560,13 @@ ] }, "related": [ + { + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b", "tags": [ @@ -6568,14 +6575,7 @@ "type": "uses" }, { - "dest-uuid": "a3e1e6c5-9c74-4fc0-a16c-a9d228c17829", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6589,7 +6589,7 @@ "type": "uses" }, { - "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", + "dest-uuid": "a3e1e6c5-9c74-4fc0-a16c-a9d228c17829", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6615,9 +6615,9 @@ ], "refs": [ "https://attack.mitre.org/software/S0093", - "https://vblocalhost.com/uploads/VB2021-Slowik.pdf", + "https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=7382dce7-0260-4782-84cc-890971ed3f17&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments", "https://docs.broadcom.com/doc/dragonfly_threat_against_western_energy_suppliers", - "https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=7382dce7-0260-4782-84cc-890971ed3f17&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments" + "https://vblocalhost.com/uploads/VB2021-Slowik.pdf" ], "synonyms": [ "Backdoor.Oldrea", @@ -6626,14 +6626,49 @@ }, "related": [ { - "dest-uuid": "d7183f66-59ec-4803-be20-237b442259fc", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ - "estimative-language:likelihood-probability=\"likely\"" + "estimative-language:likelihood-probability=\"almost-certain\"" ], - "type": "similar" + "type": "uses" }, { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4bc31b94-045b-4752-8920-aebaebdb6470", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6653,55 +6688,6 @@ ], "type": "uses" }, - { - "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ @@ -6710,14 +6696,7 @@ "type": "uses" }, { - "dest-uuid": "4bc31b94-045b-4752-8920-aebaebdb6470", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6730,6 +6709,27 @@ ], "type": "uses" }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d7183f66-59ec-4803-be20-237b442259fc", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", "tags": [ @@ -6738,7 +6738,7 @@ "type": "uses" }, { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6757,9 +6757,9 @@ ], "refs": [ "https://attack.mitre.org/software/S0094", + "https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=7382dce7-0260-4782-84cc-890971ed3f17&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments", "https://www.dragos.com/threat/dymalloy/", - "https://www.secureworks.com/research/updated-karagany-malware-targets-energy-sector", - "https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=7382dce7-0260-4782-84cc-890971ed3f17&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments" + "https://www.secureworks.com/research/updated-karagany-malware-targets-energy-sector" ], "synonyms": [ "Trojan.Karagany", @@ -6769,14 +6769,7 @@ }, "related": [ { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6790,7 +6783,7 @@ "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6803,27 +6796,6 @@ ], "type": "uses" }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ @@ -6832,14 +6804,14 @@ "type": "uses" }, { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6853,35 +6825,7 @@ "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6902,7 +6846,42 @@ "type": "uses" }, { - "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6921,6 +6900,27 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "82cb34ba-02b5-432b-b2d2-07f55cbf674d", @@ -6945,77 +6945,7 @@ }, "related": [ { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d10cbd34-42e3-45c0-84d2-535a09849584", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "31a0a2ac-c67c-4a7e-b9ed-6a96477d4e8e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "dest-uuid": "09b130a2-a77e-4af0-a361-f46f9aad1345", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7028,6 +6958,20 @@ ], "type": "uses" }, + { + "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "31a0a2ac-c67c-4a7e-b9ed-6a96477d4e8e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ @@ -7036,28 +6980,14 @@ "type": "uses" }, { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09b130a2-a77e-4af0-a361-f46f9aad1345", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", + "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7070,6 +7000,62 @@ ], "type": "uses" }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d10cbd34-42e3-45c0-84d2-535a09849584", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ @@ -7077,12 +7063,26 @@ ], "type": "uses" }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "b00f90b6-c75c-4bfd-b813-ca9e6c9ebf29", @@ -7097,11 +7097,11 @@ ], "refs": [ "https://attack.mitre.org/software/S0402", + "https://blog.malwarebytes.com/threat-analysis/2018/04/new-crossrider-variant-installs-configuration-profiles-on-macs/", "https://www.carbonblack.com/2019/02/12/tau-threat-intelligence-notification-new-macos-malware-variant-of-shlayer-osx-discovered/", - "https://www.intego.com/mac-security-blog/osxshlayer-new-mac-malware-comes-out-of-its-shell/", - "https://www.sentinelone.com/blog/coming-out-of-your-shell-from-shlayer-to-zshlayer/", "https://www.intego.com/mac-security-blog/new-osxshlayer-malware-variant-found-using-a-dirty-new-trick/", - "https://blog.malwarebytes.com/threat-analysis/2018/04/new-crossrider-variant-installs-configuration-profiles-on-macs/" + "https://www.intego.com/mac-security-blog/osxshlayer-new-mac-malware-comes-out-of-its-shell/", + "https://www.sentinelone.com/blog/coming-out-of-your-shell-from-shlayer-to-zshlayer/" ], "synonyms": [ "OSX/Shlayer", @@ -7110,62 +7110,6 @@ ] }, "related": [ - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "389735f1-f21c-4208-b8f0-f8031e7169b8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "31a0a2ac-c67c-4a7e-b9ed-6a96477d4e8e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "22905430-4901-4c2a-84f6-98243cb173f8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "09b130a2-a77e-4af0-a361-f46f9aad1345", "tags": [ @@ -7173,13 +7117,6 @@ ], "type": "uses" }, - { - "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ @@ -7188,7 +7125,21 @@ "type": "uses" }, { - "dest-uuid": "b84903f0-c7d5-435d-a69e-de47cc3578c0", + "dest-uuid": "22905430-4901-4c2a-84f6-98243cb173f8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "31a0a2ac-c67c-4a7e-b9ed-6a96477d4e8e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7200,6 +7151,55 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "389735f1-f21c-4208-b8f0-f8031e7169b8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b84903f0-c7d5-435d-a69e-de47cc3578c0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "f1314e75-ada8-49f4-b281-b1fb8b48f2a7", @@ -7213,9 +7213,9 @@ "Windows" ], "refs": [ + "http://researchcenter.paloaltonetworks.com/2016/02/t9000-advanced-modular-backdoor-uses-complex-anti-analysis-techniques/", "https://attack.mitre.org/software/S0098", - "https://www.fireeye.com/blog/threat-research/2014/03/spear-phishing-the-news-cycle-apt-actors-leverage-interest-in-the-disappearance-of-malaysian-flight-mh-370.html", - "http://researchcenter.paloaltonetworks.com/2016/02/t9000-advanced-modular-backdoor-uses-complex-anti-analysis-techniques/" + "https://www.fireeye.com/blog/threat-research/2014/03/spear-phishing-the-news-cycle-apt-actors-leverage-interest-in-the-disappearance-of-malaysian-flight-mh-370.html" ], "synonyms": [ "T9000" @@ -7223,21 +7223,21 @@ }, "related": [ { - "dest-uuid": "66575fb4-7f92-42d8-8c47-e68a26413081", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7250,34 +7250,6 @@ ], "type": "uses" }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cc89ecbd-3d33-4a41-bcca-001e702d18fd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", "tags": [ @@ -7293,14 +7265,28 @@ "type": "uses" }, { - "dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "66575fb4-7f92-42d8-8c47-e68a26413081", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7314,7 +7300,21 @@ "type": "uses" }, { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "dest-uuid": "cc89ecbd-3d33-4a41-bcca-001e702d18fd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7340,6 +7340,13 @@ ] }, "related": [ + { + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "25cd01bc-1346-4415-8f8d-d3656309ef6b", "tags": [ @@ -7353,13 +7360,6 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" - }, - { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "67fc172a-36fa-4a35-88eb-4ba730ed52a6", @@ -7382,14 +7382,7 @@ }, "related": [ { - "dest-uuid": "2ae57534-6aac-4025-8d93-888dab112b45", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7403,7 +7396,14 @@ "type": "uses" }, { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "dest-uuid": "2ae57534-6aac-4025-8d93-888dab112b45", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7417,14 +7417,14 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7442,9 +7442,9 @@ "Windows" ], "refs": [ + "http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_dissecting-lurid-apt.pdf", "https://attack.mitre.org/software/S0010", - "https://www.fireeye.com/blog/threat-research/2014/07/spy-of-the-tiger.html", - "http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_dissecting-lurid-apt.pdf" + "https://www.fireeye.com/blog/threat-research/2014/07/spy-of-the-tiger.html" ], "synonyms": [ "Lurid", @@ -7452,6 +7452,13 @@ ] }, "related": [ + { + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "2a4cacb7-80a1-417e-8b9c-54b4089f35d9", "tags": [ @@ -7465,13 +7472,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "251fbae2-78f6-4de7-84f6-194c727a64ad", @@ -7494,21 +7494,14 @@ }, "related": [ { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6836813e-8ec8-4375-b459-abb388cb1a35", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7521,6 +7514,13 @@ ], "type": "uses" }, + { + "dest-uuid": "6836813e-8ec8-4375-b459-abb388cb1a35", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ @@ -7528,6 +7528,13 @@ ], "type": "uses" }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ @@ -7536,14 +7543,7 @@ "type": "uses" }, { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7561,8 +7561,8 @@ "Android" ], "refs": [ - "https://attack.mitre.org/software/S0300", - "http://blog.trendmicro.com/trendlabs-security-intelligence/dresscode-potential-impact-enterprises/" + "http://blog.trendmicro.com/trendlabs-security-intelligence/dresscode-potential-impact-enterprises/", + "https://attack.mitre.org/software/S0300" ], "synonyms": [ "DressCode" @@ -7600,49 +7600,14 @@ }, "related": [ { - "dest-uuid": "8c246ec4-eaa5-42c0-b137-29f28cbb6832", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "806a49c4-970d-43f9-9acc-ac0ee11e6662", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7656,7 +7621,7 @@ "type": "uses" }, { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7677,14 +7642,7 @@ "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7698,7 +7656,21 @@ "type": "uses" }, { - "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", + "dest-uuid": "806a49c4-970d-43f9-9acc-ac0ee11e6662", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8c246ec4-eaa5-42c0-b137-29f28cbb6832", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7712,14 +7684,14 @@ "type": "uses" }, { - "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7733,7 +7705,35 @@ "type": "uses" }, { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7766,6 +7766,13 @@ ] }, "related": [ + { + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "91583583-95c0-444e-8175-483cbebc640b", "tags": [ @@ -7780,13 +7787,6 @@ ], "type": "uses" }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", "tags": [ @@ -7814,20 +7814,6 @@ ] }, "related": [ - { - "dest-uuid": "e2cc27a2-4146-4f08-8e80-114a99204cea", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ @@ -7835,13 +7821,6 @@ ], "type": "uses" }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ @@ -7849,6 +7828,13 @@ ], "type": "uses" }, + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", "tags": [ @@ -7857,7 +7843,14 @@ "type": "uses" }, { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7871,11 +7864,18 @@ "type": "uses" }, { - "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e2cc27a2-4146-4f08-8e80-114a99204cea", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9", @@ -7890,8 +7890,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0400", - "https://www.carbonblack.com/2019/05/17/cb-tau-threat-intelligence-notification-robbinhood-ransomware-stops-181-windows-services-before-encryption/", - "https://www.baltimoresun.com/politics/bs-md-ci-it-outage-20190507-story.html" + "https://www.baltimoresun.com/politics/bs-md-ci-it-outage-20190507-story.html", + "https://www.carbonblack.com/2019/05/17/cb-tau-threat-intelligence-notification-robbinhood-ransomware-stops-181-windows-services-before-encryption/" ], "synonyms": [ "RobbinHood" @@ -7906,7 +7906,7 @@ "type": "uses" }, { - "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", + "dest-uuid": "a750a9f6-0bde-4bb3-9aae-1e2786e9780c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7920,14 +7920,7 @@ "type": "uses" }, { - "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a750a9f6-0bde-4bb3-9aae-1e2786e9780c", + "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -7939,6 +7932,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "0a607c53-df52-45da-a75d-0e53df4dad5f", @@ -7963,41 +7963,6 @@ ] }, "related": [ - { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ @@ -8006,77 +7971,7 @@ "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ae676644-d2d2-41b7-af7e-9bed1b55898c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1e9eb839-294b-48cc-b0d3-c45555a2a004", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -8089,12 +7984,117 @@ ], "type": "uses" }, + { + "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1e9eb839-294b-48cc-b0d3-c45555a2a004", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ae676644-d2d2-41b7-af7e-9bed1b55898c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "2eb9b131-d333-4a48-9eb4-d8dec46c19ee", @@ -8117,13 +8117,6 @@ ] }, "related": [ - { - "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", "tags": [ @@ -8131,55 +8124,6 @@ ], "type": "uses" }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "56e0d8b8-3e25-49dd-9050-3aa252f5aa92", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4a5b7ade-8bb5-4853-84ed-23f262002665", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "118f61a5-eb3e-4fb6-931f-2096647f4ecd", "tags": [ @@ -8188,7 +8132,28 @@ "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4a5b7ade-8bb5-4853-84ed-23f262002665", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "56e0d8b8-3e25-49dd-9050-3aa252f5aa92", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -8201,6 +8166,13 @@ ], "type": "uses" }, + { + "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ @@ -8214,6 +8186,34 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "4f1c389e-a80e-4a3e-9b0e-9be8c91df64f", @@ -8228,9 +8228,9 @@ ], "refs": [ "https://attack.mitre.org/software/S0070", - "https://www.threatstream.com/blog/evasive-maneuvers-the-wekby-group-attempts-to-evade-analysis-via-custom-rop", "https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage", - "https://www.threatconnect.com/the-anthem-hack-all-roads-lead-to-china/" + "https://www.threatconnect.com/the-anthem-hack-all-roads-lead-to-china/", + "https://www.threatstream.com/blog/evasive-maneuvers-the-wekby-group-attempts-to-evade-analysis-via-custom-rop" ], "synonyms": [ "HTTPBrowser", @@ -8247,42 +8247,7 @@ "type": "similar" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -8296,14 +8261,7 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -8317,7 +8275,21 @@ "type": "uses" }, { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -8330,12 +8302,40 @@ ], "type": "uses" }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "e066bf86-9cfb-407a-9d25-26fd5d91e360", @@ -8349,29 +8349,15 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0080", "http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-black-vine-cyberespionage-group.pdf", - "http://www.symantec.com/security_response/writeup.jsp?docid=2015-020623-0740-99&tabid=2" + "http://www.symantec.com/security_response/writeup.jsp?docid=2015-020623-0740-99&tabid=2", + "https://attack.mitre.org/software/S0080" ], "synonyms": [ "Mivast" ] }, "related": [ - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", "tags": [ @@ -8392,6 +8378,20 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "fbb470da-1d44-4f29-bbb3-9efbe20f94a3", @@ -8405,8 +8405,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0009", "http://www.novetta.com/wp-content/uploads/2014/11/Executive_Summary-Final_1.pdf", + "https://attack.mitre.org/software/S0009", "https://www.fireeye.com/blog/threat-research/2012/08/hikit-rootkit-advanced-persistent-attack-techniques-part-1.html" ], "synonyms": [ @@ -8422,28 +8422,7 @@ "type": "similar" }, { - "dest-uuid": "a62a8db3-f23a-4d8f-afd6-9dbc77e7813b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "565275d5-fcc3-4b66-b4e7-928e4cac6b8c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -8457,14 +8436,7 @@ "type": "uses" }, { - "dest-uuid": "c615231b-f253-4f58-9d47-d5b4cbdb6839", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", + "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -8478,7 +8450,28 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "565275d5-fcc3-4b66-b4e7-928e4cac6b8c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a62a8db3-f23a-4d8f-afd6-9dbc77e7813b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c615231b-f253-4f58-9d47-d5b4cbdb6839", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -8492,7 +8485,14 @@ "type": "uses" }, { - "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -8510,8 +8510,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0090", - "http://researchcenter.paloaltonetworks.com/2016/02/new-malware-rover-targets-indian-ambassador-to-afghanistan/" + "http://researchcenter.paloaltonetworks.com/2016/02/new-malware-rover-targets-indian-ambassador-to-afghanistan/", + "https://attack.mitre.org/software/S0090" ], "synonyms": [ "Rover" @@ -8519,56 +8519,7 @@ }, "related": [ { - "dest-uuid": "53e94bc9-c8d2-4fb6-9c02-00841e454050", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -8582,7 +8533,42 @@ "type": "uses" }, { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "53e94bc9-c8d2-4fb6-9c02-00841e454050", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -8594,6 +8580,20 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "6b616fc1-1505-48e3-8b2c-0d19337bff38", @@ -8607,15 +8607,113 @@ "Windows" ], "refs": [ + "http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_the_taidoor_campaign.pdf", "https://attack.mitre.org/software/S0011", - "https://us-cert.cisa.gov/ncas/analysis-reports/ar20-216a", - "http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_the_taidoor_campaign.pdf" + "https://us-cert.cisa.gov/ncas/analysis-reports/ar20-216a" ], "synonyms": [ "Taidoor" ] }, "related": [ + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "cda7d605-23d0-4f93-a585-1276f094c04a", "tags": [ @@ -8630,13 +8728,6 @@ ], "type": "uses" }, - { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ @@ -8644,90 +8735,6 @@ ], "type": "uses" }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ @@ -8735,20 +8742,6 @@ ], "type": "uses" }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ @@ -8757,7 +8750,14 @@ "type": "uses" }, { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -8784,6 +8784,13 @@ ] }, "related": [ + { + "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b5be84b7-bf2c-40d0-85a9-14c040881a98", "tags": [ @@ -8804,13 +8811,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "1d808f62-cf63-4063-9727-ff6132514c22", @@ -8825,10 +8825,10 @@ "Linux" ], "refs": [ + "http://www.novetta.com/wp-content/uploads/2014/11/Executive_Summary-Final_1.pdf", "https://attack.mitre.org/software/S0021", "https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2016/2016.02.29.Turbo_Campaign_Derusbi/TA_Fidelis_Turbo_1602_0.pdf", "https://www.fireeye.com/blog/threat-research/2018/03/suspected-chinese-espionage-group-targeting-maritime-and-engineering-industries.html", - "http://www.novetta.com/wp-content/uploads/2014/11/Executive_Summary-Final_1.pdf", "https://www.threatconnect.com/the-anthem-hack-all-roads-lead-to-china/" ], "synonyms": [ @@ -8837,62 +8837,6 @@ ] }, "related": [ - { - "dest-uuid": "eff68b97-f36e-4827-ab1a-90523c16774c", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "7ea00126-add3-407e-b69d-d4aa1b3049d5", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ @@ -8900,76 +8844,6 @@ ], "type": "uses" }, - { - "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ @@ -8977,6 +8851,69 @@ ], "type": "uses" }, + { + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7ea00126-add3-407e-b69d-d4aa1b3049d5", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", "tags": [ @@ -8985,7 +8922,70 @@ "type": "uses" }, { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "eff68b97-f36e-4827-ab1a-90523c16774c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9012,21 +9012,7 @@ }, "related": [ { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9040,42 +9026,7 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9a60a291-8960-4387-8a4a-2ab5c18bb50b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9089,21 +9040,7 @@ "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9123,6 +9060,20 @@ ], "type": "uses" }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ @@ -9130,6 +9081,48 @@ ], "type": "uses" }, + { + "dest-uuid": "9a60a291-8960-4387-8a4a-2ab5c18bb50b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c8e87b83-edbb-48d4-9295-4974897525b7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "tags": [ @@ -9138,14 +9131,21 @@ "type": "uses" }, { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "c8e87b83-edbb-48d4-9295-4974897525b7", + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9163,12 +9163,12 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0012", - "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-poison-ivy.pdf", - "https://www.symantec.com/security_response/writeup.jsp?docid=2005-081910-3934-99", "http://www.novetta.com/wp-content/uploads/2014/11/Executive_Summary-Final_1.pdf", + "https://attack.mitre.org/software/S0012", "https://web.archive.org/web/20190717233006/http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-elderwood-project.pdf", - "https://www.symantec.com/connect/blogs/life-mars-how-attackers-took-advantage-hope-alien-existance-new-darkmoon-campaign" + "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-poison-ivy.pdf", + "https://www.symantec.com/connect/blogs/life-mars-how-attackers-took-advantage-hope-alien-existance-new-darkmoon-campaign", + "https://www.symantec.com/security_response/writeup.jsp?docid=2005-081910-3934-99" ], "synonyms": [ "PoisonIvy", @@ -9178,76 +9178,6 @@ ] }, "related": [ - { - "dest-uuid": "4e104fef-8a2c-4679-b497-6e86d7d47db0", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "2abe89de-46dd-4dae-ae22-b49a593aff54", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "e336aeba-b61a-44e0-a0df-cd52a5839db5", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "7789fc1b-3cbc-4a1c-8ef0-8b06760f93e7", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ @@ -9255,41 +9185,6 @@ ], "type": "uses" }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", "tags": [ @@ -9297,6 +9192,13 @@ ], "type": "uses" }, + { + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "22522668-ddf6-470b-a027-9d6866679f67", "tags": [ @@ -9304,12 +9206,110 @@ ], "type": "uses" }, + { + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2abe89de-46dd-4dae-ae22-b49a593aff54", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4e104fef-8a2c-4679-b497-6e86d7d47db0", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7789fc1b-3cbc-4a1c-8ef0-8b06760f93e7", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e336aeba-b61a-44e0-a0df-cd52a5839db5", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "b42378e0-f147-496f-992a-26a49705395b", @@ -9333,7 +9333,7 @@ }, "related": [ { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9354,7 +9354,7 @@ "type": "uses" }, { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9382,35 +9382,7 @@ }, "related": [ { - "dest-uuid": "cd6c5f27-cf7e-4529-ae9c-ab5b85102bde", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9424,35 +9396,21 @@ "type": "uses" }, { - "dest-uuid": "d467bc38-284b-4a00-96ac-125f447799fc", + "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9465,6 +9423,41 @@ ], "type": "uses" }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cd6c5f27-cf7e-4529-ae9c-ab5b85102bde", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ @@ -9472,6 +9465,13 @@ ], "type": "uses" }, + { + "dest-uuid": "d467bc38-284b-4a00-96ac-125f447799fc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ @@ -9507,14 +9507,14 @@ }, "related": [ { - "dest-uuid": "ea3a8c25-4adb-4538-bf11-55259bdba15f", + "dest-uuid": "3dd58c80-4c2e-458c-9503-1b2cd273c4d2", "tags": [ - "estimative-language:likelihood-probability=\"likely\"" + "estimative-language:likelihood-probability=\"almost-certain\"" ], - "type": "similar" + "type": "uses" }, { - "dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a", + "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9527,6 +9527,13 @@ ], "type": "uses" }, + { + "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b327a9c0-e709-495c-aa6e-00b042136e2b", "tags": [ @@ -9534,6 +9541,20 @@ ], "type": "uses" }, + { + "dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", "tags": [ @@ -9549,32 +9570,11 @@ "type": "uses" }, { - "dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6", + "dest-uuid": "ea3a8c25-4adb-4538-bf11-55259bdba15f", "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" + "estimative-language:likelihood-probability=\"likely\"" ], - "type": "uses" - }, - { - "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3dd58c80-4c2e-458c-9503-1b2cd273c4d2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" + "type": "similar" } ], "uuid": "317a2c10-d489-431e-b6b2-f0251fddc88e", @@ -9588,13 +9588,13 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0013", "http://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdf", - "https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage", + "http://labs.lastline.com/an-analysis-of-plugx", "http://researchcenter.paloaltonetworks.com/2015/04/unit-42-identifies-new-dragonok-backdoor-malware-deployed-against-japanese-targets/", "http://www.novetta.com/wp-content/uploads/2014/11/Executive_Summary-Final_1.pdf", + "https://attack.mitre.org/software/S0013", "https://www.fireeye.com/blog/threat-research/2014/06/clandestine-fox-part-deux.html", - "http://labs.lastline.com/an-analysis-of-plugx" + "https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage" ], "synonyms": [ "PlugX", @@ -9608,18 +9608,11 @@ }, "related": [ { - "dest-uuid": "663f8ef9-4c50-499a-b765-f377d23c1070", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ - "estimative-language:likelihood-probability=\"likely\"" + "estimative-language:likelihood-probability=\"almost-certain\"" ], - "type": "similar" - }, - { - "dest-uuid": "f4b159ea-97e5-483b-854b-c48a78d562aa", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" + "type": "uses" }, { "dest-uuid": "036bd099-fe80-46c2-9c4c-e5c6df8dcdee", @@ -9629,70 +9622,7 @@ "type": "similar" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "99709758-2b96-48f2-a68a-ad7fbd828091", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f7827069-0bf2-4764-af4f-23fae0d181b7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9706,84 +9636,7 @@ "type": "uses" }, { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c92e3d68-2349-49e4-a341-7edca2deff96", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9797,28 +9650,21 @@ "type": "uses" }, { - "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", + "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9832,7 +9678,161 @@ "type": "uses" }, { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "663f8ef9-4c50-499a-b765-f377d23c1070", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "99709758-2b96-48f2-a68a-ad7fbd828091", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c92e3d68-2349-49e4-a341-7edca2deff96", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f4b159ea-97e5-483b-854b-c48a78d562aa", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f7827069-0bf2-4764-af4f-23fae0d181b7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -9858,6 +9858,27 @@ ] }, "related": [ + { + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ @@ -9865,6 +9886,34 @@ ], "type": "uses" }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ @@ -9879,20 +9928,6 @@ ], "type": "uses" }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "dfefe2ed-4389-4318-8762-f0272b350a1b", "tags": [ @@ -9900,13 +9935,6 @@ ], "type": "uses" }, - { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "e0232cb0-ded5-4c2e-9dc7-2893142a5c11", "tags": [ @@ -9914,40 +9942,12 @@ ], "type": "uses" }, - { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "50d6688b-0985-4f3d-8cbe-0c796b30703b", @@ -9961,11 +9961,11 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0140", "http://researchcenter.paloaltonetworks.com/2016/11/unit42-shamoon-2-return-disttrack-wiper/", + "https://attack.mitre.org/software/S0140", "https://unit42.paloaltonetworks.com/shamoon-3-targets-oil-gas-organization/", - "https://www.symantec.com/connect/blogs/shamoon-attacks", - "https://www.fireeye.com/blog/threat-research/2016/11/fireeye_respondsto.html" + "https://www.fireeye.com/blog/threat-research/2016/11/fireeye_respondsto.html", + "https://www.symantec.com/connect/blogs/shamoon-attacks" ], "synonyms": [ "Shamoon", @@ -9974,56 +9974,14 @@ }, "related": [ { - "dest-uuid": "776b1849-8d5b-4762-8ba1-cbbaddb4ce3a", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "dest-uuid": "0af0ca99-357d-4ba1-805f-674fdfb7bef9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -10036,6 +9994,20 @@ ], "type": "uses" }, + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ @@ -10043,97 +10015,6 @@ ], "type": "uses" }, - { - "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ff73aa03-0090-4464-83ac-f89e233c02bc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "86850eff-2729-40c3-b85e-c4af26da4a2d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", "tags": [ @@ -10142,7 +10023,126 @@ "type": "uses" }, { - "dest-uuid": "0af0ca99-357d-4ba1-805f-674fdfb7bef9", + "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "776b1849-8d5b-4762-8ba1-cbbaddb4ce3a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "86850eff-2729-40c3-b85e-c4af26da4a2d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ff73aa03-0090-4464-83ac-f89e233c02bc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -10158,8 +10158,8 @@ "external_id": "S0041", "mitre_platforms": [], "refs": [ - "https://attack.mitre.org/software/S0041", - "http://www.secureworks.com/cyber-threat-intelligence/threats/wiper-malware-analysis-attacking-korean-financial-sector/" + "http://www.secureworks.com/cyber-threat-intelligence/threats/wiper-malware-analysis-attacking-korean-financial-sector/", + "https://attack.mitre.org/software/S0041" ], "synonyms": [] }, @@ -10191,6 +10191,27 @@ ] }, "related": [ + { + "dest-uuid": "118f61a5-eb3e-4fb6-931f-2096647f4ecd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ @@ -10198,6 +10219,20 @@ ], "type": "uses" }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", "tags": [ @@ -10218,41 +10253,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "118f61a5-eb3e-4fb6-931f-2096647f4ecd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "5e7ef1dc-7fb6-4913-ac75-e06113b59e0c", @@ -10275,28 +10275,7 @@ }, "related": [ { - "dest-uuid": "4df1b257-c242-46b0-b120-591430066b6f", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "dest-uuid": "118f61a5-eb3e-4fb6-931f-2096647f4ecd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -10310,7 +10289,21 @@ "type": "uses" }, { - "dest-uuid": "118f61a5-eb3e-4fb6-931f-2096647f4ecd", + "dest-uuid": "4df1b257-c242-46b0-b120-591430066b6f", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -10323,6 +10316,13 @@ ], "type": "uses" }, + { + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "c3888c54-775d-4b2f-b759-75a2ececcbfd", "tags": [ @@ -10331,7 +10331,7 @@ "type": "uses" }, { - "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -10358,14 +10358,56 @@ }, "related": [ { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -10385,13 +10427,6 @@ ], "type": "uses" }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ @@ -10399,55 +10434,6 @@ ], "type": "uses" }, - { - "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ @@ -10456,14 +10442,28 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -10490,35 +10490,21 @@ }, "related": [ { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "0a5231ec-41af-4a35-83d0-6bdf11f28c65", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "677569f9-a8b0-459e-ab24-7f18091fa7bf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -10532,14 +10518,63 @@ "type": "uses" }, { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "2de47683-f398-448f-b947-9abcc3e32fad", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "677569f9-a8b0-459e-ab24-7f18091fa7bf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -10560,70 +10595,7 @@ "type": "uses" }, { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0a5231ec-41af-4a35-83d0-6bdf11f28c65", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2de47683-f398-448f-b947-9abcc3e32fad", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -10637,7 +10609,35 @@ "type": "uses" }, { - "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -10701,7 +10701,7 @@ }, "related": [ { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "dest-uuid": "0470e792-32f8-46b0-a351-652bc35e9336", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -10715,7 +10715,7 @@ "type": "uses" }, { - "dest-uuid": "cd25c1b4-935c-4f0e-ba8d-552f28bc4783", + "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -10728,62 +10728,6 @@ ], "type": "uses" }, - { - "dest-uuid": "0470e792-32f8-46b0-a351-652bc35e9336", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "633a100c-b2c9-41bf-9be5-905c1b16c825", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ @@ -10791,34 +10735,6 @@ ], "type": "uses" }, - { - "dest-uuid": "3aef9463-9a7a-43ba-8957-a867e07c1e6a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", "tags": [ @@ -10827,14 +10743,14 @@ "type": "uses" }, { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "dest-uuid": "3aef9463-9a7a-43ba-8957-a867e07c1e6a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -10847,20 +10763,6 @@ ], "type": "uses" }, - { - "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "4a5b7ade-8bb5-4853-84ed-23f262002665", "tags": [ @@ -10869,7 +10771,21 @@ "type": "uses" }, { - "dest-uuid": "dfefe2ed-4389-4318-8762-f0272b350a1b", + "dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "633a100c-b2c9-41bf-9be5-905c1b16c825", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -10888,6 +10804,90 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cd25c1b4-935c-4f0e-ba8d-552f28bc4783", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfefe2ed-4389-4318-8762-f0272b350a1b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "40a1b8ec-7295-416c-a6b1-68181d86f120", @@ -10910,28 +10910,7 @@ }, "related": [ { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -10945,7 +10924,35 @@ "type": "uses" }, { - "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -10958,6 +10965,20 @@ ], "type": "uses" }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "ad255bfe-a9e6-4b52-a258-8d3462abe842", "tags": [ @@ -10972,13 +10993,6 @@ ], "type": "uses" }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ @@ -10986,20 +11000,6 @@ ], "type": "uses" }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ @@ -11008,7 +11008,7 @@ "type": "uses" }, { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11027,14 +11027,70 @@ ], "refs": [ "https://attack.mitre.org/software/S0017", - "https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf", - "https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report-appendix.zip" + "https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report-appendix.zip", + "https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf" ], "synonyms": [ "BISCUIT" ] }, "related": [ + { + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "f1e05a12-ca50-41ab-a963-d7df5bcb141d", "tags": [ @@ -11049,68 +11105,12 @@ ], "type": "uses" }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "b8eb28e4-48a6-40ae-951a-328714f75eda", @@ -11124,8 +11124,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0170", - "http://researchcenter.paloaltonetworks.com/2016/05/the-oilrig-campaign-attacks-on-saudi-arabian-organizations-deliver-helminth-backdoor/" + "http://researchcenter.paloaltonetworks.com/2016/05/the-oilrig-campaign-attacks-on-saudi-arabian-organizations-deliver-helminth-backdoor/", + "https://attack.mitre.org/software/S0170" ], "synonyms": [ "Helminth" @@ -11133,11 +11133,18 @@ }, "related": [ { - "dest-uuid": "19d89300-ff97-4281-ac42-76542e744092", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ - "estimative-language:likelihood-probability=\"likely\"" + "estimative-language:likelihood-probability=\"almost-certain\"" ], - "type": "similar" + "type": "uses" + }, + { + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", @@ -11147,7 +11154,21 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "19d89300-ff97-4281-ac42-76542e744092", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11161,7 +11182,35 @@ "type": "uses" }, { - "dest-uuid": "c3888c54-775d-4b2f-b759-75a2ececcbfd", + "dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11175,14 +11224,7 @@ "type": "uses" }, { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11203,28 +11245,14 @@ "type": "uses" }, { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "dest-uuid": "c3888c54-775d-4b2f-b759-75a2ececcbfd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11238,49 +11266,21 @@ "type": "uses" }, { - "dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11298,8 +11298,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0071", - "http://www.secureworks.com/resources/blog/where-you-at-indicators-of-lateral-movement-using-at-exe-on-windows-7-systems/" + "http://www.secureworks.com/resources/blog/where-you-at-indicators-of-lateral-movement-using-at-exe-on-windows-7-systems/", + "https://attack.mitre.org/software/S0071" ], "synonyms": [ "hcdLoader" @@ -11340,8 +11340,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0081", - "https://www.paloaltonetworks.com/resources/research/unit42-operation-lotus-blossom.html", - "https://www.accenture.com/t20180127T003755Z_w_/us-en/_acnmedia/PDF-46/Accenture-Security-Dragonfish-Threat-Analysis.pdf" + "https://www.accenture.com/t20180127T003755Z_w_/us-en/_acnmedia/PDF-46/Accenture-Security-Dragonfish-Threat-Analysis.pdf", + "https://www.paloaltonetworks.com/resources/research/unit42-operation-lotus-blossom.html" ], "synonyms": [ "Elise", @@ -11350,97 +11350,6 @@ ] }, "related": [ - { - "dest-uuid": "d70fd29d-590e-4ed5-b72f-6ce0142019c6", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "3477a25d-e04b-475e-8330-39f66c10cc01", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ @@ -11449,14 +11358,14 @@ "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11477,7 +11386,56 @@ "type": "uses" }, { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3477a25d-e04b-475e-8330-39f66c10cc01", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11491,7 +11449,49 @@ "type": "uses" }, { - "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d70fd29d-590e-4ed5-b72f-6ce0142019c6", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11509,9 +11509,9 @@ "Windows" ], "refs": [ + "http://www.alienvault.com/open-threat-exchange/blog/new-sykipot-developments", "https://attack.mitre.org/software/S0018", - "https://www.alienvault.com/open-threat-exchange/blog/sykipot-variant-hijacks-dod-and-windows-smart-cards", - "http://www.alienvault.com/open-threat-exchange/blog/new-sykipot-developments" + "https://www.alienvault.com/open-threat-exchange/blog/sykipot-variant-hijacks-dod-and-windows-smart-cards" ], "synonyms": [ "Sykipot" @@ -11519,14 +11519,7 @@ }, "related": [ { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11540,7 +11533,7 @@ "type": "uses" }, { - "dest-uuid": "dd43c543-bb85-4a6f-aa6e-160d90d06a49", + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11553,13 +11546,6 @@ ], "type": "uses" }, - { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "tags": [ @@ -11574,26 +11560,40 @@ ], "type": "uses" }, - { - "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dd43c543-bb85-4a6f-aa6e-160d90d06a49", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "6a0ef5d4-fc7c-4dda-85d7-592e4dbdc5d9", @@ -11608,9 +11608,9 @@ ], "refs": [ "https://attack.mitre.org/software/S0180", + "https://www.symantec.com/security-center/writeup/2014-081811-3237-99?tabid=2", "https://www.us-cert.gov/ncas/alerts/TA17-318B", - "https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-D_WHITE_S508C.PDF", - "https://www.symantec.com/security-center/writeup/2014-081811-3237-99?tabid=2" + "https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-D_WHITE_S508C.PDF" ], "synonyms": [ "Volgmer" @@ -11624,13 +11624,6 @@ ], "type": "similar" }, - { - "dest-uuid": "bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ @@ -11645,55 +11638,6 @@ ], "type": "uses" }, - { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", "tags": [ @@ -11701,34 +11645,6 @@ ], "type": "uses" }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ @@ -11737,7 +11653,35 @@ "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11751,7 +11695,14 @@ "type": "uses" }, { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11764,6 +11715,27 @@ ], "type": "uses" }, + { + "dest-uuid": "bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", "tags": [ @@ -11772,7 +11744,35 @@ "type": "uses" }, { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11802,69 +11802,6 @@ ] }, "related": [ - { - "dest-uuid": "36c0faf0-428e-4e7f-93c5-824bb0495ac9", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "6b6cf608-cc2c-40d7-8500-afca3e35e7e4", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0042a9f5-f053-4769-b3ef-9ad018dfa298", "tags": [ @@ -11873,21 +11810,7 @@ "type": "uses" }, { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11901,7 +11824,98 @@ "type": "uses" }, { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "36c0faf0-428e-4e7f-93c5-824bb0495ac9", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "41868330-6ee2-4d0f-b743-9f2294c3c9b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6b6cf608-cc2c-40d7-8500-afca3e35e7e4", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11914,20 +11928,6 @@ ], "type": "uses" }, - { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "41868330-6ee2-4d0f-b743-9f2294c3c9b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "tags": [ @@ -11936,14 +11936,7 @@ "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11957,7 +11950,14 @@ "type": "uses" }, { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -11983,6 +11983,13 @@ ] }, "related": [ + { + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "0cf21558-1217-4d36-9536-2919cfd44825", "tags": [ @@ -11990,6 +11997,20 @@ ], "type": "similar" }, + { + "dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "4cbe9373-6b5e-42d0-9750-e0b7fc0d58bb", "tags": [ @@ -11997,6 +12018,20 @@ ], "type": "similar" }, + { + "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", "tags": [ @@ -12018,13 +12053,6 @@ ], "type": "uses" }, - { - "dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ @@ -12033,21 +12061,7 @@ "type": "uses" }, { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", + "dest-uuid": "dfebc3b7-d19d-450b-81c7-6dafe4184c04", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -12061,21 +12075,7 @@ "type": "uses" }, { - "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfebc3b7-d19d-450b-81c7-6dafe4184c04", + "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -12093,35 +12093,14 @@ "Linux" ], "refs": [ - "https://attack.mitre.org/software/S0220", - "http://gosecure.net/2018/02/14/chaos-stolen-backdoor-rising/" + "http://gosecure.net/2018/02/14/chaos-stolen-backdoor-rising/", + "https://attack.mitre.org/software/S0220" ], "synonyms": [ "Chaos" ] }, "related": [ - { - "dest-uuid": "84e02621-8fdf-470f-bd58-993bb6a89d91", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ @@ -12136,12 +12115,33 @@ ], "type": "uses" }, + { + "dest-uuid": "84e02621-8fdf-470f-bd58-993bb6a89d91", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "5bcd5511-6756-4824-a692-e8bb109364af", @@ -12159,6 +12159,13 @@ "synonyms": [] }, "related": [ + { + "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "22332d52-c0c2-443c-9ffb-f08c0d23722c", "tags": [ @@ -12179,13 +12186,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "80a014ba-3fef-4768-990b-37d8bd10d7f4", @@ -12241,12 +12241,12 @@ "Linux" ], "refs": [ - "https://attack.mitre.org/software/S0023", "http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf", - "https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf", + "https://attack.mitre.org/software/S0023", "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-apt28.pdf", "https://www.justice.gov/file/1080281/download", - "https://www.symantec.com/blogs/election-security/apt28-espionage-military-government" + "https://www.symantec.com/blogs/election-security/apt28-espionage-military-government", + "https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf" ], "synonyms": [ "CHOPSTICK", @@ -12258,27 +12258,6 @@ ] }, "related": [ - { - "dest-uuid": "0a32ceea-fa66-47ab-8bde-150dbd6d2e40", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "3e2c99f9-66cd-48be-86e9-d7c1c164d87c", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ @@ -12286,48 +12265,6 @@ ], "type": "uses" }, - { - "dest-uuid": "54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "64196062-5210-42c3-9a02-563a0d1797ef", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ @@ -12336,21 +12273,49 @@ "type": "uses" }, { - "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", + "dest-uuid": "0a32ceea-fa66-47ab-8bde-150dbd6d2e40", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "118f61a5-eb3e-4fb6-931f-2096647f4ecd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "82caa33e-d11a-433a-94ea-9b5a5fbef81d", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3e2c99f9-66cd-48be-86e9-d7c1c164d87c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -12364,7 +12329,14 @@ "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "64196062-5210-42c3-9a02-563a0d1797ef", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -12377,6 +12349,41 @@ ], "type": "uses" }, + { + "dest-uuid": "82caa33e-d11a-433a-94ea-9b5a5fbef81d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ @@ -12392,14 +12399,7 @@ "type": "uses" }, { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "118f61a5-eb3e-4fb6-931f-2096647f4ecd", + "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -12418,8 +12418,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0320", - "https://www.zscaler.com/blogs/research/super-mario-run-malware-2-–-droidjack-rat", - "https://www.proofpoint.com/us/threat-insight/post/droidjack-uses-side-load-backdoored-pokemon-go-android-app" + "https://www.proofpoint.com/us/threat-insight/post/droidjack-uses-side-load-backdoored-pokemon-go-android-app", + "https://www.zscaler.com/blogs/research/super-mario-run-malware-2-–-droidjack-rat" ], "synonyms": [ "DroidJack" @@ -12427,7 +12427,7 @@ }, "related": [ { - "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", + "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -12441,14 +12441,7 @@ "type": "uses" }, { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -12460,6 +12453,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1", @@ -12473,15 +12473,15 @@ "Windows" ], "refs": [ + "http://www.novetta.com/wp-content/uploads/2014/11/Executive_Summary-Final_1.pdf", "https://attack.mitre.org/software/S0203", - "https://www.arbornetworks.com/blog/asert/wp-content/uploads/2016/01/ASERT-Threat-Intelligence-Brief-2015-08-Uncovering-the-Seven-Point-Dagger.pdf", + "https://community.softwaregrp.com/t5/Security-Research/9002-RAT-a-second-building-on-the-left/ba-p/228686#.WosBVKjwZPZ", "https://researchcenter.paloaltonetworks.com/2015/09/chinese-actors-use-3102-malware-in-attacks-on-us-government-and-eu-media/", - "https://www.proofpoint.com/us/threat-insight/post/operation-rat-cook-chinese-apt-actors-use-fake-game-thrones-leaks-lures", + "https://web.archive.org/web/20190717233006/http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-elderwood-project.pdf", + "https://www.arbornetworks.com/blog/asert/wp-content/uploads/2016/01/ASERT-Threat-Intelligence-Brief-2015-08-Uncovering-the-Seven-Point-Dagger.pdf", "https://www.fireeye.com/blog/threat-research/2013/05/ready-for-summer-the-sunshop-campaign.html", "https://www.fireeye.com/blog/threat-research/2013/11/operation-ephemeral-hydra-ie-zero-day-linked-to-deputydog-uses-diskless-method.html", - "http://www.novetta.com/wp-content/uploads/2014/11/Executive_Summary-Final_1.pdf", - "https://web.archive.org/web/20190717233006/http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-elderwood-project.pdf", - "https://community.softwaregrp.com/t5/Security-Research/9002-RAT-a-second-building-on-the-left/ba-p/228686#.WosBVKjwZPZ", + "https://www.proofpoint.com/us/threat-insight/post/operation-rat-cook-chinese-apt-actors-use-fake-game-thrones-leaks-lures", "https://www.symantec.com/connect/blogs/trojanhydraq-incident" ], "synonyms": [ @@ -12499,25 +12499,11 @@ }, "related": [ { - "dest-uuid": "70c31066-237a-11e8-8eff-37ef1ad0c703", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ - "estimative-language:likelihood-probability=\"likely\"" + "estimative-language:likelihood-probability=\"almost-certain\"" ], - "type": "similar" - }, - { - "dest-uuid": "bab647d7-c9d6-4697-8fd2-1295c7429e1f", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "2f899e3e-1a46-43ea-8e68-140603ce943d", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" + "type": "uses" }, { "dest-uuid": "0a5231ec-41af-4a35-83d0-6bdf11f28c65", @@ -12533,55 +12519,6 @@ ], "type": "uses" }, - { - "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a19e86f8-1c0a-4fea-8407-23b73d615776", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ @@ -12590,35 +12527,14 @@ "type": "uses" }, { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "dest-uuid": "2f899e3e-1a46-43ea-8e68-140603ce943d", "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" + "estimative-language:likelihood-probability=\"likely\"" ], - "type": "uses" + "type": "similar" }, { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -12632,12 +12548,40 @@ "type": "uses" }, { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "70c31066-237a-11e8-8eff-37ef1ad0c703", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ @@ -12646,7 +12590,63 @@ "type": "uses" }, { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a19e86f8-1c0a-4fea-8407-23b73d615776", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bab647d7-c9d6-4697-8fd2-1295c7429e1f", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -12665,8 +12665,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0230", - "https://www.proofpoint.com/us/threat-insight/post/apt-targets-financial-analysts", - "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx" + "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx", + "https://www.proofpoint.com/us/threat-insight/post/apt-targets-financial-analysts" ], "synonyms": [ "ZeroT" @@ -12674,35 +12674,7 @@ }, "related": [ { - "dest-uuid": "ff00fa92-b32e-46b6-88ca-98357ebe3f54", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "9b0aa458-dfa9-48af-87ea-c36d1501376c", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -12716,12 +12688,47 @@ "type": "uses" }, { - "dest-uuid": "eec23884-3fa1-4d8a-ac50-6f104d51e235", + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9b0aa458-dfa9-48af-87ea-c36d1501376c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ @@ -12737,7 +12744,14 @@ "type": "uses" }, { - "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -12751,32 +12765,18 @@ "type": "uses" }, { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "dest-uuid": "eec23884-3fa1-4d8a-ac50-6f104d51e235", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "ff00fa92-b32e-46b6-88ca-98357ebe3f54", "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" + "estimative-language:likelihood-probability=\"likely\"" ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" + "type": "similar" } ], "uuid": "4ab44516-ad75-4e43-a280-705dc0420e2f", @@ -12790,8 +12790,8 @@ "Android" ], "refs": [ - "https://attack.mitre.org/software/S0302", - "http://www.welivesecurity.com/2016/08/24/first-twitter-controlled-android-botnet-discovered/" + "http://www.welivesecurity.com/2016/08/24/first-twitter-controlled-android-botnet-discovered/", + "https://attack.mitre.org/software/S0302" ], "synonyms": [ "Twitoor" @@ -12799,14 +12799,14 @@ }, "related": [ { - "dest-uuid": "fd658820-cbba-4c95-8ac9-0fac6b1099e2", + "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", + "dest-uuid": "c6a146ae-9c63-4606-97ff-e261e76e8380", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -12820,7 +12820,7 @@ "type": "uses" }, { - "dest-uuid": "c6a146ae-9c63-4606-97ff-e261e76e8380", + "dest-uuid": "fd658820-cbba-4c95-8ac9-0fac6b1099e2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -12847,14 +12847,14 @@ }, "related": [ { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -12868,14 +12868,14 @@ "type": "uses" }, { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -12909,7 +12909,7 @@ }, "related": [ { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -12923,14 +12923,14 @@ "type": "uses" }, { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -12950,9 +12950,9 @@ "refs": [ "https://attack.mitre.org/software/S0240", "https://blog.talosintelligence.com/2017/04/introducing-rokrat.html", + "https://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.html", "https://blog.talosintelligence.com/2018/01/korea-in-crosshairs.html", - "https://www.volexity.com/blog/2021/08/24/north-korean-bluelight-special-inkysquid-deploys-rokrat/", - "https://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.html" + "https://www.volexity.com/blog/2021/08/24/north-korean-bluelight-special-inkysquid-deploys-rokrat/" ], "synonyms": [ "ROKRAT" @@ -12960,7 +12960,35 @@ }, "related": [ { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -12974,84 +13002,7 @@ "type": "uses" }, { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d336b553-5da9-46ca-98a8-0b23f49fb447", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f244b8dd-af6c-4391-a497-fc03627ce995", + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -13064,6 +13015,48 @@ ], "type": "uses" }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ @@ -13072,7 +13065,21 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -13093,42 +13100,7 @@ "type": "uses" }, { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e4dc8c01-417f-458d-9ee0-bb0617c1b391", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -13142,14 +13114,28 @@ "type": "uses" }, { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "dest-uuid": "d336b553-5da9-46ca-98a8-0b23f49fb447", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -13163,7 +13149,21 @@ "type": "uses" }, { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "dest-uuid": "e4dc8c01-417f-458d-9ee0-bb0617c1b391", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f244b8dd-af6c-4391-a497-fc03627ce995", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -13190,6 +13190,20 @@ ] }, "related": [ + { + "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ @@ -13204,26 +13218,12 @@ ], "type": "uses" }, - { - "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "79499993-a8d6-45eb-b343-bf58dea5bdde", @@ -13245,20 +13245,6 @@ ] }, "related": [ - { - "dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "351c0927-2fc1-4a2c-ad84-cbbee7eb8172", "tags": [ @@ -13266,6 +13252,13 @@ ], "type": "uses" }, + { + "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "c5089859-b21f-40a3-8be4-63e381b8b1c0", "tags": [ @@ -13281,7 +13274,14 @@ "type": "uses" }, { - "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", + "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -13306,8 +13306,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0024", "http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/dyre-emerging-threat.pdf", + "https://attack.mitre.org/software/S0024", "https://blog.malwarebytes.com/threat-analysis/2015/11/a-technical-look-at-dyreza/", "https://nakedsecurity.sophos.com/2015/04/20/notes-from-sophoslabs-dyreza-the-malware-that-discriminates-against-old-computers/" ], @@ -13319,21 +13319,7 @@ }, "related": [ { - "dest-uuid": "15e969e6-f031-4441-a49b-f401332e4b00", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "1ecbcd20-f238-47ef-874b-08ef93266395", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -13347,12 +13333,26 @@ "type": "uses" }, { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", + "dest-uuid": "15e969e6-f031-4441-a49b-f401332e4b00", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, + { + "dest-uuid": "1ecbcd20-f238-47ef-874b-08ef93266395", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ @@ -13361,7 +13361,7 @@ "type": "uses" }, { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -13375,14 +13375,7 @@ "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -13396,35 +13389,21 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -13438,7 +13417,28 @@ "type": "uses" }, { - "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -13464,13 +13464,6 @@ ] }, "related": [ - { - "dest-uuid": "e2c18713-0a95-4092-a0e9-76358512daad", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", "tags": [ @@ -13484,6 +13477,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e2c18713-0a95-4092-a0e9-76358512daad", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "5a84dc36-df0d-4053-9b7c-f0c388a57283", @@ -13498,63 +13498,14 @@ ], "refs": [ "https://attack.mitre.org/software/S0520", - "https://us-cert.cisa.gov/ncas/analysis-reports/ar20-232a", - "https://digital.nhs.uk/cyber-alerts/2020/cc-3603" + "https://digital.nhs.uk/cyber-alerts/2020/cc-3603", + "https://us-cert.cisa.gov/ncas/analysis-reports/ar20-232a" ], "synonyms": [ "BLINDINGCAN" ] }, "related": [ - { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ @@ -13563,49 +13514,7 @@ "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -13619,7 +13528,7 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -13632,13 +13541,6 @@ ], "type": "uses" }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ @@ -13646,12 +13548,110 @@ ], "type": "uses" }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "01dbc71d-0ee8-420d-abb4-3dfb6a4bf725", @@ -13673,13 +13673,6 @@ ] }, "related": [ - { - "dest-uuid": "abd10caa-7d4c-4c22-8dae-8d32f13232d7", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", "tags": [ @@ -13687,20 +13680,6 @@ ], "type": "uses" }, - { - "dest-uuid": "9c99724c-a483-4d60-ad9d-7f004e42e8e8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ @@ -13708,12 +13687,33 @@ ], "type": "uses" }, + { + "dest-uuid": "9c99724c-a483-4d60-ad9d-7f004e42e8e8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "abd10caa-7d4c-4c22-8dae-8d32f13232d7", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "c675646d-e204-4aa8-978d-e3d6d65885c4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "b136d088-a829-432c-ac26-5529c26d4c7e", @@ -13736,14 +13736,7 @@ }, "related": [ { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", + "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -13756,34 +13749,6 @@ ], "type": "uses" }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a1b52199-c8c5-438a-9ded-656f1d0888c6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ @@ -13791,13 +13756,6 @@ ], "type": "uses" }, - { - "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", "tags": [ @@ -13806,7 +13764,14 @@ "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "a1b52199-c8c5-438a-9ded-656f1d0888c6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -13818,6 +13783,41 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "99164b38-1775-40bc-b77b-a2373b14540a", @@ -13832,8 +13832,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0205", - "https://www.symantec.com/security_response/writeup.jsp?docid=2012-061518-4639-99", - "https://web.archive.org/web/20190717233006/http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-elderwood-project.pdf" + "https://web.archive.org/web/20190717233006/http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-elderwood-project.pdf", + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-061518-4639-99" ], "synonyms": [ "Naid" @@ -13848,14 +13848,14 @@ "type": "similar" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -13869,7 +13869,7 @@ "type": "uses" }, { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -13883,7 +13883,7 @@ "type": "uses" }, { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -13942,14 +13942,14 @@ }, "related": [ { - "dest-uuid": "fb3fa94a-3aee-4ab0-b7e7-abdf0a51286d", + "dest-uuid": "52651225-0b3a-482d-aa7e-10618fd063b5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "52651225-0b3a-482d-aa7e-10618fd063b5", + "dest-uuid": "fb3fa94a-3aee-4ab0-b7e7-abdf0a51286d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -13967,10 +13967,10 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0062", - "https://www.clearskysec.com/wp-content/uploads/2016/01/Operation%20DustySky_TLP_WHITE.pdf", "http://www.clearskysec.com/wp-content/uploads/2016/06/Operation-DustySky2_-6.2016_TLP_White.pdf", - "https://securelist.com/gaza-cybergang-group1-operation-sneakypastes/90068/" + "https://attack.mitre.org/software/S0062", + "https://securelist.com/gaza-cybergang-group1-operation-sneakypastes/90068/", + "https://www.clearskysec.com/wp-content/uploads/2016/01/Operation%20DustySky_TLP_WHITE.pdf" ], "synonyms": [ "DustySky", @@ -13979,42 +13979,14 @@ }, "related": [ { - "dest-uuid": "eedcf785-d011-4e17-96c4-6ff39138ada0", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -14028,21 +14000,7 @@ "type": "uses" }, { - "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -14063,14 +14021,28 @@ "type": "uses" }, { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", + "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -14084,14 +14056,28 @@ "type": "uses" }, { - "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -14105,14 +14091,28 @@ "type": "uses" }, { - "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", + "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "eedcf785-d011-4e17-96c4-6ff39138ada0", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -14139,20 +14139,6 @@ ] }, "related": [ - { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ @@ -14161,42 +14147,21 @@ "type": "uses" }, { - "dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec", + "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "7c0f17c9-1af6-4628-9cbd-9e45482dd605", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f244b8dd-af6c-4391-a497-fc03627ce995", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -14210,14 +14175,70 @@ "type": "uses" }, { - "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", + "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -14237,118 +14258,6 @@ ], "type": "uses" }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "41868330-6ee2-4d0f-b743-9f2294c3c9b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4ff5d6a8-c062-4c68-a778-36fc5edd564f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", "tags": [ @@ -14356,237 +14265,6 @@ ], "type": "uses" }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b0533c6e-8fea-4788-874f-b799cacc4b92", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "eb2cb5cb-ae87-4de0-8c35-da2a17aafb99", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a750a9f6-0bde-4bb3-9aae-1e2786e9780c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "806a49c4-970d-43f9-9acc-ac0ee11e6662", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d467bc38-284b-4a00-96ac-125f447799fc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ @@ -14595,49 +14273,14 @@ "type": "uses" }, { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "c325b232-d5bc-4dde-a3ec-71f3db9e8adc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -14650,12 +14293,369 @@ ], "type": "uses" }, + { + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "41868330-6ee2-4d0f-b743-9f2294c3c9b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4ff5d6a8-c062-4c68-a778-36fc5edd564f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7c0f17c9-1af6-4628-9cbd-9e45482dd605", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "806a49c4-970d-43f9-9acc-ac0ee11e6662", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a750a9f6-0bde-4bb3-9aae-1e2786e9780c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b0533c6e-8fea-4788-874f-b799cacc4b92", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c325b232-d5bc-4dde-a3ec-71f3db9e8adc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d467bc38-284b-4a00-96ac-125f447799fc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "eb2cb5cb-ae87-4de0-8c35-da2a17aafb99", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f244b8dd-af6c-4391-a497-fc03627ce995", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "47afe41c-4c08-485e-b062-c3bd209a1cce", @@ -14679,14 +14679,7 @@ }, "related": [ { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -14699,6 +14692,13 @@ ], "type": "uses" }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ @@ -14707,7 +14707,7 @@ "type": "uses" }, { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -14733,13 +14733,6 @@ ] }, "related": [ - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ @@ -14747,34 +14740,6 @@ ], "type": "uses" }, - { - "dest-uuid": "b46a801b-fd98-491c-a25a-bca25d6e3001", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b", "tags": [ @@ -14782,12 +14747,47 @@ ], "type": "uses" }, + { + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b46a801b-fd98-491c-a25a-bca25d6e3001", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "a60657fa-e2e7-4f8f-8128-a882534ae8c5", @@ -14810,6 +14810,83 @@ ] }, "related": [ + { + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ @@ -14824,20 +14901,6 @@ ], "type": "uses" }, - { - "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", "tags": [ @@ -14845,69 +14908,6 @@ ], "type": "uses" }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", "tags": [ @@ -14915,33 +14915,33 @@ ], "type": "uses" }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "8ec6e3b4-b06d-4805-b6aa-af916acc2122", @@ -14979,14 +14979,14 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15046,14 +15046,14 @@ "type": "uses" }, { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15071,8 +15071,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0082", - "http://researchcenter.paloaltonetworks.com/2015/12/attack-on-french-diplomat-linked-to-operation-lotus-blossom/" + "http://researchcenter.paloaltonetworks.com/2015/12/attack-on-french-diplomat-linked-to-operation-lotus-blossom/", + "https://attack.mitre.org/software/S0082" ], "synonyms": [ "Emissary" @@ -15080,35 +15080,7 @@ }, "related": [ { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15122,42 +15094,14 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15171,14 +15115,70 @@ "type": "uses" }, { - "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15212,21 +15212,7 @@ "type": "uses" }, { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15240,7 +15226,21 @@ "type": "uses" }, { - "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15268,14 +15268,7 @@ }, "related": [ { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15289,7 +15282,21 @@ "type": "uses" }, { - "dest-uuid": "f0589bc3-a6ae-425a-a3d5-5659bfee07f4", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15303,14 +15310,7 @@ "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "f0589bc3-a6ae-425a-a3d5-5659bfee07f4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15364,10 +15364,10 @@ "Android" ], "refs": [ - "https://attack.mitre.org/software/S0290", "http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/", - "https://plus.google.com/+AdrianLudwig/posts/GXzJ8vaAFsi", - "https://blog.lookout.com/blog/2016/12/01/ghost-push-gooligan/" + "https://attack.mitre.org/software/S0290", + "https://blog.lookout.com/blog/2016/12/01/ghost-push-gooligan/", + "https://plus.google.com/+AdrianLudwig/posts/GXzJ8vaAFsi" ], "synonyms": [ "Gooligan", @@ -15376,14 +15376,14 @@ }, "related": [ { - "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "dest-uuid": "351c0927-2fc1-4a2c-ad84-cbbee7eb8172", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "351c0927-2fc1-4a2c-ad84-cbbee7eb8172", + "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15417,7 +15417,7 @@ }, "related": [ { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15431,7 +15431,7 @@ "type": "uses" }, { - "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15449,8 +15449,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0033", - "http://www.securelist.com/en/downloads/vlpdfs/kaspersky-the-net-traveler-part1-final.pdf" + "http://www.securelist.com/en/downloads/vlpdfs/kaspersky-the-net-traveler-part1-final.pdf", + "https://attack.mitre.org/software/S0033" ], "synonyms": [ "NetTraveler" @@ -15458,11 +15458,11 @@ }, "related": [ { - "dest-uuid": "59b70721-6fed-4805-afa5-4ff2554bef81", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ - "estimative-language:likelihood-probability=\"likely\"" + "estimative-language:likelihood-probability=\"almost-certain\"" ], - "type": "similar" + "type": "uses" }, { "dest-uuid": "3a26ee44-3224-48f3-aefb-3978c972d928", @@ -15472,18 +15472,18 @@ "type": "similar" }, { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", + "dest-uuid": "59b70721-6fed-4805-afa5-4ff2554bef81", "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" + "estimative-language:likelihood-probability=\"likely\"" ], - "type": "uses" + "type": "similar" } ], "uuid": "cafd0bf8-2b9c-46c7-ae3c-3e0f42c5062e", @@ -15507,7 +15507,7 @@ }, "related": [ { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15521,7 +15521,7 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15548,63 +15548,7 @@ }, "related": [ { - "dest-uuid": "3bb8052e-8ed2-48e3-a2cf-7358bae8c6b5", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bd9c723-2f78-4309-82c5-47cad406572b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15618,7 +15562,49 @@ "type": "uses" }, { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "dest-uuid": "3bb8052e-8ed2-48e3-a2cf-7358bae8c6b5", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bd9c723-2f78-4309-82c5-47cad406572b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15632,7 +15618,21 @@ "type": "uses" }, { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15651,99 +15651,15 @@ ], "refs": [ "https://attack.mitre.org/software/S0340", - "https://www.virusbulletin.com/uploads/pdf/conference_slides/2018/Cherepanov-VB2018-Octopus.pdf", "https://securelist.com/octopus-infested-seas-of-central-asia/88200/", - "https://securityaffairs.co/wordpress/77165/apt/russia-linked-apt-dustsquad.html" + "https://securityaffairs.co/wordpress/77165/apt/russia-linked-apt-dustsquad.html", + "https://www.virusbulletin.com/uploads/pdf/conference_slides/2018/Cherepanov-VB2018-Octopus.pdf" ], "synonyms": [ "Octopus" ] }, "related": [ - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ @@ -15759,7 +15675,7 @@ "type": "uses" }, { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15772,6 +15688,76 @@ ], "type": "uses" }, + { + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ @@ -15779,6 +15765,20 @@ ], "type": "uses" }, + { + "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ @@ -15807,14 +15807,28 @@ }, "related": [ { - "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", + "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d1f1337e-aea7-454c-86bd-482a98ffaf62", + "dest-uuid": "3dd58c80-4c2e-458c-9503-1b2cd273c4d2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15828,7 +15842,7 @@ "type": "uses" }, { - "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", + "dest-uuid": "d1f1337e-aea7-454c-86bd-482a98ffaf62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15848,26 +15862,12 @@ ], "type": "uses" }, - { - "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "3dd58c80-4c2e-458c-9503-1b2cd273c4d2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "c0efbaae-9e7d-4716-a92d-68373aac7424", @@ -15890,7 +15890,7 @@ }, "related": [ { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15904,14 +15904,14 @@ "type": "uses" }, { - "dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b", + "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15953,6 +15953,13 @@ ] }, "related": [ + { + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "1d07212e-6292-40a4-a5e9-30aef83b6207", "tags": [ @@ -15961,14 +15968,7 @@ "type": "similar" }, { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -15982,35 +15982,7 @@ "type": "uses" }, { - "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -16024,7 +15996,35 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -16037,6 +16037,20 @@ ], "type": "uses" }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ @@ -16045,21 +16059,7 @@ "type": "uses" }, { - "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -16098,6 +16098,13 @@ ], "type": "uses" }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ @@ -16111,13 +16118,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "1cdbbcab-903a-414d-8eb0-439a97343737", @@ -16140,14 +16140,7 @@ }, "related": [ { - "dest-uuid": "d0613359-5781-4fd2-b5be-c269270be1f6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -16161,35 +16154,7 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "544b0346-29ad-41e1-a808-501bb4193f47", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", + "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -16203,7 +16168,7 @@ "type": "uses" }, { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "dest-uuid": "544b0346-29ad-41e1-a808-501bb4193f47", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -16222,6 +16187,41 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "d0613359-5781-4fd2-b5be-c269270be1f6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "d3105fb5-c494-4fd1-a7be-414eab9e0c96", @@ -16244,14 +16244,7 @@ }, "related": [ { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -16265,28 +16258,14 @@ "type": "uses" }, { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -16299,6 +16278,34 @@ ], "type": "uses" }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ @@ -16307,14 +16314,7 @@ "type": "uses" }, { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -16333,8 +16333,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0360", - "https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html", - "https://unit42.paloaltonetworks.com/unit42-oilrig-uses-updated-bondupdater-target-middle-eastern-government/" + "https://unit42.paloaltonetworks.com/unit42-oilrig-uses-updated-bondupdater-target-middle-eastern-government/", + "https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html" ], "synonyms": [ "BONDUPDATER" @@ -16342,14 +16342,7 @@ }, "related": [ { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -16363,7 +16356,14 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -16377,14 +16377,14 @@ "type": "uses" }, { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -16418,7 +16418,14 @@ "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -16432,14 +16439,7 @@ "type": "uses" }, { - "dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -16465,8 +16465,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0063", - "https://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-wolf-adobe-flash-zero-day.html", - "https://www.fireeye.com/blog/threat-research/2014/06/clandestine-fox-part-deux.html" + "https://www.fireeye.com/blog/threat-research/2014/06/clandestine-fox-part-deux.html", + "https://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-wolf-adobe-flash-zero-day.html" ], "synonyms": [ "SHOTPUT", @@ -16475,6 +16475,13 @@ ] }, "related": [ + { + "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "4859330d-c6a5-4b9c-b45b-536ec983cd4a", "tags": [ @@ -16510,13 +16517,6 @@ ], "type": "uses" }, - { - "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ @@ -16545,63 +16545,7 @@ }, "related": [ { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -16615,21 +16559,7 @@ "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -16648,6 +16578,76 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "22b17791-45bf-45c0-9322-ff1a0af5cf2b", @@ -16664,8 +16664,8 @@ "https://attack.mitre.org/software/S0603", "https://us-cert.cisa.gov/ics/advisories/ICSA-10-272-01", "https://www.esetnod32.ru/company/viruslab/analytics/doc/Stuxnet_Under_the_Microscope.pdf", - "https://www.wired.com/images_blogs/threatlevel/2010/11/w32_stuxnet_dossier.pdf ", - "https://www.langner.com/wp-content/uploads/2017/03/to-kill-a-centrifuge.pdf" + "https://www.langner.com/wp-content/uploads/2017/03/to-kill-a-centrifuge.pdf", + "https://www.wired.com/images_blogs/threatlevel/2010/11/w32_stuxnet_dossier.pdf " ], "synonyms": [ "Stuxnet", @@ -16674,7 +16674,21 @@ }, "related": [ { - "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -16688,7 +16702,14 @@ "type": "uses" }, { - "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", + "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -16702,42 +16723,21 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "246fd3c7-f5e3-466d-8787-4c13d9e3b61c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", + "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -16757,34 +16757,6 @@ ], "type": "uses" }, - { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "246fd3c7-f5e3-466d-8787-4c13d9e3b61c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", "tags": [ @@ -16793,133 +16765,14 @@ "type": "uses" }, { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f9e9365a-9ca2-4d9c-8e7c-050d73d1101a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "86850eff-2729-40c3-b85e-c4af26da4a2d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "54a649ff-439a-41a4-9856-8d144a2551ba", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -16933,42 +16786,28 @@ "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "853c4192-4311-43e1-bfbb-b11b14911852", + "dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6151cbea-819b-455a-9fa6-99a1cc58797d", + "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -16982,7 +16821,168 @@ "type": "uses" }, { - "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", + "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "54a649ff-439a-41a4-9856-8d144a2551ba", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6151cbea-819b-455a-9fa6-99a1cc58797d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "853c4192-4311-43e1-bfbb-b11b14911852", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "86850eff-2729-40c3-b85e-c4af26da4a2d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f9e9365a-9ca2-4d9c-8e7c-050d73d1101a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -17001,8 +17001,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0037", - "https://www2.fireeye.com/rs/848-DID-242/images/rpt-apt29-hammertoss.pdf", - "https://www.f-secure.com/documents/996508/1030745/dukes_whitepaper.pdf" + "https://www.f-secure.com/documents/996508/1030745/dukes_whitepaper.pdf", + "https://www2.fireeye.com/rs/848-DID-242/images/rpt-apt29-hammertoss.pdf" ], "synonyms": [ "HAMMERTOSS", @@ -17019,7 +17019,7 @@ "type": "uses" }, { - "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -17032,20 +17032,6 @@ ], "type": "uses" }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "eec23884-3fa1-4d8a-ac50-6f104d51e235", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", "tags": [ @@ -17053,12 +17039,26 @@ ], "type": "uses" }, + { + "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "eec23884-3fa1-4d8a-ac50-6f104d51e235", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "2daa14d6-cbf3-4308-bb8e-213c324a08e4", @@ -17101,10 +17101,10 @@ ], "refs": [ "https://attack.mitre.org/software/S0370", - "https://www.us-cert.gov/ncas/alerts/AA18-337A", "https://blog.talosintelligence.com/2018/01/samsam-evolution-continues-netting-over.html", "https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/SamSam-ransomware-chooses-Its-targets-carefully-wpna.pdf", - "https://www.symantec.com/blogs/threat-intelligence/samsam-targeted-ransomware-attacks" + "https://www.symantec.com/blogs/threat-intelligence/samsam-targeted-ransomware-attacks", + "https://www.us-cert.gov/ncas/alerts/AA18-337A" ], "synonyms": [ "SamSam", @@ -17113,7 +17113,7 @@ }, "related": [ { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -17141,7 +17141,7 @@ "type": "uses" }, { - "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -17160,8 +17160,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0380", - "https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html", - "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07180722/Report_Shamoon_StoneDrill_final.pdf" + "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07180722/Report_Shamoon_StoneDrill_final.pdf", + "https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html" ], "synonyms": [ "StoneDrill", @@ -17170,7 +17170,14 @@ }, "related": [ { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -17190,34 +17197,6 @@ ], "type": "uses" }, - { - "dest-uuid": "82caa33e-d11a-433a-94ea-9b5a5fbef81d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "fb640c43-aa6b-431e-a961-a279010424ac", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", "tags": [ @@ -17226,7 +17205,14 @@ "type": "uses" }, { - "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", + "dest-uuid": "82caa33e-d11a-433a-94ea-9b5a5fbef81d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -17246,6 +17232,13 @@ ], "type": "uses" }, + { + "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ @@ -17253,6 +17246,13 @@ ], "type": "uses" }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ @@ -17261,14 +17261,14 @@ "type": "uses" }, { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "dest-uuid": "fb640c43-aa6b-431e-a961-a279010424ac", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -17294,13 +17294,6 @@ ] }, "related": [ - { - "dest-uuid": "809b54c3-dd6a-4ec9-8c3a-a27b9baa6732", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ @@ -17315,34 +17308,6 @@ ], "type": "uses" }, - { - "dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b", "tags": [ @@ -17350,83 +17315,6 @@ ], "type": "uses" }, - { - "dest-uuid": "eec23884-3fa1-4d8a-ac50-6f104d51e235", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ @@ -17434,6 +17322,69 @@ ], "type": "uses" }, + { + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "tags": [ @@ -17442,7 +17393,21 @@ "type": "uses" }, { - "dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48", + "dest-uuid": "809b54c3-dd6a-4ec9-8c3a-a27b9baa6732", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -17456,7 +17421,42 @@ "type": "uses" }, { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "eec23884-3fa1-4d8a-ac50-6f104d51e235", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -17483,21 +17483,7 @@ }, "related": [ { - "dest-uuid": "d1597713-fe7a-45bd-8b59-1a13c7e097d8", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -17511,21 +17497,14 @@ "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -17538,20 +17517,6 @@ ], "type": "uses" }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ @@ -17559,6 +17524,27 @@ ], "type": "uses" }, + { + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1597713-fe7a-45bd-8b59-1a13c7e097d8", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ @@ -17567,7 +17553,21 @@ "type": "uses" }, { - "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -17585,15 +17585,22 @@ "Android" ], "refs": [ + "http://www.bankinfosecurity.com/did-chinese-spyware-linger-in-us-phones-a-9534", "https://attack.mitre.org/software/S0309", - "https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html", - "http://www.bankinfosecurity.com/did-chinese-spyware-linger-in-us-phones-a-9534" + "https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html" ], "synonyms": [ "Adups" ] }, "related": [ + { + "dest-uuid": "0d95940f-9583-4e0f-824c-a42c1be47fad", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", "tags": [ @@ -17601,6 +17608,13 @@ ], "type": "uses" }, + { + "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", "tags": [ @@ -17614,20 +17628,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0d95940f-9583-4e0f-824c-a42c1be47fad", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "f6ac21b6-2592-400c-8472-10d0e2f1bfaf", @@ -17648,7 +17648,7 @@ }, "related": [ { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -17661,13 +17661,6 @@ ], "type": "uses" }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ @@ -17676,14 +17669,7 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -17702,6 +17688,20 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "8fc6c9e7-a162-4ca4-a488-f1819e9a7b06", @@ -17715,14 +17715,14 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0044", - "https://securelist.com/sofacy-apt-hits-high-profile-targets-with-updated-toolset/72924/", - "https://labsblog.f-secure.com/2015/09/08/sofacy-recycles-carberp-and-metasploit-code/", "http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part1.pdf", - "https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf", - "https://www.symantec.com/blogs/election-security/apt28-espionage-military-government", + "https://attack.mitre.org/software/S0044", "https://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.html", - "https://researchcenter.paloaltonetworks.com/2018/02/unit42-sofacy-attacks-multiple-government-entities/" + "https://labsblog.f-secure.com/2015/09/08/sofacy-recycles-carberp-and-metasploit-code/", + "https://researchcenter.paloaltonetworks.com/2018/02/unit42-sofacy-attacks-multiple-government-entities/", + "https://securelist.com/sofacy-apt-hits-high-profile-targets-with-updated-toolset/72924/", + "https://www.symantec.com/blogs/election-security/apt28-espionage-military-government", + "https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf" ], "synonyms": [ "JHUHUGIT", @@ -17735,41 +17735,6 @@ ] }, "related": [ - { - "dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "1de47f51-1f20-403b-a2e1-5eaabe275faa", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "3948ce95-468e-4ce1-82b1-57439c6d6afd", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "d26b5518-8d7f-41a6-b539-231e4962853e", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "6bd20349-1231-4aaa-ba2a-f4b09d3b344c", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ @@ -17784,69 +17749,6 @@ ], "type": "uses" }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bc0f5e80-91c0-4e04-9fbb-e4e332c85dae", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ @@ -17855,21 +17757,21 @@ "type": "uses" }, { - "dest-uuid": "eb125d40-0b2d-41ac-a71a-3229241c2cd3", + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "1de47f51-1f20-403b-a2e1-5eaabe275faa", "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" + "estimative-language:likelihood-probability=\"likely\"" ], - "type": "uses" + "type": "similar" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -17883,7 +17785,42 @@ "type": "uses" }, { - "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3948ce95-468e-4ce1-82b1-57439c6d6afd", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6bd20349-1231-4aaa-ba2a-f4b09d3b344c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -17896,6 +17833,13 @@ ], "type": "uses" }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", "tags": [ @@ -17904,7 +17848,63 @@ "type": "uses" }, { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bc0f5e80-91c0-4e04-9fbb-e4e332c85dae", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d26b5518-8d7f-41a6-b539-231e4962853e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "eb125d40-0b2d-41ac-a71a-3229241c2cd3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -17938,7 +17938,14 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -17951,13 +17958,6 @@ ], "type": "uses" }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ @@ -17966,7 +17966,7 @@ "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -17991,9 +17991,9 @@ "Windows" ], "refs": [ + "http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf", "https://attack.mitre.org/software/S0045", - "https://securelist.com/sofacy-apt-hits-high-profile-targets-with-updated-toolset/72924/", - "http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf" + "https://securelist.com/sofacy-apt-hits-high-profile-targets-with-updated-toolset/72924/" ], "synonyms": [ "ADVSTORESHELL", @@ -18004,153 +18004,6 @@ ] }, "related": [ - { - "dest-uuid": "6374fc53-9a0d-41ba-b9cf-2a9765d69fbb", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "21ab9e14-602a-4a76-a308-dbf5d6a91d75", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bc0f5e80-91c0-4e04-9fbb-e4e332c85dae", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4eeaf8a9-c86b-4954-a663-9555fb406466", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ @@ -18158,13 +18011,6 @@ ], "type": "uses" }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ @@ -18172,6 +18018,13 @@ ], "type": "uses" }, + { + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b", "tags": [ @@ -18179,12 +18032,159 @@ ], "type": "uses" }, + { + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "21ab9e14-602a-4a76-a308-dbf5d6a91d75", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4eeaf8a9-c86b-4954-a663-9555fb406466", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6374fc53-9a0d-41ba-b9cf-2a9765d69fbb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bc0f5e80-91c0-4e04-9fbb-e4e332c85dae", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "fb575479-14ef-41e9-bfab-0b7cf10bec73", @@ -18208,35 +18208,7 @@ }, "related": [ { - "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3b936a4-6321-4172-9114-038a866362ec", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b327a9c0-e709-495c-aa6e-00b042136e2b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", + "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -18250,7 +18222,14 @@ "type": "uses" }, { - "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -18264,7 +18243,28 @@ "type": "uses" }, { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b327a9c0-e709-495c-aa6e-00b042136e2b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -18278,14 +18278,14 @@ "type": "uses" }, { - "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", + "dest-uuid": "e3b936a4-6321-4172-9114-038a866362ec", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -18305,8 +18305,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0504", - "https://www.cybereason.com/blog/dropping-anchor-from-a-trickbot-infection-to-the-discovery-of-the-anchor-malware", - "https://medium.com/stage-2-security/anchor-dns-malware-family-goes-cross-platform-d807ba13ca30" + "https://medium.com/stage-2-security/anchor-dns-malware-family-goes-cross-platform-d807ba13ca30", + "https://www.cybereason.com/blog/dropping-anchor-from-a-trickbot-infection-to-the-discovery-of-the-anchor-malware" ], "synonyms": [ "Anchor", @@ -18314,27 +18314,6 @@ ] }, "related": [ - { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ @@ -18342,62 +18321,6 @@ ], "type": "uses" }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f2857333-11d4-45bf-b064-2c28d8525be5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", "tags": [ @@ -18405,41 +18328,6 @@ ], "type": "uses" }, - { - "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "853c4192-4311-43e1-bfbb-b11b14911852", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ @@ -18453,30 +18341,84 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - } - ], - "uuid": "5f1d4579-4e8f-48e7-860e-2da773ae432e", - "value": "Anchor - S0504" - }, - { - "description": "[CloudDuke](https://attack.mitre.org/software/S0054) is malware that was used by [APT29](https://attack.mitre.org/groups/G0016) in 2015. (Citation: F-Secure The Dukes) (Citation: Securelist Minidionis July 2015)", - "meta": { - "external_id": "S0054", - "mitre_platforms": [ - "Windows" - ], - "refs": [ - "https://attack.mitre.org/software/S0054", - "https://www.f-secure.com/documents/996508/1030745/dukes_whitepaper.pdf", - "https://securelist.com/minidionis-one-more-apt-with-a-usage-of-cloud-drives/71443/" - ], - "synonyms": [ - "CloudDuke", - "MiniDionis", - "CloudLook" - ] - }, - "related": [ + }, + { + "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "853c4192-4311-43e1-bfbb-b11b14911852", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ @@ -18491,12 +18433,70 @@ ], "type": "uses" }, + { + "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f2857333-11d4-45bf-b064-2c28d8525be5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], + "uuid": "5f1d4579-4e8f-48e7-860e-2da773ae432e", + "value": "Anchor - S0504" + }, + { + "description": "[CloudDuke](https://attack.mitre.org/software/S0054) is malware that was used by [APT29](https://attack.mitre.org/groups/G0016) in 2015. (Citation: F-Secure The Dukes) (Citation: Securelist Minidionis July 2015)", + "meta": { + "external_id": "S0054", + "mitre_platforms": [ + "Windows" + ], + "refs": [ + "https://attack.mitre.org/software/S0054", + "https://securelist.com/minidionis-one-more-apt-with-a-usage-of-cloud-drives/71443/", + "https://www.f-secure.com/documents/996508/1030745/dukes_whitepaper.pdf" + ], + "synonyms": [ + "CloudDuke", + "MiniDionis", + "CloudLook" + ] + }, + "related": [ { "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "cbf646f1-7db5-4dc6-808b-0094313949df", @@ -18520,13 +18520,6 @@ ] }, "related": [ - { - "dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", "tags": [ @@ -18534,104 +18527,6 @@ ], "type": "uses" }, - { - "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "702055ac-4e54-4ae9-9527-e23a38e0b160", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "73c26732-6422-4081-8b63-6d0ae93d449e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "62adb627-f647-498e-b4cc-41499361bacb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "948a447c-d783-4ba0-8516-a64140fcacd5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e4c347e9-fb91-4bc5-83b8-391e389131e2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "351c0927-2fc1-4a2c-ad84-cbbee7eb8172", "tags": [ @@ -18640,7 +18535,91 @@ "type": "uses" }, { - "dest-uuid": "e3b936a4-6321-4172-9114-038a866362ec", + "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "62adb627-f647-498e-b4cc-41499361bacb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "702055ac-4e54-4ae9-9527-e23a38e0b160", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "73c26732-6422-4081-8b63-6d0ae93d449e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "948a447c-d783-4ba0-8516-a64140fcacd5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -18652,6 +18631,27 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e3b936a4-6321-4172-9114-038a866362ec", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e4c347e9-fb91-4bc5-83b8-391e389131e2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "3049b2f2-e323-4cdb-91cb-13b37b904cbb", @@ -18665,78 +18665,15 @@ "Windows" ], "refs": [ + "https://arxiv.org/pdf/2102.04796.pdf", "https://attack.mitre.org/software/S0640", - "https://awakesecurity.com/blog/threat-hunting-for-avaddon-ransomware/", - "https://arxiv.org/pdf/2102.04796.pdf" + "https://awakesecurity.com/blog/threat-hunting-for-avaddon-ransomware/" ], "synonyms": [ "Avaddon" ] }, "related": [ - { - "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ @@ -18744,27 +18681,6 @@ ], "type": "uses" }, - { - "dest-uuid": "c1b68a96-3c48-49ea-a6c0-9b27359f9c19", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "tags": [ @@ -18773,7 +18689,42 @@ "type": "uses" }, { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -18787,7 +18738,56 @@ "type": "uses" }, { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c1b68a96-3c48-49ea-a6c0-9b27359f9c19", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -18817,6 +18817,13 @@ ] }, "related": [ + { + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ @@ -18824,34 +18831,6 @@ ], "type": "uses" }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", "tags": [ @@ -18867,28 +18846,7 @@ "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "82caa33e-d11a-433a-94ea-9b5a5fbef81d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -18902,7 +18860,7 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "82caa33e-d11a-433a-94ea-9b5a5fbef81d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -18914,6 +18872,48 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "e6ef745b-077f-42e1-a37d-29eecff9c754", @@ -18935,13 +18935,6 @@ ] }, "related": [ - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ @@ -18950,7 +18943,7 @@ "type": "uses" }, { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -18962,6 +18955,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "3cab1b76-2f40-4cd0-8d2c-7ed16eeb909c", @@ -18983,41 +18983,6 @@ ] }, "related": [ - { - "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", "tags": [ @@ -19033,21 +18998,14 @@ "type": "uses" }, { - "dest-uuid": "b3c2e5de-0941-4b57-ba61-af029eb5517a", + "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "a8c31121-852b-46bd-9ba4-674ae5afe7ad", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -19061,7 +19019,21 @@ "type": "uses" }, { - "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "dest-uuid": "a8c31121-852b-46bd-9ba4-674ae5afe7ad", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3c2e5de-0941-4b57-ba61-af029eb5517a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -19074,6 +19046,34 @@ ], "type": "uses" }, + { + "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "fd658820-cbba-4c95-8ac9-0fac6b1099e2", "tags": [ @@ -19094,9 +19094,9 @@ ], "refs": [ "https://attack.mitre.org/software/S0604", - "https://www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdf ", "https://dragos.com/blog/crashoverride/CrashOverride-01.pdf ", - "https://www.dragos.com/wp-content/uploads/CRASHOVERRIDE2018.pdf " + "https://www.dragos.com/wp-content/uploads/CRASHOVERRIDE2018.pdf ", + "https://www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdf " ], "synonyms": [ "Industroyer", @@ -19106,21 +19106,7 @@ }, "related": [ { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -19134,28 +19120,7 @@ "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "dest-uuid": "2bee5ffb-7a7a-4119-b1f2-158151b19ac0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -19169,7 +19134,84 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "960c3c86-1480-4d72-b4e0-8c242e84a5c5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -19190,49 +19232,7 @@ "type": "uses" }, { - "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "960c3c86-1480-4d72-b4e0-8c242e84a5c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2bee5ffb-7a7a-4119-b1f2-158151b19ac0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -19258,6 +19258,13 @@ ] }, "related": [ + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ @@ -19265,6 +19272,13 @@ ], "type": "uses" }, + { + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", "tags": [ @@ -19272,20 +19286,6 @@ ], "type": "uses" }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ @@ -19294,14 +19294,14 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -19327,104 +19327,6 @@ ] }, "related": [ - { - "dest-uuid": "3b0b604f-10db-41a0-b54c-493124d455b9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c5089859-b21f-40a3-8be4-63e381b8b1c0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "62adb627-f647-498e-b4cc-41499361bacb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3c2e5de-0941-4b57-ba61-af029eb5517a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9d7c32f4-ab39-49dc-8055-8106bc2294a1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8e27551a-5080-4148-a584-c64348212e4f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e4c347e9-fb91-4bc5-83b8-391e389131e2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", "tags": [ @@ -19432,34 +19334,6 @@ ], "type": "uses" }, - { - "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "73c26732-6422-4081-8b63-6d0ae93d449e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a8c31121-852b-46bd-9ba4-674ae5afe7ad", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "2bb20118-e6c0-41dc-a07c-283ea4dd0fb8", "tags": [ @@ -19474,12 +19348,138 @@ ], "type": "uses" }, + { + "dest-uuid": "3b0b604f-10db-41a0-b54c-493124d455b9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "62adb627-f647-498e-b4cc-41499361bacb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "73c26732-6422-4081-8b63-6d0ae93d449e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8e27551a-5080-4148-a584-c64348212e4f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9d7c32f4-ab39-49dc-8055-8106bc2294a1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a8c31121-852b-46bd-9ba4-674ae5afe7ad", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3c2e5de-0941-4b57-ba61-af029eb5517a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c5089859-b21f-40a3-8be4-63e381b8b1c0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "ccde43e4-78f9-4f32-b401-c081e7db71ea", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e4c347e9-fb91-4bc5-83b8-391e389131e2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65", @@ -19493,8 +19493,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0074", - "http://www.secureworks.com/cyber-threat-intelligence/threats/sakula-malware-family/" + "http://www.secureworks.com/cyber-threat-intelligence/threats/sakula-malware-family/", + "https://attack.mitre.org/software/S0074" ], "synonyms": [ "Sakula", @@ -19503,48 +19503,6 @@ ] }, "related": [ - { - "dest-uuid": "3eca2d5f-41bf-4ad4-847f-df18befcdc44", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "f6c137f0-979c-4ce2-a0e5-2a080a5a1746", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "e88eb9b1-dc8b-4696-8dcf-0c29924d0f8b", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ @@ -19566,13 +19524,6 @@ ], "type": "uses" }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ @@ -19580,6 +19531,13 @@ ], "type": "uses" }, + { + "dest-uuid": "3eca2d5f-41bf-4ad4-847f-df18befcdc44", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ @@ -19587,6 +19545,27 @@ ], "type": "uses" }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ @@ -19594,12 +19573,33 @@ ], "type": "uses" }, + { + "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e88eb9b1-dc8b-4696-8dcf-0c29924d0f8b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f6c137f0-979c-4ce2-a0e5-2a080a5a1746", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "96b08451-b27a-4ff6-893f-790e26393a8e", @@ -19622,35 +19622,7 @@ }, "related": [ { - "dest-uuid": "786f488c-cb1f-4602-89c5-86d982ee326b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "fd658820-cbba-4c95-8ac9-0fac6b1099e2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a8c31121-852b-46bd-9ba4-674ae5afe7ad", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", + "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -19664,56 +19636,7 @@ "type": "uses" }, { - "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cde2cb84-455e-410c-8aa9-086f2788bcd2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1f1337e-aea7-454c-86bd-482a98ffaf62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8c7862ff-3449-4ac6-b0fd-ac1298a822a5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", + "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -19733,6 +19656,27 @@ ], "type": "uses" }, + { + "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "786f488c-cb1f-4602-89c5-86d982ee326b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8c7862ff-3449-4ac6-b0fd-ac1298a822a5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "948a447c-d783-4ba0-8516-a64140fcacd5", "tags": [ @@ -19740,6 +19684,20 @@ ], "type": "uses" }, + { + "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a8c31121-852b-46bd-9ba4-674ae5afe7ad", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", "tags": [ @@ -19753,6 +19711,48 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "cde2cb84-455e-410c-8aa9-086f2788bcd2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1f1337e-aea7-454c-86bd-482a98ffaf62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "fd658820-cbba-4c95-8ac9-0fac6b1099e2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "037f44f0-0c07-4c7f-b40e-0325b5b228a9", @@ -19774,27 +19774,6 @@ ] }, "related": [ - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", "tags": [ @@ -19809,6 +19788,20 @@ ], "type": "uses" }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", "tags": [ @@ -19816,6 +19809,13 @@ ], "type": "uses" }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ @@ -19843,13 +19843,6 @@ ] }, "related": [ - { - "dest-uuid": "6a28a648-30c0-4d1d-bd67-81a8dc6486ba", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", "tags": [ @@ -19864,6 +19857,13 @@ ], "type": "uses" }, + { + "dest-uuid": "6a28a648-30c0-4d1d-bd67-81a8dc6486ba", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ @@ -19905,9 +19905,9 @@ ], "refs": [ "https://attack.mitre.org/software/S0409", - "https://www.welivesecurity.com/wp-content/uploads/2019/08/ESET_Machete.pdf", + "https://blog.360totalsecurity.com/en/apt-c-43-steals-venezuelan-military-secrets-to-provide-intelligence-support-for-the-reactionaries-hpreact-campaign/", "https://securelist.com/el-machete/66108/", - "https://blog.360totalsecurity.com/en/apt-c-43-steals-venezuelan-military-secrets-to-provide-intelligence-support-for-the-reactionaries-hpreact-campaign/" + "https://www.welivesecurity.com/wp-content/uploads/2019/08/ESET_Machete.pdf" ], "synonyms": [ "Machete", @@ -19915,69 +19915,6 @@ ] }, "related": [ - { - "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a3e1e6c5-9c74-4fc0-a16c-a9d228c17829", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ @@ -19985,76 +19922,6 @@ ], "type": "uses" }, - { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ @@ -20063,14 +19930,14 @@ "type": "uses" }, { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -20083,6 +19950,27 @@ ], "type": "uses" }, + { + "dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ @@ -20091,56 +19979,7 @@ "type": "uses" }, { - "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9a60a291-8960-4387-8a4a-2ab5c18bb50b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -20154,21 +19993,35 @@ "type": "uses" }, { - "dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b", + "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -20181,6 +20034,20 @@ ], "type": "uses" }, + { + "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "5e4a2073-9643-44cb-a0b5-e7f4048446c7", "tags": [ @@ -20188,6 +20055,76 @@ ], "type": "uses" }, + { + "dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9a60a291-8960-4387-8a4a-2ab5c18bb50b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ @@ -20195,12 +20132,75 @@ ], "type": "uses" }, + { + "dest-uuid": "a3e1e6c5-9c74-4fc0-a16c-a9d228c17829", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "35cd1d01-1ede-44d2-b073-a264d727bc04", @@ -20223,63 +20223,14 @@ }, "related": [ { - "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", + "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cf28ca46-1fd3-46b4-b1f6-ec0b72361848", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", + "dest-uuid": "351c0927-2fc1-4a2c-ad84-cbbee7eb8172", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -20293,21 +20244,21 @@ "type": "uses" }, { - "dest-uuid": "8e27551a-5080-4148-a584-c64348212e4f", + "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", + "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "fd658820-cbba-4c95-8ac9-0fac6b1099e2", + "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -20320,6 +20271,27 @@ ], "type": "uses" }, + { + "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8e27551a-5080-4148-a584-c64348212e4f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "c5089859-b21f-40a3-8be4-63e381b8b1c0", "tags": [ @@ -20328,7 +20300,14 @@ "type": "uses" }, { - "dest-uuid": "351c0927-2fc1-4a2c-ad84-cbbee7eb8172", + "dest-uuid": "cf28ca46-1fd3-46b4-b1f6-ec0b72361848", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -20347,6 +20326,27 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "fd658820-cbba-4c95-8ac9-0fac6b1099e2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "3d6c4389-3489-40a3-beda-c56e650b6f68", @@ -20360,8 +20360,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0055", - "http://blog.trendmicro.com/trendlabs-security-intelligence/rarstone-found-in-targeted-attacks/" + "http://blog.trendmicro.com/trendlabs-security-intelligence/rarstone-found-in-targeted-attacks/", + "https://attack.mitre.org/software/S0055" ], "synonyms": [ "RARSTONE" @@ -20376,7 +20376,7 @@ "type": "similar" }, { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -20397,7 +20397,7 @@ "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -20425,7 +20425,7 @@ }, "related": [ { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -20438,20 +20438,6 @@ ], "type": "uses" }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ @@ -20465,6 +20451,20 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "32f49626-87f4-4d6c-8f59-a0dca953fe26", @@ -20479,8 +20479,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0605", - "https://www.dragos.com/blog/industry-news/ekans-ransomware-and-ics-operations/", "https://unit42.paloaltonetworks.com/threat-assessment-ekans-ransomware/", + "https://www.dragos.com/blog/industry-news/ekans-ransomware-and-ics-operations/", "https://www.fireeye.com/blog/threat-research/2020/02/ransomware-against-machine-learning-to-disrupt-industrial-production.html" ], "synonyms": [ @@ -20489,20 +20489,6 @@ ] }, "related": [ - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ @@ -20518,7 +20504,21 @@ "type": "uses" }, { - "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", + "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -20531,13 +20531,6 @@ ], "type": "uses" }, - { - "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ @@ -20546,7 +20539,14 @@ "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -20573,28 +20573,7 @@ }, "related": [ { - "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", + "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -20608,14 +20587,14 @@ "type": "uses" }, { - "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", + "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -20629,14 +20608,14 @@ "type": "uses" }, { - "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", + "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e4c347e9-fb91-4bc5-83b8-391e389131e2", + "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -20650,7 +20629,14 @@ "type": "uses" }, { - "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", + "dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -20662,6 +20648,20 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e4c347e9-fb91-4bc5-83b8-391e389131e2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "f666e17c-b290-43b3-8947-b96bd5148fbb", @@ -20676,10 +20676,10 @@ ], "refs": [ "https://attack.mitre.org/software/S0650", - "https://success.trendmicro.com/solution/000283381", + "https://cybersecurity.att.com/blogs/labs-research/the-rise-of-qakbot", "https://redcanary.com/threat-detection-report/threats/qbot/", "https://securelist.com/qakbot-technical-analysis/103931/", - "https://cybersecurity.att.com/blogs/labs-research/the-rise-of-qakbot" + "https://success.trendmicro.com/solution/000283381" ], "synonyms": [ "QakBot", @@ -20689,69 +20689,6 @@ ] }, "related": [ - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1e9eb839-294b-48cc-b0d3-c45555a2a004", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ @@ -20760,21 +20697,49 @@ "type": "uses" }, { - "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "b0533c6e-8fea-4788-874f-b799cacc4b92", + "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "10ffac09-e42d-4f56-ab20-db94c67d76ff", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -20788,7 +20753,133 @@ "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "132d5b37-aac5-4378-a8dc-3127b18a73dc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1e9eb839-294b-48cc-b0d3-c45555a2a004", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -20802,14 +20893,105 @@ "type": "uses" }, { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", + "dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "544b0346-29ad-41e1-a808-501bb4193f47", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "767dbf9e-df3f-45cb-8998-4903ab5f80c0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -20830,210 +21012,7 @@ "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "132d5b37-aac5-4378-a8dc-3127b18a73dc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "767dbf9e-df3f-45cb-8998-4903ab5f80c0", + "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -21047,14 +21026,7 @@ "type": "uses" }, { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "dest-uuid": "b0533c6e-8fea-4788-874f-b799cacc4b92", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -21068,70 +21040,98 @@ "type": "uses" }, { - "dest-uuid": "544b0346-29ad-41e1-a808-501bb4193f47", + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "10ffac09-e42d-4f56-ab20-db94c67d76ff", + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -21159,6 +21159,20 @@ ] }, "related": [ + { + "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ @@ -21166,34 +21180,6 @@ ], "type": "uses" }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "853c4192-4311-43e1-bfbb-b11b14911852", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", "tags": [ @@ -21208,13 +21194,6 @@ ], "type": "uses" }, - { - "dest-uuid": "86850eff-2729-40c3-b85e-c4af26da4a2d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "34e793de-0274-4982-9c1a-246ed1c19dee", "tags": [ @@ -21223,7 +21202,35 @@ "type": "uses" }, { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "853c4192-4311-43e1-bfbb-b11b14911852", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "86850eff-2729-40c3-b85e-c4af26da4a2d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -21244,7 +21251,21 @@ "type": "uses" }, { - "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", + "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -21258,28 +21279,7 @@ "type": "uses" }, { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -21313,6 +21313,13 @@ ], "type": "uses" }, + { + "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", "tags": [ @@ -21320,27 +21327,6 @@ ], "type": "uses" }, - { - "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", "tags": [ @@ -21348,20 +21334,6 @@ ], "type": "uses" }, - { - "dest-uuid": "8197f026-64da-4700-93b9-b55ba55f3b31", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", "tags": [ @@ -21370,7 +21342,28 @@ "type": "uses" }, { - "dest-uuid": "ed2c05a1-4f81-4d97-9e1b-aff01c34ae84", + "dest-uuid": "8197f026-64da-4700-93b9-b55ba55f3b31", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -21382,6 +21375,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "ed2c05a1-4f81-4d97-9e1b-aff01c34ae84", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "680f680c-eef9-4f8a-b5f5-f451bf47e403", @@ -21410,20 +21410,6 @@ ], "type": "similar" }, - { - "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ @@ -21431,6 +21417,13 @@ ], "type": "uses" }, + { + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ @@ -21438,13 +21431,6 @@ ], "type": "uses" }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ @@ -21453,7 +21439,14 @@ "type": "uses" }, { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -21472,6 +21465,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421", @@ -21486,10 +21486,10 @@ ], "refs": [ "https://attack.mitre.org/software/S0508", - "https://www.zdnet.com/article/sly-malware-author-hides-cryptomining-botnet-behind-ever-shifting-proxy-service/", "https://cyware.com/news/cyber-attackers-leverage-tunneling-service-to-drop-lokibot-onto-victims-systems-6f610e44", + "https://www.fireeye.com/blog/threat-research/2020/05/tactics-techniques-procedures-associated-with-maze-ransomware-incidents.html", "https://www.malwarebytes.com/resources/files/2021/02/lazyscripter.pdf", - "https://www.fireeye.com/blog/threat-research/2020/05/tactics-techniques-procedures-associated-with-maze-ransomware-incidents.html" + "https://www.zdnet.com/article/sly-malware-author-hides-cryptomining-botnet-behind-ever-shifting-proxy-service/" ], "synonyms": [ "Ngrok" @@ -21497,7 +21497,14 @@ }, "related": [ { - "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", + "dest-uuid": "118f61a5-eb3e-4fb6-931f-2096647f4ecd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "40597f16-0963-4249-bf4c-ac93b7fb9807", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -21510,26 +21517,19 @@ ], "type": "uses" }, + { + "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "118f61a5-eb3e-4fb6-931f-2096647f4ecd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "40597f16-0963-4249-bf4c-ac93b7fb9807", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "911fe4c3-444d-4e92-83b8-cc761ac5fd3b", @@ -21552,35 +21552,7 @@ }, "related": [ { - "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b327a9c0-e709-495c-aa6e-00b042136e2b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "702055ac-4e54-4ae9-9527-e23a38e0b160", + "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -21594,14 +21566,42 @@ "type": "uses" }, { - "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", + "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "702055ac-4e54-4ae9-9527-e23a38e0b160", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "786f488c-cb1f-4602-89c5-86d982ee326b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b327a9c0-e709-495c-aa6e-00b042136e2b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -21615,7 +21615,14 @@ "type": "uses" }, { - "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", + "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -21635,26 +21642,19 @@ ], "type": "uses" }, + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "fd658820-cbba-4c95-8ac9-0fac6b1099e2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "786f488c-cb1f-4602-89c5-86d982ee326b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "838f647e-8ff8-48bd-bbd5-613cee7736cb", @@ -21677,11 +21677,11 @@ }, "related": [ { - "dest-uuid": "6a100902-7204-4f20-b838-545ed86d4428", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ - "estimative-language:likelihood-probability=\"likely\"" + "estimative-language:likelihood-probability=\"almost-certain\"" ], - "type": "similar" + "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", @@ -21690,6 +21690,13 @@ ], "type": "uses" }, + { + "dest-uuid": "6a100902-7204-4f20-b838-545ed86d4428", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ @@ -21698,14 +21705,7 @@ "type": "uses" }, { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -21719,7 +21719,7 @@ "type": "uses" }, { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -21745,104 +21745,6 @@ ] }, "related": [ - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ @@ -21857,6 +21759,13 @@ ], "type": "uses" }, + { + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", "tags": [ @@ -21865,28 +21774,7 @@ "type": "uses" }, { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -21900,7 +21788,91 @@ "type": "uses" }, { - "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -21913,6 +21885,55 @@ ], "type": "uses" }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", "tags": [ @@ -21927,20 +21948,6 @@ ], "type": "uses" }, - { - "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ @@ -21949,35 +21956,28 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", + "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -22005,27 +22005,6 @@ ] }, "related": [ - { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "01327cde-66c4-4123-bf34-5f258d59457b", "tags": [ @@ -22033,34 +22012,6 @@ ], "type": "uses" }, - { - "dest-uuid": "22905430-4901-4c2a-84f6-98243cb173f8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ @@ -22068,69 +22019,6 @@ ], "type": "uses" }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bc0f5e80-91c0-4e04-9fbb-e4e332c85dae", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", "tags": [ @@ -22138,27 +22026,6 @@ ], "type": "uses" }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", "tags": [ @@ -22167,7 +22034,35 @@ "type": "uses" }, { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "dest-uuid": "22905430-4901-4c2a-84f6-98243cb173f8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -22181,7 +22076,14 @@ "type": "uses" }, { - "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -22194,6 +22096,41 @@ ], "type": "uses" }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ @@ -22207,6 +22144,69 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bc0f5e80-91c0-4e04-9fbb-e4e332c85dae", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "fde19a18-e502-467f-be14-58c71b4e7f4b", @@ -22221,11 +22221,11 @@ "Windows" ], "refs": [ + "http://www.welivesecurity.com/2016/01/03/blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news-media-electric-industry/", "https://attack.mitre.org/software/S0607", "https://www.bleepingcomputer.com/news/security/killdisk-disk-wiping-malware-adds-ransomware-component/", - "http://www.welivesecurity.com/2016/01/03/blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news-media-electric-industry/", - "https://www.trendmicro.com/en_us/research/18/f/new-killdisk-variant-hits-latin-american-financial-organizations-again.html", - "https://www.trendmicro.com/en_us/research/18/a/new-killdisk-variant-hits-financial-organizations-in-latin-america.html" + "https://www.trendmicro.com/en_us/research/18/a/new-killdisk-variant-hits-financial-organizations-in-latin-america.html", + "https://www.trendmicro.com/en_us/research/18/f/new-killdisk-variant-hits-latin-american-financial-organizations-again.html" ], "synonyms": [ "KillDisk", @@ -22237,55 +22237,6 @@ ] }, "related": [ - { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0a5231ec-41af-4a35-83d0-6bdf11f28c65", "tags": [ @@ -22293,34 +22244,6 @@ ], "type": "uses" }, - { - "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0af0ca99-357d-4ba1-805f-674fdfb7bef9", "tags": [ @@ -22328,6 +22251,76 @@ ], "type": "uses" }, + { + "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ @@ -22335,6 +22328,13 @@ ], "type": "uses" }, + { + "dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "ff73aa03-0090-4464-83ac-f89e233c02bc", "tags": [ @@ -22354,8 +22354,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0076", - "http://researchcenter.paloaltonetworks.com/2016/01/scarlet-mimic-years-long-espionage-targets-minority-activists/" + "http://researchcenter.paloaltonetworks.com/2016/01/scarlet-mimic-years-long-espionage-targets-minority-activists/", + "https://attack.mitre.org/software/S0076" ], "synonyms": [ "FakeM" @@ -22363,14 +22363,14 @@ }, "related": [ { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -22402,21 +22402,14 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0067", - "http://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf" + "http://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf", + "https://attack.mitre.org/software/S0067" ], "synonyms": [ "pngdowner" ] }, "related": [ - { - "dest-uuid": "fb4313ea-1fb6-4766-8b5c-b41fd347e4c5", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", "tags": [ @@ -22437,6 +22430,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "fb4313ea-1fb6-4766-8b5c-b41fd347e4c5", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "800bdfba-6d66-480f-9f45-15845c05cb5d", @@ -22451,8 +22451,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0608", - "https://web.archive.org/web/20200125132645/https://www.sans.org/security-resources/malwarefaq/conficker-worm", - "https://news.softpedia.com/news/on-chernobyl-s-30th-anniversary-malware-shuts-down-german-nuclear-power-plant-503429.shtml" + "https://news.softpedia.com/news/on-chernobyl-s-30th-anniversary-malware-shuts-down-german-nuclear-power-plant-503429.shtml", + "https://web.archive.org/web/20200125132645/https://www.sans.org/security-resources/malwarefaq/conficker-worm" ], "synonyms": [ "Conficker", @@ -22462,14 +22462,7 @@ }, "related": [ { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "dest-uuid": "118f61a5-eb3e-4fb6-931f-2096647f4ecd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -22483,21 +22476,7 @@ "type": "uses" }, { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "118f61a5-eb3e-4fb6-931f-2096647f4ecd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -22511,21 +22490,28 @@ "type": "uses" }, { - "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -22539,7 +22525,21 @@ "type": "uses" }, { - "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -22573,7 +22573,42 @@ }, "related": [ { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -22600,34 +22635,6 @@ ], "type": "uses" }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ @@ -22636,14 +22643,7 @@ "type": "uses" }, { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -22670,7 +22670,21 @@ }, "related": [ { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -22691,14 +22705,14 @@ "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "41868330-6ee2-4d0f-b743-9f2294c3c9b6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -22711,33 +22725,19 @@ ], "type": "uses" }, - { - "dest-uuid": "41868330-6ee2-4d0f-b743-9f2294c3c9b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "166c0eca-02fd-424a-92c0-6b5106994d31", @@ -22751,8 +22751,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0068", - "http://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf" + "http://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf", + "https://attack.mitre.org/software/S0068" ], "synonyms": [ "httpclient" @@ -22760,14 +22760,14 @@ }, "related": [ { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -22793,8 +22793,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0069", - "https://www2.fireeye.com/rs/fireye/images/APT17_Report.pdf", - "https://www.fireeye.com/blog/threat-research/2018/03/suspected-chinese-espionage-group-targeting-maritime-and-engineering-industries.html" + "https://www.fireeye.com/blog/threat-research/2018/03/suspected-chinese-espionage-group-targeting-maritime-and-engineering-industries.html", + "https://www2.fireeye.com/rs/fireye/images/APT17_Report.pdf" ], "synonyms": [ "BLACKCOFFEE" @@ -22808,6 +22808,20 @@ ], "type": "uses" }, + { + "dest-uuid": "84e02621-8fdf-470f-bd58-993bb6a89d91", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", "tags": [ @@ -22823,7 +22837,7 @@ "type": "uses" }, { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -22835,20 +22849,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "84e02621-8fdf-470f-bd58-993bb6a89d91", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "d69c8146-ab35-4d50-8382-6fc80e641d43", @@ -22863,10 +22863,10 @@ ], "refs": [ "https://attack.mitre.org/software/S0609", + "https://us-cert.cisa.gov/sites/default/files/documents/MAR-17-352-01%20HatMan%20-%20Safety%20System%20Targeted%20Malware%20%28Update%20B%29.pdf", + "https://www.dragos.com/wp-content/uploads/TRISIS-01.pdf", "https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html", "https://www.fireeye.com/blog/threat-research/2018/06/totally-tubular-treatise-on-TRITON-and-tristation.html", - "https://www.dragos.com/wp-content/uploads/TRISIS-01.pdf", - "https://us-cert.cisa.gov/sites/default/files/documents/MAR-17-352-01%20HatMan%20-%20Safety%20System%20Targeted%20Malware%20%28Update%20B%29.pdf", "https://www.fireeye.com/blog/threat-research/2018/10/triton-attribution-russian-government-owned-lab-most-likely-built-tools.html " ], "synonyms": [ @@ -22876,6 +22876,20 @@ ] }, "related": [ + { + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ @@ -22890,26 +22904,12 @@ ], "type": "uses" }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "93ae2edf-a598-4d2d-acd7-bcae0c021923", @@ -22923,21 +22923,14 @@ "macOS" ], "refs": [ - "https://attack.mitre.org/software/S0077", - "http://researchcenter.paloaltonetworks.com/2016/01/scarlet-mimic-years-long-espionage-targets-minority-activists/" + "http://researchcenter.paloaltonetworks.com/2016/01/scarlet-mimic-years-long-espionage-targets-minority-activists/", + "https://attack.mitre.org/software/S0077" ], "synonyms": [ "CallMe" ] }, "related": [ - { - "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ @@ -22946,14 +22939,21 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -22971,8 +22971,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0078", - "http://researchcenter.paloaltonetworks.com/2016/01/scarlet-mimic-years-long-espionage-targets-minority-activists/" + "http://researchcenter.paloaltonetworks.com/2016/01/scarlet-mimic-years-long-espionage-targets-minority-activists/", + "https://attack.mitre.org/software/S0078" ], "synonyms": [ "Psylo" @@ -22987,7 +22987,7 @@ "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -23001,14 +23001,14 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -23024,14 +23024,14 @@ "external_id": "S0079", "mitre_platforms": [], "refs": [ - "https://attack.mitre.org/software/S0079", - "http://researchcenter.paloaltonetworks.com/2016/01/scarlet-mimic-years-long-espionage-targets-minority-activists/" + "http://researchcenter.paloaltonetworks.com/2016/01/scarlet-mimic-years-long-espionage-targets-minority-activists/", + "https://attack.mitre.org/software/S0079" ], "synonyms": [] }, "related": [ { - "dest-uuid": "4b74a1d4-b0e9-4ef1-93f1-14ecc6e2f5b5", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -23045,28 +23045,7 @@ "type": "uses" }, { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "4b74a1d4-b0e9-4ef1-93f1-14ecc6e2f5b5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -23086,12 +23065,33 @@ ], "type": "uses" }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "463f68f1-5cde-4dc2-a831-68b73488f8f4", @@ -23105,35 +23105,14 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0088", - "http://research.zscaler.com/2016/01/malicious-office-files-dropping-kasidet.html" + "http://research.zscaler.com/2016/01/malicious-office-files-dropping-kasidet.html", + "https://attack.mitre.org/software/S0088" ], "synonyms": [ "Kasidet" ] }, "related": [ - { - "dest-uuid": "3760920e-4d1a-40d8-9e60-508079499076", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ @@ -23141,34 +23120,6 @@ ], "type": "uses" }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ @@ -23177,7 +23128,35 @@ "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3760920e-4d1a-40d8-9e60-508079499076", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -23189,6 +23168,27 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "26fed817-e7bf-41f9-829a-9075ffac45c2", @@ -23211,20 +23211,6 @@ ] }, "related": [ - { - "dest-uuid": "5a22cad7-65fa-4b7a-a7aa-7915a6101efa", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "82c644ab-550a-4a83-9b35-d545f4719069", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ @@ -23232,20 +23218,6 @@ ], "type": "uses" }, - { - "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ @@ -23254,35 +23226,14 @@ "type": "uses" }, { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -23296,12 +23247,96 @@ "type": "uses" }, { - "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", + "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "565275d5-fcc3-4b66-b4e7-928e4cac6b8c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5a22cad7-65fa-4b7a-a7aa-7915a6101efa", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "82c644ab-550a-4a83-9b35-d545f4719069", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", "tags": [ @@ -23317,14 +23352,7 @@ "type": "uses" }, { - "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "9e8b28c9-35fe-48ac-a14d-e6cc032dcbcd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -23338,7 +23366,21 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -23351,54 +23393,12 @@ ], "type": "uses" }, - { - "dest-uuid": "9e8b28c9-35fe-48ac-a14d-e6cc032dcbcd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "565275d5-fcc3-4b66-b4e7-928e4cac6b8c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4", @@ -23412,28 +23412,14 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0132", - "http://blogs.cisco.com/security/h1n1-technical-analysis-reveals-new-capabilities" + "http://blogs.cisco.com/security/h1n1-technical-analysis-reveals-new-capabilities", + "https://attack.mitre.org/software/S0132" ], "synonyms": [ "H1N1" ] }, "related": [ - { - "dest-uuid": "246fd3c7-f5e3-466d-8787-4c13d9e3b61c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", "tags": [ @@ -23442,28 +23428,7 @@ "type": "uses" }, { - "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "246fd3c7-f5e3-466d-8787-4c13d9e3b61c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -23477,14 +23442,14 @@ "type": "uses" }, { - "dest-uuid": "cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f", + "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -23497,6 +23462,34 @@ ], "type": "uses" }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", "tags": [ @@ -23505,7 +23498,14 @@ "type": "uses" }, { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -23560,14 +23560,28 @@ }, "related": [ { - "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4eeaf8a9-c86b-4954-a663-9555fb406466", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -23588,21 +23602,7 @@ "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4eeaf8a9-c86b-4954-a663-9555fb406466", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -23616,7 +23616,7 @@ "type": "uses" }, { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -23643,13 +23643,6 @@ ] }, "related": [ - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ @@ -23658,7 +23651,7 @@ "type": "uses" }, { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -23670,6 +23663,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "13183cdf-280b-46be-913a-5c6df47831e7", @@ -23688,14 +23688,14 @@ }, "related": [ { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -23709,7 +23709,7 @@ "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -23727,8 +23727,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0113", - "http://www.welivesecurity.com/wp-content/uploads/2016/05/Operation-Groundbait.pdf" + "http://www.welivesecurity.com/wp-content/uploads/2016/05/Operation-Groundbait.pdf", + "https://attack.mitre.org/software/S0113" ], "synonyms": [ "Prikormka" @@ -23736,21 +23736,14 @@ }, "related": [ { - "dest-uuid": "67ade442-63f2-4319-bdcd-d2564b963ed6", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -23763,62 +23756,6 @@ ], "type": "uses" }, - { - "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ @@ -23826,13 +23763,6 @@ ], "type": "uses" }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ @@ -23848,14 +23778,14 @@ "type": "uses" }, { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -23868,6 +23798,48 @@ ], "type": "uses" }, + { + "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "67ade442-63f2-4319-bdcd-d2564b963ed6", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ @@ -23876,7 +23848,35 @@ "type": "uses" }, { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -23922,8 +23922,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0114", - "https://www.fireeye.com/content/dam/fireeye-www/current-threats/pdfs/rpt-mtrends-2016.pdf", "https://www.fireeye.com/blog/threat-research/2015/12/fin1-targets-boot-record.html", + "https://www.fireeye.com/content/dam/fireeye-www/current-threats/pdfs/rpt-mtrends-2016.pdf", "https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1498163766.pdf" ], "synonyms": [ @@ -23965,41 +23965,6 @@ ] }, "related": [ - { - "dest-uuid": "b3c2e5de-0941-4b57-ba61-af029eb5517a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", "tags": [ @@ -24007,69 +23972,6 @@ ], "type": "uses" }, - { - "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "60623164-ccd8-4508-a141-b5a34820b3de", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9d7c32f4-ab39-49dc-8055-8106bc2294a1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3dd58c80-4c2e-458c-9503-1b2cd273c4d2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "fd658820-cbba-4c95-8ac9-0fac6b1099e2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ed2c05a1-4f81-4d97-9e1b-aff01c34ae84", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "786f488c-cb1f-4602-89c5-86d982ee326b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1b51f5bc-b97a-498a-8dbd-bc6b1901bf19", "tags": [ @@ -24077,12 +23979,110 @@ ], "type": "uses" }, + { + "dest-uuid": "3dd58c80-4c2e-458c-9503-1b2cd273c4d2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "60623164-ccd8-4508-a141-b5a34820b3de", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "786f488c-cb1f-4602-89c5-86d982ee326b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9d7c32f4-ab39-49dc-8055-8106bc2294a1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b327a9c0-e709-495c-aa6e-00b042136e2b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "b3c2e5de-0941-4b57-ba61-af029eb5517a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ed2c05a1-4f81-4d97-9e1b-aff01c34ae84", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "fd658820-cbba-4c95-8ac9-0fac6b1099e2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "0626c181-93cb-4860-9cb0-dff3b1c13063", @@ -24101,21 +24101,7 @@ }, "related": [ { - "dest-uuid": "2815a353-cd56-4ed0-8581-812b94f7a326", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -24129,14 +24115,14 @@ "type": "uses" }, { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "dest-uuid": "2815a353-cd56-4ed0-8581-812b94f7a326", "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" + "estimative-language:likelihood-probability=\"likely\"" ], - "type": "uses" + "type": "similar" }, { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -24148,6 +24134,20 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "0ced8926-914e-4c78-bc93-356fb90dbd1f", @@ -24162,8 +24162,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0115", - "https://www.proofpoint.com/sites/default/files/proofpoint-operation-transparent-tribe-threat-insight-en.pdf", - "https://securelist.com/transparent-tribe-part-1/98127/" + "https://securelist.com/transparent-tribe-part-1/98127/", + "https://www.proofpoint.com/sites/default/files/proofpoint-operation-transparent-tribe-threat-insight-en.pdf" ], "synonyms": [ "Crimson", @@ -24172,70 +24172,7 @@ }, "related": [ { - "dest-uuid": "8d8efbc6-d1b7-4ec8-bab3-591edba337d0", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "858edfb8-793a-430b-8acc-4310e7d2f0d3", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "a61fc694-a88a-484d-a648-db35b49932fd", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -24249,56 +24186,7 @@ "type": "uses" }, { - "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c877e33f-1df6-40d6-b1e7-ce70f16f4979", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -24311,27 +24199,6 @@ ], "type": "uses" }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec", "tags": [ @@ -24340,14 +24207,7 @@ "type": "uses" }, { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "dest-uuid": "1e9eb839-294b-48cc-b0d3-c45555a2a004", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -24361,14 +24221,126 @@ "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "858edfb8-793a-430b-8acc-4310e7d2f0d3", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "8d8efbc6-d1b7-4ec8-bab3-591edba337d0", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a61fc694-a88a-484d-a648-db35b49932fd", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c877e33f-1df6-40d6-b1e7-ce70f16f4979", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -24382,7 +24354,35 @@ "type": "uses" }, { - "dest-uuid": "1e9eb839-294b-48cc-b0d3-c45555a2a004", + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -24409,14 +24409,14 @@ }, "related": [ { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -24430,14 +24430,7 @@ "type": "uses" }, { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -24451,14 +24444,21 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", + "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -24487,14 +24487,7 @@ }, "related": [ { - "dest-uuid": "9a60a291-8960-4387-8a4a-2ab5c18bb50b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -24507,20 +24500,6 @@ ], "type": "uses" }, - { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ @@ -24529,14 +24508,21 @@ "type": "uses" }, { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -24550,7 +24536,21 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9a60a291-8960-4387-8a4a-2ab5c18bb50b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -24569,29 +24569,15 @@ ], "refs": [ "https://attack.mitre.org/software/S0611", - "https://www.mcafee.com/blogs/other-blogs/mcafee-labs/clop-ransomware/", + "https://unit42.paloaltonetworks.com/clop-ransomware/", "https://www.cybereason.com/blog/cybereason-vs.-clop-ransomware", - "https://unit42.paloaltonetworks.com/clop-ransomware/" + "https://www.mcafee.com/blogs/other-blogs/mcafee-labs/clop-ransomware/" ], "synonyms": [ "Clop" ] }, "related": [ - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", "tags": [ @@ -24599,55 +24585,6 @@ ], "type": "uses" }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c1b68a96-3c48-49ea-a6c0-9b27359f9c19", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", "tags": [ @@ -24655,6 +24592,13 @@ ], "type": "uses" }, + { + "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336", "tags": [ @@ -24663,7 +24607,49 @@ "type": "uses" }, { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -24676,26 +24662,40 @@ ], "type": "uses" }, + { + "dest-uuid": "c1b68a96-3c48-49ea-a6c0-9b27359f9c19", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "cad3ba95-8c89-4146-ab10-08daa813f9de", @@ -24710,14 +24710,28 @@ ], "refs": [ "https://attack.mitre.org/software/S0171", - "https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-south-american-and-southeast-asian-governments", - "https://blogs.forcepoint.com/security-labs/playing-cat-mouse-introducing-felismus-malware" + "https://blogs.forcepoint.com/security-labs/playing-cat-mouse-introducing-felismus-malware", + "https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-south-american-and-southeast-asian-governments" ], "synonyms": [ "Felismus" ] }, "related": [ + { + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "07a41ea7-17b2-4852-bfd7-54211c477dc0", "tags": [ @@ -24725,13 +24739,6 @@ ], "type": "similar" }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ @@ -24739,20 +24746,6 @@ ], "type": "uses" }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ @@ -24761,14 +24754,7 @@ "type": "uses" }, { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -24782,14 +24768,28 @@ "type": "uses" }, { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -24807,10 +24807,10 @@ "Windows" ], "refs": [ + "http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf", "https://attack.mitre.org/software/S0117", "https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/", "https://www.invincea.com/2016/07/tunnel-of-gov-dnc-hack-and-the-russian-xtunnel/", - "http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf", "https://www.symantec.com/blogs/election-security/apt28-espionage-military-government" ], "synonyms": [ @@ -24821,13 +24821,6 @@ ] }, "related": [ - { - "dest-uuid": "6d180bd7-3c77-4faf-b98b-dc2ab5f49101", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "53089817-6d65-4802-a7d2-5ccc3d919b74", "tags": [ @@ -24835,13 +24828,6 @@ ], "type": "similar" }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", "tags": [ @@ -24850,18 +24836,11 @@ "type": "uses" }, { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "dest-uuid": "6d180bd7-3c77-4faf-b98b-dc2ab5f49101", "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" + "estimative-language:likelihood-probability=\"likely\"" ], - "type": "uses" - }, - { - "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" + "type": "similar" }, { "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", @@ -24878,7 +24857,7 @@ "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -24890,6 +24869,27 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "7343e208-7cab-45f2-a47b-41ba5e2f0fab", @@ -24911,20 +24911,6 @@ ] }, "related": [ - { - "dest-uuid": "e0bea149-2def-484f-b658-f782a4f94815", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "0a52e73b-d7e9-45ae-9bda-46568f753931", "tags": [ @@ -24932,27 +24918,6 @@ ], "type": "similar" }, - { - "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c325b232-d5bc-4dde-a3ec-71f3db9e8adc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ @@ -24961,7 +24926,7 @@ "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -24974,6 +24939,20 @@ ], "type": "uses" }, + { + "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ @@ -24982,11 +24961,32 @@ "type": "uses" }, { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "dest-uuid": "bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "c325b232-d5bc-4dde-a3ec-71f3db9e8adc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e0bea149-2def-484f-b658-f782a4f94815", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "fece06b7-d4b1-42cf-b81a-5323c917546e", @@ -25000,8 +25000,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0118", - "http://www.symantec.com/connect/blogs/suckfly-revealing-secret-life-your-code-signing-certificates" + "http://www.symantec.com/connect/blogs/suckfly-revealing-secret-life-your-code-signing-certificates", + "https://attack.mitre.org/software/S0118" ], "synonyms": [ "Nidiran", @@ -25010,14 +25010,7 @@ }, "related": [ { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -25030,6 +25023,13 @@ ], "type": "uses" }, + { + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ @@ -25038,7 +25038,7 @@ "type": "uses" }, { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -25066,7 +25066,7 @@ }, "related": [ { - "dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a", + "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -25080,14 +25080,14 @@ "type": "uses" }, { - "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", + "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -25113,13 +25113,6 @@ ] }, "related": [ - { - "dest-uuid": "becf81e5-f989-4093-a67d-d55a0483885f", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ @@ -25128,14 +25121,21 @@ "type": "uses" }, { - "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "becf81e5-f989-4093-a67d-d55a0483885f", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -25161,6 +25161,13 @@ ] }, "related": [ + { + "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "2a18f5dd-40fc-444b-a7c6-85f94b3eee13", "tags": [ @@ -25168,20 +25175,6 @@ ], "type": "similar" }, - { - "dest-uuid": "637000f7-4363-44e0-b795-9cfb7a3dc460", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "451a9977-d255-43c9-b431-66de80130c8c", "tags": [ @@ -25190,14 +25183,21 @@ "type": "uses" }, { - "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", + "dest-uuid": "637000f7-4363-44e0-b795-9cfb7a3dc460", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -25231,11 +25231,11 @@ }, "related": [ { - "dest-uuid": "a5e851b4-e046-43b6-bc6e-c6c008e3c5aa", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ - "estimative-language:likelihood-probability=\"likely\"" + "estimative-language:likelihood-probability=\"almost-certain\"" ], - "type": "similar" + "type": "uses" }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", @@ -25252,11 +25252,11 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "a5e851b4-e046-43b6-bc6e-c6c008e3c5aa", "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" + "estimative-language:likelihood-probability=\"likely\"" ], - "type": "uses" + "type": "similar" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", @@ -25266,14 +25266,14 @@ "type": "uses" }, { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -25291,8 +25291,8 @@ "Android" ], "refs": [ - "https://attack.mitre.org/software/S0321", - "http://arstechnica.com/security/2017/01/virulent-android-malware-returns-gets-2-million-downloads-on-google-play/" + "http://arstechnica.com/security/2017/01/virulent-android-malware-returns-gets-2-million-downloads-on-google-play/", + "https://attack.mitre.org/software/S0321" ], "synonyms": [ "HummingWhale" @@ -25326,13 +25326,6 @@ ] }, "related": [ - { - "dest-uuid": "bc32df24-8e80-44bc-80b0-6a4d55661aa5", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "667e5707-3843-4da8-bd34-88b922526f0d", "tags": [ @@ -25340,6 +25333,13 @@ ], "type": "uses" }, + { + "dest-uuid": "bc32df24-8e80-44bc-80b0-6a4d55661aa5", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", "tags": [ @@ -25360,14 +25360,56 @@ ], "refs": [ "https://attack.mitre.org/software/S0241", - "https://www.trendmicro.com/en_us/research/17/b/ratankba-watering-holes-against-enterprises.html", - "https://blog.trendmicro.com/trendlabs-security-intelligence/lazarus-campaign-targeting-cryptocurrencies-reveals-remote-controller-tool-evolved-ratankba/" + "https://blog.trendmicro.com/trendlabs-security-intelligence/lazarus-campaign-targeting-cryptocurrencies-reveals-remote-controller-tool-evolved-ratankba/", + "https://www.trendmicro.com/en_us/research/17/b/ratankba-watering-holes-against-enterprises.html" ], "synonyms": [ "RATANKBA" ] }, "related": [ + { + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "tags": [ @@ -25383,42 +25425,7 @@ "type": "uses" }, { - "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -25431,13 +25438,6 @@ ], "type": "uses" }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ @@ -25446,14 +25446,14 @@ "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -25474,7 +25474,7 @@ "type": "uses" }, { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -25497,11 +25497,11 @@ }, "related": [ { - "dest-uuid": "656cd201-d57a-4a2f-a201-531eb4922a72", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ - "estimative-language:likelihood-probability=\"likely\"" + "estimative-language:likelihood-probability=\"almost-certain\"" ], - "type": "similar" + "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", @@ -25511,14 +25511,14 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "656cd201-d57a-4a2f-a201-531eb4922a72", "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" + "estimative-language:likelihood-probability=\"likely\"" ], - "type": "uses" + "type": "similar" }, { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -25545,14 +25545,7 @@ }, "related": [ { - "dest-uuid": "9991ace8-1a62-498c-a9ef-19d474deb505", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -25565,13 +25558,6 @@ ], "type": "uses" }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ @@ -25579,27 +25565,6 @@ ], "type": "uses" }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ @@ -25607,12 +25572,47 @@ ], "type": "uses" }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9991ace8-1a62-498c-a9ef-19d474deb505", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "91000a8a-58cc-4aba-9ad0-993ad6302b86", @@ -25634,20 +25634,6 @@ ] }, "related": [ - { - "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", "tags": [ @@ -25662,13 +25648,6 @@ ], "type": "uses" }, - { - "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", "tags": [ @@ -25677,21 +25656,7 @@ "type": "uses" }, { - "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c4b96c0b-cb58-497a-a1c2-bb447d79d692", + "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -25705,28 +25670,7 @@ "type": "uses" }, { - "dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8e27551a-5080-4148-a584-c64348212e4f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -25740,7 +25684,63 @@ "type": "uses" }, { - "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", + "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8e27551a-5080-4148-a584-c64348212e4f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bd4d32f5-eed4-4018-a649-40b229dd1d69", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c4b96c0b-cb58-497a-a1c2-bb447d79d692", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -25754,7 +25754,7 @@ "type": "uses" }, { - "dest-uuid": "bd4d32f5-eed4-4018-a649-40b229dd1d69", + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -25772,14 +25772,28 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0124", - "http://researchcenter.paloaltonetworks.com/2016/05/unit42-new-wekby-attacks-use-dns-requests-as-command-and-control-mechanism/" + "http://researchcenter.paloaltonetworks.com/2016/05/unit42-new-wekby-attacks-use-dns-requests-as-command-and-control-mechanism/", + "https://attack.mitre.org/software/S0124" ], "synonyms": [ "Pisloader" ] }, "related": [ + { + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ @@ -25801,13 +25815,6 @@ ], "type": "uses" }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ @@ -25823,7 +25830,7 @@ "type": "uses" }, { - "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -25835,13 +25842,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "b96680d1-5eb3-4f07-b95c-00ab904ac236", @@ -25866,14 +25866,28 @@ }, "related": [ { - "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", + "dest-uuid": "01327cde-66c4-4123-bf34-5f258d59457b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -25893,132 +25907,6 @@ ], "type": "uses" }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "01327cde-66c4-4123-bf34-5f258d59457b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f5946b5e-9408-485f-a7f7-b5efc88909b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "677569f9-a8b0-459e-ab24-7f18091fa7bf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", "tags": [ @@ -26026,20 +25914,6 @@ ], "type": "uses" }, - { - "dest-uuid": "c675646d-e204-4aa8-978d-e3d6d65885c4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ @@ -26048,21 +25922,84 @@ "type": "uses" }, { - "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", + "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "677569f9-a8b0-459e-ab24-7f18091fa7bf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -26083,7 +26020,35 @@ "type": "uses" }, { - "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", + "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c675646d-e204-4aa8-978d-e3d6d65885c4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -26097,21 +26062,56 @@ "type": "uses" }, { - "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f5946b5e-9408-485f-a7f7-b5efc88909b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -26137,6 +26137,13 @@ ] }, "related": [ + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "70ca8408-bc45-4d39-acd2-9190ba15ea97", "tags": [ @@ -26158,13 +26165,6 @@ ], "type": "uses" }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ @@ -26193,49 +26193,7 @@ }, "related": [ { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -26249,14 +26207,7 @@ "type": "uses" }, { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -26270,7 +26221,14 @@ "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -26284,21 +26242,7 @@ "type": "uses" }, { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", + "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -26312,14 +26256,14 @@ "type": "uses" }, { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -26333,7 +26277,63 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -26360,21 +26360,7 @@ }, "related": [ { - "dest-uuid": "c9b4ec27-0a43-4671-a967-bcac5df0e056", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "438c6d0f-03f0-4b49-89d2-40bf5349c3fc", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -26387,6 +26373,20 @@ ], "type": "uses" }, + { + "dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "438c6d0f-03f0-4b49-89d2-40bf5349c3fc", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", "tags": [ @@ -26395,25 +26395,25 @@ "type": "uses" }, { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, + { + "dest-uuid": "c9b4ec27-0a43-4671-a967-bcac5df0e056", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "2f1a9fd0-3b7c-4d77-a358-78db13adbe78", @@ -26427,8 +26427,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0125", "http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets", + "https://attack.mitre.org/software/S0125", "https://securelist.com/faq-the-projectsauron-apt/75533/" ], "synonyms": [ @@ -26439,77 +26439,7 @@ }, "related": [ { - "dest-uuid": "6a3c3fbc-97ec-4938-b64e-2679e4b73db9", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -26523,119 +26453,14 @@ "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4b74a1d4-b0e9-4ef1-93f1-14ecc6e2f5b5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a3e1e6c5-9c74-4fc0-a16c-a9d228c17829", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3731fbcd-0e43-47ae-ae6c-d15e510f0d42", + "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -26648,6 +26473,132 @@ ], "type": "uses" }, + { + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3731fbcd-0e43-47ae-ae6c-d15e510f0d42", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4b74a1d4-b0e9-4ef1-93f1-14ecc6e2f5b5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6a3c3fbc-97ec-4938-b64e-2679e4b73db9", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a3e1e6c5-9c74-4fc0-a16c-a9d228c17829", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "tags": [ @@ -26655,12 +26606,61 @@ ], "type": "uses" }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "69d6f4a9-fcf0-4f51-bca7-597c51ad0bb8", @@ -26679,8 +26679,8 @@ "https://researchcenter.paloaltonetworks.com/2018/11/unit42-sofacy-continues-global-attacks-wheels-new-cannon-trojan/", "https://unit42.paloaltonetworks.com/dear-joohn-sofacy-groups-global-campaign/", "https://us-cert.cisa.gov/ncas/analysis-reports/ar20-303b", - "https://www.cyberscoop.com/apt28-brexit-phishing-accenture/", - "https://www.accenture.com/t20181129T203820Z__w__/us-en/_acnmedia/PDF-90/Accenture-snakemackerel-delivers-zekapab-malware.pdf#zoom=50" + "https://www.accenture.com/t20181129T203820Z__w__/us-en/_acnmedia/PDF-90/Accenture-snakemackerel-delivers-zekapab-malware.pdf#zoom=50", + "https://www.cyberscoop.com/apt28-brexit-phishing-accenture/" ], "synonyms": [ "Zebrocy", @@ -26689,63 +26689,7 @@ }, "related": [ { - "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -26759,112 +26703,14 @@ "type": "uses" }, { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f5946b5e-9408-485f-a7f7-b5efc88909b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -26885,21 +26731,63 @@ "type": "uses" }, { - "dest-uuid": "eb125d40-0b2d-41ac-a71a-3229241c2cd3", + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", + "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -26911,6 +26799,118 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "eb125d40-0b2d-41ac-a71a-3229241c2cd3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f5946b5e-9408-485f-a7f7-b5efc88909b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "a4f57468-fbd5-49e4-8476-52088220b92d", @@ -26925,8 +26925,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0126", - "https://www.threatminer.org/report.php?q=waterbug-attack-group.pdf&y=2015#gsc.tab=0&gsc.q=waterbug-attack-group.pdf&gsc.page=1", "https://docplayer.net/101655589-Tools-used-by-the-uroburos-actors.html", + "https://www.threatminer.org/report.php?q=waterbug-attack-group.pdf&y=2015#gsc.tab=0&gsc.q=waterbug-attack-group.pdf&gsc.page=1", "https://www.welivesecurity.com/wp-content/uploads/2020/05/ESET_Turla_ComRAT.pdf" ], "synonyms": [ @@ -26934,6 +26934,55 @@ ] }, "related": [ + { + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4eeaf8a9-c86b-4954-a663-9555fb406466", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "9223bf17-7e32-4833-9574-9ffd8c929765", "tags": [ @@ -26941,6 +26990,55 @@ ], "type": "similar" }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bc0f5e80-91c0-4e04-9fbb-e4e332c85dae", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "d9cc15f7-0880-4ae4-8df4-87c58338d6b8", "tags": [ @@ -26956,35 +27054,7 @@ "type": "similar" }, { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4eeaf8a9-c86b-4954-a663-9555fb406466", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -26997,48 +27067,6 @@ ], "type": "uses" }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", "tags": [ @@ -27047,14 +27075,7 @@ "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bc0f5e80-91c0-4e04-9fbb-e4e332c85dae", + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -27066,27 +27087,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "da5880b4-f7da-4869-85f2-e0aba84b8565", @@ -27108,34 +27108,6 @@ ] }, "related": [ - { - "dest-uuid": "fe97ace3-9a80-42af-9eae-1f9245927e5d", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ @@ -27150,12 +27122,40 @@ ], "type": "uses" }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "fe97ace3-9a80-42af-9eae-1f9245927e5d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "53d47b09-09c2-4015-8d37-6633ecd53f79", @@ -27178,7 +27178,7 @@ }, "related": [ { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -27192,7 +27192,7 @@ "type": "uses" }, { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -27205,6 +27205,13 @@ ], "type": "uses" }, + { + "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", "tags": [ @@ -27212,20 +27219,6 @@ ], "type": "uses" }, - { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ @@ -27234,7 +27227,14 @@ "type": "uses" }, { - "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -27253,8 +27253,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0162", - "https://researchcenter.paloaltonetworks.com/2017/02/unit42-xagentosx-sofacys-xagent-macos-tool/", - "https://researchcenter.paloaltonetworks.com/2016/09/unit42-sofacys-komplex-os-x-trojan/" + "https://researchcenter.paloaltonetworks.com/2016/09/unit42-sofacys-komplex-os-x-trojan/", + "https://researchcenter.paloaltonetworks.com/2017/02/unit42-xagentosx-sofacys-xagent-macos-tool/" ], "synonyms": [ "Komplex" @@ -27262,7 +27262,28 @@ }, "related": [ { - "dest-uuid": "d26b5518-8d7f-41a6-b539-231e4962853e", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1de47f51-1f20-403b-a2e1-5eaabe275faa", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3948ce95-468e-4ce1-82b1-57439c6d6afd", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], @@ -27275,34 +27296,6 @@ ], "type": "similar" }, - { - "dest-uuid": "1de47f51-1f20-403b-a2e1-5eaabe275faa", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "3948ce95-468e-4ce1-82b1-57439c6d6afd", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ @@ -27317,6 +27310,13 @@ ], "type": "uses" }, + { + "dest-uuid": "d26b5518-8d7f-41a6-b539-231e4962853e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ @@ -27325,14 +27325,14 @@ "type": "uses" }, { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -27351,8 +27351,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0612", - "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/wastedlocker-ransomware-us", "https://research.nccgroup.com/2020/06/23/wastedlocker-a-new-ransomware-variant-developed-by-the-evil-corp-group/", + "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/wastedlocker-ransomware-us", "https://www.sentinelone.com/labs/wastedlocker-ransomware-abusing-ads-and-ntfs-file-attributes/" ], "synonyms": [ @@ -27360,6 +27360,48 @@ ] }, "related": [ + { + "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "34e793de-0274-4982-9c1a-246ed1c19dee", "tags": [ @@ -27368,7 +27410,14 @@ "type": "uses" }, { - "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -27381,6 +27430,13 @@ ], "type": "uses" }, + { + "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ @@ -27389,7 +27445,14 @@ "type": "uses" }, { - "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -27410,21 +27473,7 @@ "type": "uses" }, { - "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f2857333-11d4-45bf-b064-2c28d8525be5", + "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -27438,14 +27487,7 @@ "type": "uses" }, { - "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "f2857333-11d4-45bf-b064-2c28d8525be5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -27457,48 +27499,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "46cbafbc-8907-42d3-9002-5327c26f8927", @@ -27512,21 +27512,14 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0127", - "http://researchcenter.paloaltonetworks.com/2015/12/bbsrat-attacks-targeting-russian-organizations-linked-to-roaming-tiger/" + "http://researchcenter.paloaltonetworks.com/2015/12/bbsrat-attacks-targeting-russian-organizations-linked-to-roaming-tiger/", + "https://attack.mitre.org/software/S0127" ], "synonyms": [ "BBSRAT" ] }, "related": [ - { - "dest-uuid": "cad1d6db-3a6c-4d67-8f6e-627d8a168d6a", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ @@ -27534,48 +27527,6 @@ ], "type": "uses" }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ @@ -27584,21 +27535,14 @@ "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bc0f5e80-91c0-4e04-9fbb-e4e332c85dae", + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -27611,6 +27555,13 @@ ], "type": "uses" }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ @@ -27618,6 +27569,48 @@ ], "type": "uses" }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bc0f5e80-91c0-4e04-9fbb-e4e332c85dae", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cad1d6db-3a6c-4d67-8f6e-627d8a168d6a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", "tags": [ @@ -27626,7 +27619,14 @@ "type": "uses" }, { - "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", + "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -27653,7 +27653,7 @@ }, "related": [ { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -27667,7 +27667,7 @@ "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -27681,14 +27681,7 @@ "type": "uses" }, { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -27701,13 +27694,6 @@ ], "type": "uses" }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ @@ -27716,7 +27702,14 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -27728,6 +27721,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "11e36d5b-6a92-4bf9-8eb7-85eb24f59e22", @@ -27746,11 +27746,11 @@ }, "related": [ { - "dest-uuid": "d909efe3-abc3-4be0-9640-e4727542fa2b", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ - "estimative-language:likelihood-probability=\"likely\"" + "estimative-language:likelihood-probability=\"almost-certain\"" ], - "type": "similar" + "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", @@ -27760,14 +27760,14 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "d909efe3-abc3-4be0-9640-e4727542fa2b", "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" + "estimative-language:likelihood-probability=\"likely\"" ], - "type": "uses" + "type": "similar" }, { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -27793,76 +27793,6 @@ ] }, "related": [ - { - "dest-uuid": "826c31ca-2617-47e4-b236-205da3881182", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4ff5d6a8-c062-4c68-a778-36fc5edd564f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ @@ -27870,20 +27800,6 @@ ], "type": "uses" }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b", "tags": [ @@ -27891,12 +27807,96 @@ ], "type": "uses" }, + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4ff5d6a8-c062-4c68-a778-36fc5edd564f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "826c31ca-2617-47e4-b236-205da3881182", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "65341f30-bec6-4b1d-8abf-1a5620446c29", @@ -27911,8 +27911,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0128", - "https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-security-labs-monsoon-analysis-report.pdf", - "https://documents.trendmicro.com/assets/tech-brief-untangling-the-patchwork-cyberespionage-group.pdf" + "https://documents.trendmicro.com/assets/tech-brief-untangling-the-patchwork-cyberespionage-group.pdf", + "https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-security-labs-monsoon-analysis-report.pdf" ], "synonyms": [ "BADNEWS" @@ -27927,21 +27927,14 @@ "type": "uses" }, { - "dest-uuid": "b4b7458f-81f2-4d38-84be-1c5ba0167a52", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -27955,35 +27948,14 @@ "type": "uses" }, { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ae676644-d2d2-41b7-af7e-9bed1b55898c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f", + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -28004,63 +27976,21 @@ "type": "uses" }, { - "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -28080,6 +28010,76 @@ ], "type": "uses" }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ae676644-d2d2-41b7-af7e-9bed1b55898c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b4b7458f-81f2-4d38-84be-1c5ba0167a52", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "f7827069-0bf2-4764-af4f-23fae0d181b7", "tags": [ @@ -28107,13 +28107,6 @@ ] }, "related": [ - { - "dest-uuid": "e5a9a2ec-348e-4a2f-98dd-16c3e8845576", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ @@ -28122,14 +28115,21 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", + "dest-uuid": "e5a9a2ec-348e-4a2f-98dd-16c3e8845576", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -28147,10 +28147,10 @@ "macOS" ], "refs": [ - "https://attack.mitre.org/software/S0281", - "https://objective-see.com/blog/blog_0x25.html", "http://www.hexed.in/2019/07/osxdok-analysis.html", - "https://blog.checkpoint.com/2017/04/27/osx-malware-catching-wants-read-https-traffic/" + "https://attack.mitre.org/software/S0281", + "https://blog.checkpoint.com/2017/04/27/osx-malware-catching-wants-read-https-traffic/", + "https://objective-see.com/blog/blog_0x25.html" ], "synonyms": [ "Dok", @@ -28158,48 +28158,6 @@ ] }, "related": [ - { - "dest-uuid": "84601337-6a55-4ad7-9c35-79e0d1ea2ab3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "37b11151-1776-4f8f-b328-30939fbf2ceb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d10cbd34-42e3-45c0-84d2-535a09849584", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c615231b-f253-4f58-9d47-d5b4cbdb6839", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "035bb001-ab69-4a0b-9f6c-2de8b09e1b9d", "tags": [ @@ -28207,13 +28165,6 @@ ], "type": "uses" }, - { - "dest-uuid": "1365fe3b-0f50-455d-b4da-266ce31c23b0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "09b130a2-a77e-4af0-a361-f46f9aad1345", "tags": [ @@ -28221,6 +28172,27 @@ ], "type": "uses" }, + { + "dest-uuid": "1365fe3b-0f50-455d-b4da-266ce31c23b0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "37b11151-1776-4f8f-b328-30939fbf2ceb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "84601337-6a55-4ad7-9c35-79e0d1ea2ab3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "a2029942-0a85-4947-b23c-ca434698171d", "tags": [ @@ -28228,12 +28200,40 @@ ], "type": "uses" }, + { + "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c615231b-f253-4f58-9d47-d5b4cbdb6839", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d10cbd34-42e3-45c0-84d2-535a09849584", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "f36b2598-515f-4345-84e5-5ccde253edbe", @@ -28248,12 +28248,12 @@ "Android" ], "refs": [ - "https://attack.mitre.org/software/S0182", - "http://www.finfisher.com/FinFisher/index.html", "http://download.microsoft.com/download/E/B/0/EB0F50CC-989C-4B66-B7F6-68CD3DC90DE3/Microsoft_Security_Intelligence_Report_Volume_21_English.pdf", - "https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html", + "http://www.finfisher.com/FinFisher/index.html", + "https://attack.mitre.org/software/S0182", + "https://cloudblogs.microsoft.com/microsoftsecure/2018/03/01/finfisher-exposed-a-researchers-tale-of-defeating-traps-tricks-and-complex-virtual-machines/", "https://securelist.com/blackoasis-apt-and-new-targeted-attacks-leveraging-zero-day-exploit/82732/", - "https://cloudblogs.microsoft.com/microsoftsecure/2018/03/01/finfisher-exposed-a-researchers-tale-of-defeating-traps-tricks-and-complex-virtual-machines/" + "https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html" ], "synonyms": [ "FinFisher", @@ -28261,132 +28261,6 @@ ] }, "related": [ - { - "dest-uuid": "541b64bc-87ec-4cc2-aaee-329355987853", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "a4657bc9-d22f-47d2-a7b7-dd6ec33f3dde", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f5946b5e-9408-485f-a7f7-b5efc88909b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1b7b1806-7746-41a1-a35d-e48dae25ddba", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "86850eff-2729-40c3-b85e-c4af26da4a2d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ @@ -28402,12 +28276,75 @@ "type": "uses" }, { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "dest-uuid": "1b7b1806-7746-41a1-a35d-e48dae25ddba", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, + { + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "351c0927-2fc1-4a2c-ad84-cbbee7eb8172", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3911658a-6506-4deb-9ab4-595a51ae71ad", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "541b64bc-87ec-4cc2-aaee-329355987853", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", "tags": [ @@ -28416,7 +28353,91 @@ "type": "uses" }, { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", + "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "86850eff-2729-40c3-b85e-c4af26da4a2d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a4657bc9-d22f-47d2-a7b7-dd6ec33f3dde", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -28437,35 +28458,14 @@ "type": "uses" }, { - "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3911658a-6506-4deb-9ab4-595a51ae71ad", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "351c0927-2fc1-4a2c-ad84-cbbee7eb8172", + "dest-uuid": "f5946b5e-9408-485f-a7f7-b5efc88909b6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -28488,11 +28488,11 @@ }, "related": [ { - "dest-uuid": "49025073-4cd3-43b8-b893-e80a1d3adc04", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ - "estimative-language:likelihood-probability=\"likely\"" + "estimative-language:likelihood-probability=\"almost-certain\"" ], - "type": "similar" + "type": "uses" }, { "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", @@ -28501,20 +28501,6 @@ ], "type": "uses" }, - { - "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ @@ -28523,7 +28509,21 @@ "type": "uses" }, { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "dest-uuid": "49025073-4cd3-43b8-b893-e80a1d3adc04", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -28563,6 +28563,13 @@ ] }, "related": [ + { + "dest-uuid": "8f0e39c6-82c9-41ec-9f93-5696c0f2e274", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", "tags": [ @@ -28576,13 +28583,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "8f0e39c6-82c9-41ec-9f93-5696c0f2e274", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "c709da93-20c3-4d17-ab68-48cba76b2137", @@ -28604,20 +28604,6 @@ ] }, "related": [ - { - "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", "tags": [ @@ -28632,12 +28618,26 @@ ], "type": "uses" }, + { + "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "936be60d-90eb-4c36-9247-4b31128432c4", @@ -28652,63 +28652,14 @@ ], "refs": [ "https://attack.mitre.org/software/S0431", - "https://www.us-cert.gov/ncas/analysis-reports/ar20-045d", - "https://www.carbonblack.com/2020/04/16/vmware-carbon-black-tau-threat-analysis-the-evolution-of-lazarus/" + "https://www.carbonblack.com/2020/04/16/vmware-carbon-black-tau-threat-analysis-the-evolution-of-lazarus/", + "https://www.us-cert.gov/ncas/analysis-reports/ar20-045d" ], "synonyms": [ "HotCroissant" ] }, "related": [ - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ @@ -28716,13 +28667,6 @@ ], "type": "uses" }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ @@ -28731,49 +28675,14 @@ "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", + "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -28786,6 +28695,34 @@ ], "type": "uses" }, + { + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ @@ -28793,12 +28730,75 @@ ], "type": "uses" }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "aad11e34-02ca-4220-91cd-2ed420af4db3", @@ -28812,8 +28812,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0134", - "http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part3.pdf" + "http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part3.pdf", + "https://attack.mitre.org/software/S0134" ], "synonyms": [ "Downdelph", @@ -28822,28 +28822,14 @@ }, "related": [ { - "dest-uuid": "837a295c-15ff-41c0-9b7e-5f2fb502b00a", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "e6a077cb-42cc-4193-9006-9ceda8c0dff2", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "f7c0689c-4dbd-489b-81be-7cb7c7079ade", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -28856,6 +28842,13 @@ ], "type": "uses" }, + { + "dest-uuid": "837a295c-15ff-41c0-9b7e-5f2fb502b00a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ @@ -28864,7 +28857,14 @@ "type": "uses" }, { - "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", + "dest-uuid": "e6a077cb-42cc-4193-9006-9ceda8c0dff2", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f7c0689c-4dbd-489b-81be-7cb7c7079ade", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -28884,8 +28884,8 @@ "refs": [ "https://attack.mitre.org/software/S0143", "https://securelist.com/the-flame-questions-and-answers-51/34344/", - "https://www.symantec.com/connect/blogs/flamer-recipe-bluetoothache", - "https://www.crysys.hu/publications/files/skywiper.pdf" + "https://www.crysys.hu/publications/files/skywiper.pdf", + "https://www.symantec.com/connect/blogs/flamer-recipe-bluetoothache" ], "synonyms": [ "Flame", @@ -28895,21 +28895,7 @@ }, "related": [ { - "dest-uuid": "d7963066-62ed-4494-9b8c-4b8b691a7c82", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "613d08bc-e8f4-4791-80b0-c8b974340dfd", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -28923,21 +28909,21 @@ "type": "uses" }, { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "b8cfed42-6a8a-4989-ad72-541af74475ec", + "dest-uuid": "613d08bc-e8f4-4791-80b0-c8b974340dfd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -28958,11 +28944,25 @@ "type": "uses" }, { - "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", + "dest-uuid": "b8cfed42-6a8a-4989-ad72-541af74475ec", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d7963066-62ed-4494-9b8c-4b8b691a7c82", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "ff6840c9-4c87-4d07-bbb6-9f50aa33d498", @@ -28985,6 +28985,13 @@ ] }, "related": [ + { + "dest-uuid": "09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "tags": [ @@ -28993,21 +29000,14 @@ "type": "uses" }, { - "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", + "dest-uuid": "2acf44aa-542f-4366-b4eb-55ef5747759c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -29021,14 +29021,56 @@ "type": "uses" }, { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -29048,54 +29090,12 @@ ], "type": "uses" }, - { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2acf44aa-542f-4366-b4eb-55ef5747759c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "f7827069-0bf2-4764-af4f-23fae0d181b7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "6a92d80f-cc65-45f6-aa66-3cdea6786b3c", @@ -29118,7 +29118,7 @@ }, "related": [ { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -29131,13 +29131,6 @@ ], "type": "uses" }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ @@ -29158,6 +29151,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "a2282af0-f9dd-4373-9b92-eaf9e11e0c71", @@ -29180,48 +29180,6 @@ ] }, "related": [ - { - "dest-uuid": "6836813e-8ec8-4375-b459-abb388cb1a35", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ @@ -29236,6 +29194,13 @@ ], "type": "uses" }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b", "tags": [ @@ -29243,6 +29208,41 @@ ], "type": "uses" }, + { + "dest-uuid": "6836813e-8ec8-4375-b459-abb388cb1a35", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ @@ -29251,7 +29251,7 @@ "type": "uses" }, { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -29269,9 +29269,9 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0135", + "http://www.sekoia.fr/blog/wp-content/uploads/2016/10/Rootkit-analysis-Use-case-on-HIDEDRV-v1.6.pdf", "http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part3.pdf", - "http://www.sekoia.fr/blog/wp-content/uploads/2016/10/Rootkit-analysis-Use-case-on-HIDEDRV-v1.6.pdf" + "https://attack.mitre.org/software/S0135" ], "synonyms": [ "HIDEDRV" @@ -29279,14 +29279,14 @@ }, "related": [ { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", + "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -29312,27 +29312,6 @@ ] }, "related": [ - { - "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ @@ -29340,20 +29319,6 @@ ], "type": "uses" }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ @@ -29362,21 +29327,21 @@ "type": "uses" }, { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -29390,7 +29355,28 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -29402,6 +29388,20 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "95e2cbae-d82c-4f7b-b63c-16462015d35d", @@ -29424,13 +29424,6 @@ ] }, "related": [ - { - "dest-uuid": "8269e779-db23-4c94-aafb-36ee94879417", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "667e5707-3843-4da8-bd34-88b922526f0d", "tags": [ @@ -29438,6 +29431,13 @@ ], "type": "uses" }, + { + "dest-uuid": "8269e779-db23-4c94-aafb-36ee94879417", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", "tags": [ @@ -29467,98 +29467,7 @@ }, "related": [ { - "dest-uuid": "10ffac09-e42d-4f56-ab20-db94c67d76ff", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "544b0346-29ad-41e1-a808-501bb4193f47", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4bc31b94-045b-4752-8920-aebaebdb6470", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "118f61a5-eb3e-4fb6-931f-2096647f4ecd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "389735f1-f21c-4208-b8f0-f8031e7169b8", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -29572,63 +29481,14 @@ "type": "uses" }, { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "dest-uuid": "10ffac09-e42d-4f56-ab20-db94c67d76ff", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "34e793de-0274-4982-9c1a-246ed1c19dee", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "dest-uuid": "118f61a5-eb3e-4fb6-931f-2096647f4ecd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -29641,6 +29501,90 @@ ], "type": "uses" }, + { + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "34e793de-0274-4982-9c1a-246ed1c19dee", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "389735f1-f21c-4208-b8f0-f8031e7169b8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", "tags": [ @@ -29649,7 +29593,77 @@ "type": "uses" }, { - "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", + "dest-uuid": "4bc31b94-045b-4752-8920-aebaebdb6470", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "544b0346-29ad-41e1-a808-501bb4193f47", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -29677,56 +29691,21 @@ "type": "uses" }, { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f7827069-0bf2-4764-af4f-23fae0d181b7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -29740,14 +29719,35 @@ "type": "uses" }, { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f7827069-0bf2-4764-af4f-23fae0d181b7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -29766,9 +29766,9 @@ ], "refs": [ "https://attack.mitre.org/software/S0153", - "https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf", + "https://twitter.com/ItsReallyNick/status/850105140589633536", "https://www.fireeye.com/blog/threat-research/2017/04/apt10_menupass_grou.html", - "https://twitter.com/ItsReallyNick/status/850105140589633536" + "https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf" ], "synonyms": [ "RedLeaves", @@ -29776,62 +29776,6 @@ ] }, "related": [ - { - "dest-uuid": "ad6a1b4a-6d79-40d4-adb7-1d7ca697347e", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "90124cc8-1205-4e63-83ad-5c45a110b1e6", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "a70e93a7-3578-47e1-9926-0818979ed866", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ @@ -29839,48 +29783,6 @@ ], "type": "uses" }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ @@ -29889,28 +29791,7 @@ "type": "uses" }, { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -29923,6 +29804,20 @@ ], "type": "uses" }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", "tags": [ @@ -29930,12 +29825,117 @@ ], "type": "uses" }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "90124cc8-1205-4e63-83ad-5c45a110b1e6", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a70e93a7-3578-47e1-9926-0818979ed866", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "ad6a1b4a-6d79-40d4-adb7-1d7ca697347e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "17b40f60-729f-4fe8-8aea-cc9ee44a95d5", @@ -29949,8 +29949,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0136", "http://www.welivesecurity.com/2014/11/11/sednit-espionage-group-attacking-air-gapped-networks/", + "https://attack.mitre.org/software/S0136", "https://securelist.com/sofacy-apt-hits-high-profile-targets-with-updated-toolset/72924/" ], "synonyms": [ @@ -29961,14 +29961,14 @@ }, "related": [ { - "dest-uuid": "44909efb-7cd3-42e3-b225-9f3e96b5f362", + "dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec", "tags": [ - "estimative-language:likelihood-probability=\"likely\"" + "estimative-language:likelihood-probability=\"almost-certain\"" ], - "type": "similar" + "type": "uses" }, { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -29982,42 +29982,7 @@ "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "64196062-5210-42c3-9a02-563a0d1797ef", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -30031,7 +29996,28 @@ "type": "uses" }, { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "44909efb-7cd3-42e3-b225-9f3e96b5f362", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "64196062-5210-42c3-9a02-563a0d1797ef", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -30045,7 +30031,14 @@ "type": "uses" }, { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -30059,7 +30052,14 @@ "type": "uses" }, { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -30085,153 +30085,6 @@ ] }, "related": [ - { - "dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "10ffac09-e42d-4f56-ab20-db94c67d76ff", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a19e86f8-1c0a-4fea-8407-23b73d615776", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "544b0346-29ad-41e1-a808-501bb4193f47", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2cd950a6-16c4-404a-aa01-044322395107", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b8902400-e6c5-4ba2-95aa-2d35b442b118", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ @@ -30239,20 +30092,6 @@ ], "type": "uses" }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ @@ -30260,6 +30099,13 @@ ], "type": "uses" }, + { + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "tags": [ @@ -30267,12 +30113,166 @@ ], "type": "uses" }, + { + "dest-uuid": "10ffac09-e42d-4f56-ab20-db94c67d76ff", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2cd950a6-16c4-404a-aa01-044322395107", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "544b0346-29ad-41e1-a808-501bb4193f47", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a19e86f8-1c0a-4fea-8407-23b73d615776", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b8902400-e6c5-4ba2-95aa-2d35b442b118", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "77e0ecf7-ca91-4c06-8012-8e728986a87a", @@ -30293,20 +30293,6 @@ ] }, "related": [ - { - "dest-uuid": "c3c20c4b-e12a-42e5-960a-eea4644014f4", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "2acf44aa-542f-4366-b4eb-55ef5747759c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ @@ -30321,12 +30307,26 @@ ], "type": "uses" }, + { + "dest-uuid": "2acf44aa-542f-4366-b4eb-55ef5747759c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "c3c20c4b-e12a-42e5-960a-eea4644014f4", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "234e7770-99b0-4f65-b983-d3230f76a60b", @@ -30341,9 +30341,9 @@ ], "refs": [ "https://attack.mitre.org/software/S0137", + "https://securelist.com/a-slice-of-2017-sofacy-activity/83930/", "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-apt28.pdf", - "https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf", - "https://securelist.com/a-slice-of-2017-sofacy-activity/83930/" + "https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf" ], "synonyms": [ "CORESHELL", @@ -30352,6 +30352,20 @@ ] }, "related": [ + { + "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "1de47f51-1f20-403b-a2e1-5eaabe275faa", "tags": [ @@ -30359,6 +30373,20 @@ ], "type": "similar" }, + { + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "3948ce95-468e-4ce1-82b1-57439c6d6afd", "tags": [ @@ -30367,14 +30395,7 @@ "type": "similar" }, { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -30395,28 +30416,7 @@ "type": "uses" }, { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -30483,6 +30483,13 @@ ] }, "related": [ + { + "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ @@ -30491,14 +30498,7 @@ "type": "uses" }, { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", + "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -30526,7 +30526,7 @@ "type": "uses" }, { - "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -30553,14 +30553,14 @@ }, "related": [ { - "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", + "dest-uuid": "3dd58c80-4c2e-458c-9503-1b2cd273c4d2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "3dd58c80-4c2e-458c-9503-1b2cd273c4d2", + "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -30596,14 +30596,14 @@ }, "related": [ { - "dest-uuid": "6d1e2736-d363-49aa-9054-9c9e4ac0c520", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ - "estimative-language:likelihood-probability=\"likely\"" + "estimative-language:likelihood-probability=\"almost-certain\"" ], - "type": "similar" + "type": "uses" }, { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -30624,18 +30624,11 @@ "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "6d1e2736-d363-49aa-9054-9c9e4ac0c520", "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" + "estimative-language:likelihood-probability=\"likely\"" ], - "type": "uses" - }, - { - "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" + "type": "similar" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", @@ -30643,6 +30636,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "2dd34b01-6110-4aac-835d-b5e7b936b0be", @@ -30665,21 +30665,7 @@ }, "related": [ { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -30693,7 +30679,21 @@ "type": "uses" }, { - "dest-uuid": "ad255bfe-a9e6-4b52-a258-8d3462abe842", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -30707,21 +30707,7 @@ "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "dest-uuid": "ad255bfe-a9e6-4b52-a258-8d3462abe842", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -30733,6 +30719,20 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "432555de-63bf-4f2a-a3fa-f720a4561078", @@ -30755,14 +30755,21 @@ }, "related": [ { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -30783,21 +30790,7 @@ "type": "uses" }, { - "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b", + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -30811,14 +30804,7 @@ "type": "uses" }, { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -30832,7 +30818,21 @@ "type": "uses" }, { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -30885,6 +30885,69 @@ ] }, "related": [ + { + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "c79f5876-e3b9-417a-8eaf-8f1b01a0fecd", "tags": [ @@ -30899,69 +30962,6 @@ ], "type": "uses" }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", "tags": [ @@ -30970,7 +30970,7 @@ "type": "uses" }, { - "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -30998,7 +30998,7 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -31017,8 +31017,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0414", - "https://unit42.paloaltonetworks.com/new-babyshark-malware-targets-u-s-national-security-think-tanks/", - "https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/" + "https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/", + "https://unit42.paloaltonetworks.com/new-babyshark-malware-targets-u-s-national-security-think-tanks/" ], "synonyms": [ "BabyShark" @@ -31026,7 +31026,56 @@ }, "related": [ { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -31047,35 +31096,7 @@ "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -31089,35 +31110,14 @@ "type": "uses" }, { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -31142,12 +31142,12 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0144", - "http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-malware-new-attacks-japanese-academics-organizations/", "http://blog.jpcert.or.jp/2017/02/chches-malware--93d6.html", - "https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf", + "http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-malware-new-attacks-japanese-academics-organizations/", + "https://attack.mitre.org/software/S0144", + "https://twitter.com/ItsReallyNick/status/850105140589633536", "https://www.fireeye.com/blog/threat-research/2017/04/apt10_menupass_grou.html", - "https://twitter.com/ItsReallyNick/status/850105140589633536" + "https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf" ], "synonyms": [ "ChChes", @@ -31157,28 +31157,7 @@ }, "related": [ { - "dest-uuid": "d71604d2-a17e-4b4e-82be-19cb54f93161", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "6eee9bf9-ffce-4c88-a5ad-9d80f6fc727c", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -31192,7 +31171,7 @@ "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -31206,7 +31185,7 @@ "type": "uses" }, { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -31220,7 +31199,14 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "6eee9bf9-ffce-4c88-a5ad-9d80f6fc727c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -31234,12 +31220,26 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d71604d2-a17e-4b4e-82be-19cb54f93161", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ @@ -31248,7 +31248,7 @@ "type": "uses" }, { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -31267,8 +31267,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0441", - "https://unit42.paloaltonetworks.com/unit42-inception-attackers-target-europe-year-old-office-vulnerability/", - "https://securelist.com/recent-cloud-atlas-activity/92016/" + "https://securelist.com/recent-cloud-atlas-activity/92016/", + "https://unit42.paloaltonetworks.com/unit42-inception-attackers-target-europe-year-old-office-vulnerability/" ], "synonyms": [ "PowerShower" @@ -31283,14 +31283,35 @@ "type": "uses" }, { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -31303,6 +31324,27 @@ ], "type": "uses" }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", "tags": [ @@ -31325,49 +31367,7 @@ "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -31394,7 +31394,14 @@ }, "related": [ { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "dest-uuid": "0a5231ec-41af-4a35-83d0-6bdf11f28c65", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -31407,26 +31414,19 @@ ], "type": "uses" }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "0a5231ec-41af-4a35-83d0-6bdf11f28c65", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "56d10a7f-bb42-4267-9b4c-63abb9c06010", @@ -31440,9 +31440,9 @@ "Windows" ], "refs": [ + "http://blog.talosintelligence.com/2017/03/dnsmessenger.html", "https://attack.mitre.org/software/S0145", - "https://www.fireeye.com/blog/threat-research/2017/03/fin7_spear_phishing.html", - "http://blog.talosintelligence.com/2017/03/dnsmessenger.html" + "https://www.fireeye.com/blog/threat-research/2017/03/fin7_spear_phishing.html" ], "synonyms": [ "POWERSOURCE", @@ -31451,11 +31451,25 @@ }, "related": [ { - "dest-uuid": "ee8ccb36-2596-43a3-a044-b8721dbeb2ab", + "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", "tags": [ - "estimative-language:likelihood-probability=\"likely\"" + "estimative-language:likelihood-probability=\"almost-certain\"" ], - "type": "similar" + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" }, { "dest-uuid": "b376580e-aba1-4ac9-9c2d-2df429efecf6", @@ -31471,13 +31485,6 @@ ], "type": "uses" }, - { - "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ @@ -31485,26 +31492,19 @@ ], "type": "uses" }, + { + "dest-uuid": "ee8ccb36-2596-43a3-a044-b8721dbeb2ab", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "f2857333-11d4-45bf-b064-2c28d8525be5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "17e919aa-4a49-445c-b103-dbb8df9e7351", @@ -31527,6 +31527,20 @@ ] }, "related": [ + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336", "tags": [ @@ -31535,21 +31549,7 @@ "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "573ad264-1371-4ae0-8482-d2673b719dba", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -31563,21 +31563,14 @@ "type": "uses" }, { - "dest-uuid": "cd25c1b4-935c-4f0e-ba8d-552f28bc4783", + "dest-uuid": "810aa4ad-61c9-49cb-993f-daa06199421d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b5327dd1-6bf9-4785-a199-25bcbd1f4a9d", + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -31597,6 +31590,34 @@ ], "type": "uses" }, + { + "dest-uuid": "b5327dd1-6bf9-4785-a199-25bcbd1f4a9d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cd25c1b4-935c-4f0e-ba8d-552f28bc4783", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", "tags": [ @@ -31605,28 +31626,7 @@ "type": "uses" }, { - "dest-uuid": "810aa4ad-61c9-49cb-993f-daa06199421d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "573ad264-1371-4ae0-8482-d2673b719dba", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -31660,8 +31660,8 @@ "refs": [ "https://attack.mitre.org/software/S0514", "https://us-cert.cisa.gov/ncas/analysis-reports/ar20-198b", - "https://www.pwc.co.uk/issues/cyber-security-services/insights/cleaning-up-after-wellmess.html", - "https://www.ncsc.gov.uk/files/Advisory-APT29-targets-COVID-19-vaccine-development-V1-1.pdf" + "https://www.ncsc.gov.uk/files/Advisory-APT29-targets-COVID-19-vaccine-development-V1-1.pdf", + "https://www.pwc.co.uk/issues/cyber-security-services/insights/cleaning-up-after-wellmess.html" ], "synonyms": [ "WellMess" @@ -31669,84 +31669,7 @@ }, "related": [ { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f7c0689c-4dbd-489b-81be-7cb7c7079ade", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -31767,7 +31690,84 @@ "type": "uses" }, { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f7c0689c-4dbd-489b-81be-7cb7c7079ade", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -31785,9 +31785,9 @@ "Windows" ], "refs": [ + "http://blog.talosintelligence.com/2017/03/dnsmessenger.html", "https://attack.mitre.org/software/S0146", - "https://www.fireeye.com/blog/threat-research/2017/03/fin7_spear_phishing.html", - "http://blog.talosintelligence.com/2017/03/dnsmessenger.html" + "https://www.fireeye.com/blog/threat-research/2017/03/fin7_spear_phishing.html" ], "synonyms": [ "TEXTMATE", @@ -31796,11 +31796,11 @@ }, "related": [ { - "dest-uuid": "ee8ccb36-2596-43a3-a044-b8721dbeb2ab", + "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", "tags": [ - "estimative-language:likelihood-probability=\"likely\"" + "estimative-language:likelihood-probability=\"almost-certain\"" ], - "type": "similar" + "type": "uses" }, { "dest-uuid": "b376580e-aba1-4ac9-9c2d-2df429efecf6", @@ -31810,18 +31810,18 @@ "type": "similar" }, { - "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "ee8ccb36-2596-43a3-a044-b8721dbeb2ab", "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" + "estimative-language:likelihood-probability=\"likely\"" ], - "type": "uses" + "type": "similar" } ], "uuid": "4f6aa78c-c3d4-4883-9840-96ca2f5d6d47", @@ -31843,13 +31843,6 @@ ] }, "related": [ - { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ @@ -31858,14 +31851,21 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -31884,8 +31884,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0461", - "https://www.proofpoint.com/us/threat-insight/post/ta505-distributes-new-sdbbot-remote-access-trojan-get2-downloader", - "https://securityintelligence.com/posts/ta505-continues-to-infect-networks-with-sdbbot-rat/" + "https://securityintelligence.com/posts/ta505-continues-to-infect-networks-with-sdbbot-rat/", + "https://www.proofpoint.com/us/threat-insight/post/ta505-distributes-new-sdbbot-remote-access-trojan-get2-downloader" ], "synonyms": [ "SDBbot" @@ -31893,21 +31893,49 @@ }, "related": [ { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "42fe883a-21ea-4cfb-b94a-78b6476dcc83", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6d4a7fb3-5a24-42be-ae61-6728a2b581f6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -31921,7 +31949,56 @@ "type": "uses" }, { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", + "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -31942,91 +32019,14 @@ "type": "uses" }, { - "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "42fe883a-21ea-4cfb-b94a-78b6476dcc83", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6d4a7fb3-5a24-42be-ae61-6728a2b581f6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -32060,14 +32060,14 @@ "type": "uses" }, { - "dest-uuid": "f5946b5e-9408-485f-a7f7-b5efc88909b6", + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "f5946b5e-9408-485f-a7f7-b5efc88909b6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -32085,14 +32085,28 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0164", - "http://www.clearskysec.com/wp-content/uploads/2017/07/Operation_Wilted_Tulip.pdf" + "http://www.clearskysec.com/wp-content/uploads/2017/07/Operation_Wilted_Tulip.pdf", + "https://attack.mitre.org/software/S0164" ], "synonyms": [ "TDTESS" ] }, "related": [ + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "99d83ee8-6870-4af2-a3c8-cf86baff7cb3", "tags": [ @@ -32107,13 +32121,6 @@ ], "type": "uses" }, - { - "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ @@ -32127,13 +32134,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "0b32ec39-ba61-4864-9ebe-b4b0b73caf9a", @@ -32156,13 +32156,6 @@ ] }, "related": [ - { - "dest-uuid": "3aef9463-9a7a-43ba-8957-a867e07c1e6a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ @@ -32170,55 +32163,6 @@ ], "type": "uses" }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7dd95ff6-712e-4056-9626-312ea4ab4c5e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "451a9977-d255-43c9-b431-66de80130c8c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ @@ -32227,14 +32171,21 @@ "type": "uses" }, { - "dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2", + "dest-uuid": "3aef9463-9a7a-43ba-8957-a867e07c1e6a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "960c3c86-1480-4d72-b4e0-8c242e84a5c5", + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "451a9977-d255-43c9-b431-66de80130c8c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -32247,6 +32198,27 @@ ], "type": "uses" }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7dd95ff6-712e-4056-9626-312ea4ab4c5e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "960c3c86-1480-4d72-b4e0-8c242e84a5c5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "a19e86f8-1c0a-4fea-8407-23b73d615776", "tags": [ @@ -32254,12 +32226,40 @@ ], "type": "uses" }, + { + "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "9abdda30-08e0-4ab1-9cf0-d447654c6de9", @@ -32281,13 +32281,6 @@ ] }, "related": [ - { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ @@ -32296,14 +32289,14 @@ "type": "uses" }, { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -32324,7 +32317,7 @@ "type": "uses" }, { - "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -32336,6 +32329,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "04fc1842-f9e4-47cf-8cb8-5c61becad142", @@ -32360,41 +32360,6 @@ ] }, "related": [ - { - "dest-uuid": "d5138738-846e-4466-830c-cd2bb6ad09cf", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "82caa33e-d11a-433a-94ea-9b5a5fbef81d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ @@ -32403,7 +32368,7 @@ "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -32417,28 +32382,7 @@ "type": "uses" }, { - "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -32451,6 +32395,13 @@ ], "type": "uses" }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ @@ -32458,6 +32409,27 @@ ], "type": "uses" }, + { + "dest-uuid": "82caa33e-d11a-433a-94ea-9b5a5fbef81d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ @@ -32466,7 +32438,28 @@ "type": "uses" }, { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d5138738-846e-4466-830c-cd2bb6ad09cf", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -32480,7 +32473,14 @@ "type": "uses" }, { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -32507,35 +32507,7 @@ }, "related": [ { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -32548,6 +32520,34 @@ ], "type": "uses" }, + { + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ @@ -32556,7 +32556,7 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -32583,112 +32583,7 @@ }, "related": [ { - "dest-uuid": "63f6df51-4de3-495a-864f-0a7e30c3b419", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -32702,7 +32597,14 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -32715,6 +32617,97 @@ ], "type": "uses" }, + { + "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "63f6df51-4de3-495a-864f-0a7e30c3b419", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ @@ -32723,7 +32716,14 @@ "type": "uses" }, { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -32742,8 +32742,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0418", - "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/", - "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/" + "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/", + "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/" ], "synonyms": [ "ViceLeaker", @@ -32751,48 +32751,6 @@ ] }, "related": [ - { - "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8e27551a-5080-4148-a584-c64348212e4f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", "tags": [ @@ -32801,28 +32759,7 @@ "type": "uses" }, { - "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", + "dest-uuid": "2bb20118-e6c0-41dc-a07c-283ea4dd0fb8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -32836,14 +32773,77 @@ "type": "uses" }, { - "dest-uuid": "fd658820-cbba-4c95-8ac9-0fac6b1099e2", + "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "2bb20118-e6c0-41dc-a07c-283ea4dd0fb8", + "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8e27551a-5080-4148-a584-c64348212e4f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "fd658820-cbba-4c95-8ac9-0fac6b1099e2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -32862,8 +32862,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0148", - "https://www.welivesecurity.com/wp-content/uploads/2017/02/Read-The-Manual.pdf", - "https://unit42.paloaltonetworks.com/russian-language-malspam-pushing-redaman-banking-malware/" + "https://unit42.paloaltonetworks.com/russian-language-malspam-pushing-redaman-banking-malware/", + "https://www.welivesecurity.com/wp-content/uploads/2017/02/Read-The-Manual.pdf" ], "synonyms": [ "RTM", @@ -32872,14 +32872,7 @@ }, "related": [ { - "dest-uuid": "e6952b4d-e96d-4641-a88f-60074776d553", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -32892,132 +32885,6 @@ ], "type": "uses" }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "82caa33e-d11a-433a-94ea-9b5a5fbef81d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ @@ -33025,6 +32892,20 @@ ], "type": "uses" }, + { + "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", "tags": [ @@ -33033,7 +32914,49 @@ "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -33047,14 +32970,21 @@ "type": "uses" }, { - "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "7bd9c723-2f78-4309-82c5-47cad406572b", + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -33068,7 +32998,49 @@ "type": "uses" }, { - "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bd9c723-2f78-4309-82c5-47cad406572b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "82caa33e-d11a-433a-94ea-9b5a5fbef81d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -33082,7 +33054,14 @@ "type": "uses" }, { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -33095,6 +33074,62 @@ ], "type": "uses" }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6952b4d-e96d-4641-a88f-60074776d553", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", "tags": [ @@ -33108,41 +33143,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "92ec0cbd-2c30-44a2-b270-73f4ec949841", @@ -33164,6 +33164,20 @@ ] }, "related": [ + { + "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "bd4d32f5-eed4-4018-a649-40b229dd1d69", "tags": [ @@ -33172,7 +33186,7 @@ "type": "uses" }, { - "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", + "dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -33191,20 +33205,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "f79c01eb-2954-40d8-a819-00b342f47ce7", @@ -33218,8 +33218,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0149", - "http://researchcenter.paloaltonetworks.com/2017/03/unit42-trochilus-rat-new-moonwind-rat-used-attack-thai-utility-organizations/" + "http://researchcenter.paloaltonetworks.com/2017/03/unit42-trochilus-rat-new-moonwind-rat-used-attack-thai-utility-organizations/", + "https://attack.mitre.org/software/S0149" ], "synonyms": [ "MoonWind" @@ -33227,98 +33227,7 @@ }, "related": [ { - "dest-uuid": "f266754c-d0aa-4918-95a3-73b28eaa66e3", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "76ec1827-68a1-488f-9899-2b788ea8db64", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "8465177f-16c8-47fc-a4c8-f4c0409fe460", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -33331,6 +33240,20 @@ ], "type": "uses" }, + { + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ @@ -33339,12 +33262,33 @@ "type": "uses" }, { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "76ec1827-68a1-488f-9899-2b788ea8db64", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ @@ -33352,6 +33296,27 @@ ], "type": "uses" }, + { + "dest-uuid": "8465177f-16c8-47fc-a4c8-f4c0409fe460", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", "tags": [ @@ -33360,7 +33325,42 @@ "type": "uses" }, { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f266754c-d0aa-4918-95a3-73b28eaa66e3", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -33379,8 +33379,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0491", - "https://www.bitdefender.com/files/News/CaseStudies/study/353/Bitdefender-Whitepaper-StrongPity-APT.pdf", - "https://blog.talosintelligence.com/2020/06/promethium-extends-with-strongpity3.html" + "https://blog.talosintelligence.com/2020/06/promethium-extends-with-strongpity3.html", + "https://www.bitdefender.com/files/News/CaseStudies/study/353/Bitdefender-Whitepaper-StrongPity-APT.pdf" ], "synonyms": [ "StrongPity" @@ -33388,14 +33388,7 @@ }, "related": [ { - "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -33408,97 +33401,6 @@ ], "type": "uses" }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ @@ -33506,27 +33408,6 @@ ], "type": "uses" }, - { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ @@ -33535,21 +33416,42 @@ "type": "uses" }, { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -33563,7 +33465,105 @@ "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -33593,7 +33593,7 @@ "type": "uses" }, { - "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -33621,7 +33621,7 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -33645,28 +33645,7 @@ }, "related": [ { - "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cf28ca46-1fd3-46b4-b1f6-ec0b72361848", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "702055ac-4e54-4ae9-9527-e23a38e0b160", + "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -33679,48 +33658,6 @@ ], "type": "uses" }, - { - "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b327a9c0-e709-495c-aa6e-00b042136e2b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", "tags": [ @@ -33729,21 +33666,7 @@ "type": "uses" }, { - "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "73c26732-6422-4081-8b63-6d0ae93d449e", + "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -33756,12 +33679,89 @@ ], "type": "uses" }, + { + "dest-uuid": "702055ac-4e54-4ae9-9527-e23a38e0b160", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "73c26732-6422-4081-8b63-6d0ae93d449e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b327a9c0-e709-495c-aa6e-00b042136e2b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "cde2cb84-455e-410c-8aa9-086f2788bcd2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "cf28ca46-1fd3-46b4-b1f6-ec0b72361848", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "0b9c5d11-651a-4378-b129-5c584d0242c5", @@ -33784,6 +33784,13 @@ ] }, "related": [ + { + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ @@ -33792,14 +33799,7 @@ "type": "uses" }, { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -33813,7 +33813,21 @@ "type": "uses" }, { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -33832,20 +33846,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "959f3b19-2dc8-48d5-8942-c66813a5101a", @@ -33861,98 +33861,14 @@ "refs": [ "https://attack.mitre.org/software/S0615", "https://blogs.blackberry.com/en/2020/11/the-costaricto-campaign-cyber-espionage-outsourced", - "https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html", - "https://us-cert.cisa.gov/ncas/analysis-reports/ar21-126a" + "https://us-cert.cisa.gov/ncas/analysis-reports/ar21-126a", + "https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html" ], "synonyms": [ "SombRAT" ] }, "related": [ - { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ @@ -33967,6 +33883,55 @@ ], "type": "uses" }, + { + "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", "tags": [ @@ -33974,6 +33939,20 @@ ], "type": "uses" }, + { + "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ @@ -33982,7 +33961,14 @@ "type": "uses" }, { - "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -33996,7 +33982,7 @@ "type": "uses" }, { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -34010,7 +33996,21 @@ "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -34037,6 +34037,34 @@ ] }, "related": [ + { + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ @@ -34044,6 +34072,13 @@ ], "type": "uses" }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", "tags": [ @@ -34051,6 +34086,20 @@ ], "type": "uses" }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", "tags": [ @@ -34065,61 +34114,12 @@ ], "type": "uses" }, - { - "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "919a056e-5104-43b9-ad55-2ac929108b71", @@ -34134,8 +34134,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0516", - "https://www.ncsc.gov.uk/files/Advisory-APT29-targets-COVID-19-vaccine-development-V1-1.pdf", - "https://us-cert.cisa.gov/ncas/analysis-reports/ar20-198a" + "https://us-cert.cisa.gov/ncas/analysis-reports/ar20-198a", + "https://www.ncsc.gov.uk/files/Advisory-APT29-targets-COVID-19-vaccine-development-V1-1.pdf" ], "synonyms": [ "SoreFang" @@ -34143,35 +34143,7 @@ }, "related": [ { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -34185,28 +34157,7 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -34220,7 +34171,28 @@ "type": "uses" }, { - "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -34232,6 +34204,34 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "e33e4603-afab-402d-b2a1-248d435b5fe0", @@ -34261,14 +34261,14 @@ "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -34287,42 +34287,14 @@ ], "refs": [ "https://attack.mitre.org/software/S0561", - "https://unit42.paloaltonetworks.com/guloader-installing-netwire-rat/", - "https://elis531989.medium.com/dancing-with-shellcodes-cracking-the-latest-version-of-guloader-75083fb15cb4" + "https://elis531989.medium.com/dancing-with-shellcodes-cracking-the-latest-version-of-guloader-75083fb15cb4", + "https://unit42.paloaltonetworks.com/guloader-installing-netwire-rat/" ], "synonyms": [ "GuLoader" ] }, "related": [ - { - "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ @@ -34331,21 +34303,14 @@ "type": "uses" }, { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", + "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -34359,7 +34324,7 @@ "type": "uses" }, { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -34378,6 +34343,41 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "45c759ac-b490-48bb-80d4-c8eee3431027", @@ -34391,8 +34391,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0165", - "http://www.symantec.com/connect/blogs/buckeye-cyberespionage-group-shifts-gaze-us-hong-kong" + "http://www.symantec.com/connect/blogs/buckeye-cyberespionage-group-shifts-gaze-us-hong-kong", + "https://attack.mitre.org/software/S0165" ], "synonyms": [ "OSInfo" @@ -34400,21 +34400,7 @@ }, "related": [ { - "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -34435,7 +34421,7 @@ "type": "uses" }, { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -34448,13 +34434,6 @@ ], "type": "uses" }, - { - "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ @@ -34462,12 +34441,33 @@ ], "type": "uses" }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "f6d1d2cb-12f5-4221-9636-44606ea1f3f8", @@ -34490,11 +34490,11 @@ }, "related": [ { - "dest-uuid": "f4cac204-3d3f-4bb6-84bd-fc27b2f5158c", + "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", "tags": [ - "estimative-language:likelihood-probability=\"likely\"" + "estimative-language:likelihood-probability=\"almost-certain\"" ], - "type": "similar" + "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", @@ -34510,6 +34510,13 @@ ], "type": "uses" }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ @@ -34518,18 +34525,11 @@ "type": "uses" }, { - "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", + "dest-uuid": "f4cac204-3d3f-4bb6-84bd-fc27b2f5158c", "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" + "estimative-language:likelihood-probability=\"likely\"" ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" + "type": "similar" } ], "uuid": "9ca488bd-9587-48ef-b923-1743523e63b2", @@ -34551,13 +34551,6 @@ ] }, "related": [ - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "tags": [ @@ -34565,13 +34558,6 @@ ], "type": "uses" }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ @@ -34579,13 +34565,6 @@ ], "type": "uses" }, - { - "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ @@ -34593,27 +34572,6 @@ ], "type": "uses" }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "42fe883a-21ea-4cfb-b94a-78b6476dcc83", "tags": [ @@ -34622,7 +34580,7 @@ "type": "uses" }, { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -34635,12 +34593,54 @@ ], "type": "uses" }, + { + "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "7c0f17c9-1af6-4628-9cbd-9e45482dd605", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "bd7a9e13-69fa-4243-a5e5-04326a63f9f2", @@ -34710,6 +34710,13 @@ ] }, "related": [ + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", "tags": [ @@ -34730,13 +34737,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "f6ae7a52-f3b6-4525-9daf-640c083f006e", @@ -34759,14 +34759,14 @@ }, "related": [ { - "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", + "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "f7827069-0bf2-4764-af4f-23fae0d181b7", + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -34779,6 +34779,27 @@ ], "type": "uses" }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ @@ -34794,28 +34815,7 @@ "type": "uses" }, { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "f7827069-0bf2-4764-af4f-23fae0d181b7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -34841,20 +34841,6 @@ ] }, "related": [ - { - "dest-uuid": "6a42aa10-5b7e-43b0-8c58-414cdaeda453", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ @@ -34862,6 +34848,13 @@ ], "type": "uses" }, + { + "dest-uuid": "6a42aa10-5b7e-43b0-8c58-414cdaeda453", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ @@ -34869,6 +34862,13 @@ ], "type": "uses" }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ @@ -34897,21 +34897,14 @@ }, "related": [ { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -34925,21 +34918,7 @@ "type": "uses" }, { - "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -34958,6 +34937,27 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "6de9cad1-eed2-4e27-b0b5-39fa29349ea0", @@ -34971,8 +34971,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0166", - "http://www.symantec.com/connect/blogs/buckeye-cyberespionage-group-shifts-gaze-us-hong-kong" + "http://www.symantec.com/connect/blogs/buckeye-cyberespionage-group-shifts-gaze-us-hong-kong", + "https://attack.mitre.org/software/S0166" ], "synonyms": [ "RemoteCMD" @@ -34987,14 +34987,14 @@ "type": "uses" }, { - "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -35021,42 +35021,7 @@ }, "related": [ { - "dest-uuid": "4933e63b-9b77-476e-ab29-761bc5b7d15a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "41868330-6ee2-4d0f-b743-9f2294c3c9b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "0a5231ec-41af-4a35-83d0-6bdf11f28c65", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -35069,6 +35034,41 @@ ], "type": "uses" }, + { + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ @@ -35084,7 +35084,21 @@ "type": "uses" }, { - "dest-uuid": "c726e0a2-a57a-4b7b-a973-d0f013246617", + "dest-uuid": "41868330-6ee2-4d0f-b743-9f2294c3c9b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4933e63b-9b77-476e-ab29-761bc5b7d15a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -35098,7 +35112,7 @@ "type": "uses" }, { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -35112,42 +35126,7 @@ "type": "uses" }, { - "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0a5231ec-41af-4a35-83d0-6bdf11f28c65", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -35161,7 +35140,28 @@ "type": "uses" }, { - "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c726e0a2-a57a-4b7b-a973-d0f013246617", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -35187,6 +35187,13 @@ ] }, "related": [ + { + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", "tags": [ @@ -35195,14 +35202,7 @@ "type": "uses" }, { - "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -35223,7 +35223,7 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -35241,8 +35241,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0167", "http://www.clearskysec.com/wp-content/uploads/2017/07/Operation_Wilted_Tulip.pdf", + "https://attack.mitre.org/software/S0167", "https://s3-eu-west-1.amazonaws.com/minervaresearchpublic/CopyKittens/CopyKittens.pdf" ], "synonyms": [ @@ -35250,27 +35250,6 @@ ] }, "related": [ - { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ @@ -35279,14 +35258,7 @@ "type": "uses" }, { - "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -35306,6 +35278,27 @@ ], "type": "uses" }, + { + "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ @@ -35319,6 +35312,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "1cc934e4-b01d-4543-a011-b988dfc1a458", @@ -35338,20 +35338,6 @@ ] }, "related": [ - { - "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bd9c723-2f78-4309-82c5-47cad406572b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ @@ -35367,14 +35353,14 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "dest-uuid": "7bd9c723-2f78-4309-82c5-47cad406572b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -35387,12 +35373,26 @@ ], "type": "uses" }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "327b3a25-9e60-4431-b3b6-93b9c64eacbc", @@ -35406,8 +35406,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0176", "http://download.microsoft.com/download/E/B/0/EB0F50CC-989C-4B66-B7F6-68CD3DC90DE3/Microsoft_Security_Intelligence_Report_Volume_21_English.pdf", + "https://attack.mitre.org/software/S0176", "https://blogs.technet.microsoft.com/mmpc/2016/12/14/twin-zero-day-attacks-promethium-and-neodymium-target-individuals-in-europe/", "https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/Wingbird.A!dha" ], @@ -35417,7 +35417,14 @@ }, "related": [ { - "dest-uuid": "f0589bc3-a6ae-425a-a3d5-5659bfee07f4", + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -35430,20 +35437,6 @@ ], "type": "uses" }, - { - "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", "tags": [ @@ -35458,26 +35451,33 @@ ], "type": "uses" }, - { - "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f0589bc3-a6ae-425a-a3d5-5659bfee07f4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "a8d3d497-2da9-4797-8e0b-ed176be08654", @@ -35492,8 +35492,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0618", - "https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html", - "https://research.nccgroup.com/2021/06/15/handy-guide-to-a-new-fivehands-ransomware-variant/" + "https://research.nccgroup.com/2021/06/15/handy-guide-to-a-new-fivehands-ransomware-variant/", + "https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html" ], "synonyms": [ "FIVEHANDS" @@ -35508,14 +35508,7 @@ "type": "uses" }, { - "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -35529,14 +35522,21 @@ "type": "uses" }, { - "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", + "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -35550,7 +35550,7 @@ "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -35568,14 +35568,21 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0186", - "http://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf" + "http://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf", + "https://attack.mitre.org/software/S0186" ], "synonyms": [ "DownPaper" ] }, "related": [ + { + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "227862fd-ae83-4e3d-bb69-cc1a45a13aed", "tags": [ @@ -35591,14 +35598,14 @@ "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -35612,14 +35619,7 @@ "type": "uses" }, { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -35645,9 +35645,9 @@ ], "refs": [ "https://attack.mitre.org/software/S0168", - "https://www.welivesecurity.com/wp-content/uploads/2017/08/eset-gazer.pdf", "https://securelist.com/introducing-whitebear/81638/", - "https://www.welivesecurity.com/2020/12/02/turla-crutch-keeping-back-door-open/" + "https://www.welivesecurity.com/2020/12/02/turla-crutch-keeping-back-door-open/", + "https://www.welivesecurity.com/wp-content/uploads/2017/08/eset-gazer.pdf" ], "synonyms": [ "Gazer", @@ -35655,90 +35655,6 @@ ] }, "related": [ - { - "dest-uuid": "0a3047b3-6a38-48ff-8f9c-49a5c28e3ada", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ce4b7013-640e-48a9-b501-d0025a95f4bf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6836813e-8ec8-4375-b459-abb388cb1a35", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f2857333-11d4-45bf-b064-2c28d8525be5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ @@ -35746,27 +35662,6 @@ ], "type": "uses" }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "41d9846c-f6af-4302-a654-24bba2729bc6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ @@ -35774,12 +35669,117 @@ ], "type": "uses" }, + { + "dest-uuid": "0a3047b3-6a38-48ff-8f9c-49a5c28e3ada", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "41d9846c-f6af-4302-a654-24bba2729bc6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6836813e-8ec8-4375-b459-abb388cb1a35", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ce4b7013-640e-48a9-b501-d0025a95f4bf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f2857333-11d4-45bf-b064-2c28d8525be5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "76abb3ef-dafd-4762-97cb-a35379429db4", @@ -35805,7 +35805,7 @@ }, "related": [ { - "dest-uuid": "806a49c4-970d-43f9-9acc-ac0ee11e6662", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -35818,48 +35818,6 @@ ], "type": "uses" }, - { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b8902400-e6c5-4ba2-95aa-2d35b442b118", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ @@ -35867,62 +35825,6 @@ ], "type": "uses" }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d336b553-5da9-46ca-98a8-0b23f49fb447", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4bc31b94-045b-4752-8920-aebaebdb6470", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "tags": [ @@ -35930,6 +35832,41 @@ ], "type": "uses" }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4bc31b94-045b-4752-8920-aebaebdb6470", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "5e4a2073-9643-44cb-a0b5-e7f4048446c7", "tags": [ @@ -35937,6 +35874,34 @@ ], "type": "uses" }, + { + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "806a49c4-970d-43f9-9acc-ac0ee11e6662", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ @@ -35945,14 +35910,49 @@ "type": "uses" }, { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "b8902400-e6c5-4ba2-95aa-2d35b442b118", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d336b553-5da9-46ca-98a8-0b23f49fb447", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -35970,8 +35970,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0196", "http://blog.morphisec.com/security-alert-fin8-is-back", + "https://attack.mitre.org/software/S0196", "https://www.fireeye.com/blog/threat-research/2016/05/windows-zero-day-payment-cards.html", "https://www2.fireeye.com/WBNR-Know-Your-Enemy-UNC622-Spear-Phishing.html" ], @@ -35982,21 +35982,7 @@ }, "related": [ { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -36010,21 +35996,14 @@ "type": "uses" }, { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "dest-uuid": "0a5231ec-41af-4a35-83d0-6bdf11f28c65", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -36038,28 +36017,7 @@ "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0a5231ec-41af-4a35-83d0-6bdf11f28c65", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", + "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -36073,14 +36031,7 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -36093,12 +36044,61 @@ ], "type": "uses" }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "5c6ed2dc-37f4-40ea-b2e1-4c76140a388c", @@ -36120,6 +36120,13 @@ ] }, "related": [ + { + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "132d5b37-aac5-4378-a8dc-3127b18a73dc", "tags": [ @@ -36127,27 +36134,6 @@ ], "type": "uses" }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64", "tags": [ @@ -36163,7 +36149,14 @@ "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -36177,14 +36170,7 @@ "type": "uses" }, { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -36196,6 +36182,20 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "4d7bf2ac-f953-4907-b114-be44dc174d67", @@ -36209,13 +36209,13 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0169", - "https://www.kroll.com/en/insights/publications/malware-analysis-report-rawpos-malware", "http://sjc1-te-ftp.trendmicro.com/images/tex/pdf/RawPOS%20Technical%20Brief.pdf", + "https://attack.mitre.org/software/S0169", + "https://github.com/DiabloHorn/mempdump", "https://usa.visa.com/dam/VCOM/download/merchants/alert-rawpos.pdf", - "https://www.youtube.com/watch?v=fevGZs0EQu8", "https://www.darkreading.com/analytics/prolific-cybercrime-gang-favors-legit-login-credentials/d/d-id/1322645?", - "https://github.com/DiabloHorn/mempdump" + "https://www.kroll.com/en/insights/publications/malware-analysis-report-rawpos-malware", + "https://www.youtube.com/watch?v=fevGZs0EQu8" ], "synonyms": [ "RawPOS", @@ -36225,34 +36225,6 @@ ] }, "related": [ - { - "dest-uuid": "80f87001-ff40-4e33-bd12-12ed1a92d1d7", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b", "tags": [ @@ -36266,6 +36238,34 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "80f87001-ff40-4e33-bd12-12ed1a92d1d7", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "9752aef4-a1f3-4328-929f-b64eb0536090", @@ -36279,8 +36279,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0187", "http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-butler-daserf-backdoor-now-using-steganography/", + "https://attack.mitre.org/software/S0187", "https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses" ], "synonyms": [ @@ -36291,14 +36291,14 @@ }, "related": [ { - "dest-uuid": "70f6c71f-bc0c-4889-86e3-ef04e5b8415b", + "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ - "estimative-language:likelihood-probability=\"likely\"" + "estimative-language:likelihood-probability=\"almost-certain\"" ], - "type": "similar" + "type": "uses" }, { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -36312,7 +36312,21 @@ "type": "uses" }, { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -36332,6 +36346,34 @@ ], "type": "uses" }, + { + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "70f6c71f-bc0c-4889-86e3-ef04e5b8415b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "b0533c6e-8fea-4788-874f-b799cacc4b92", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ @@ -36340,7 +36382,7 @@ "type": "uses" }, { - "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -36366,48 +36408,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b0533c6e-8fea-4788-874f-b799cacc4b92", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "b6b3dfc7-9a81-43ff-ac04-698bad48973a", @@ -36421,10 +36421,10 @@ "Windows" ], "refs": [ + "http://download.microsoft.com/download/E/B/0/EB0F50CC-989C-4B66-B7F6-68CD3DC90DE3/Microsoft_Security_Intelligence_Report_Volume_21_English.pdf", "https://attack.mitre.org/software/S0178", - "https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/Truvasys.A!dha", "https://blogs.technet.microsoft.com/mmpc/2016/12/14/twin-zero-day-attacks-promethium-and-neodymium-target-individuals-in-europe/", - "http://download.microsoft.com/download/E/B/0/EB0F50CC-989C-4B66-B7F6-68CD3DC90DE3/Microsoft_Security_Intelligence_Report_Volume_21_English.pdf" + "https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/Truvasys.A!dha" ], "synonyms": [ "Truvasys" @@ -36468,7 +36468,7 @@ }, "related": [ { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -36482,7 +36482,7 @@ "type": "uses" }, { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -36509,14 +36509,14 @@ }, "related": [ { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -36537,9 +36537,9 @@ ], "refs": [ "https://attack.mitre.org/software/S0198", - "https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html", "https://securingtomorrow.mcafee.com/mcafee-labs/netwire-rat-behind-recent-targeted-attacks/", - "https://www.brighttalk.com/webcast/10703/275683" + "https://www.brighttalk.com/webcast/10703/275683", + "https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html" ], "synonyms": [ "NETWIRE" @@ -36547,77 +36547,7 @@ }, "related": [ { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b4b7458f-81f2-4d38-84be-1c5ba0167a52", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e0232cb0-ded5-4c2e-9dc7-2893142a5c11", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b8902400-e6c5-4ba2-95aa-2d35b442b118", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -36631,49 +36561,7 @@ "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d10cbd34-42e3-45c0-84d2-535a09849584", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -36686,48 +36574,6 @@ ], "type": "uses" }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "84601337-6a55-4ad7-9c35-79e0d1ea2ab3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2acf44aa-542f-4366-b4eb-55ef5747759c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ @@ -36736,35 +36582,7 @@ "type": "uses" }, { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -36778,14 +36596,35 @@ "type": "uses" }, { - "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "dest-uuid": "2acf44aa-542f-4366-b4eb-55ef5747759c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -36799,28 +36638,21 @@ "type": "uses" }, { - "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", + "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -36834,14 +36666,119 @@ "type": "uses" }, { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "84601337-6a55-4ad7-9c35-79e0d1ea2ab3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b4b7458f-81f2-4d38-84be-1c5ba0167a52", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b8902400-e6c5-4ba2-95aa-2d35b442b118", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -36853,6 +36790,69 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "d10cbd34-42e3-45c0-84d2-535a09849584", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e0232cb0-ded5-4c2e-9dc7-2893142a5c11", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "2a70812b-f1ef-44db-8578-a496a227aef2", @@ -36882,7 +36882,7 @@ "type": "uses" }, { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -36896,7 +36896,7 @@ "type": "uses" }, { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -36915,8 +36915,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0199", - "https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html", - "https://www.brighttalk.com/webcast/10703/275683" + "https://www.brighttalk.com/webcast/10703/275683", + "https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html" ], "synonyms": [ "TURNEDUP" @@ -36924,14 +36924,14 @@ }, "related": [ { - "dest-uuid": "fab34d66-5668-460a-bc0f-250b9417cdbf", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ - "estimative-language:likelihood-probability=\"likely\"" + "estimative-language:likelihood-probability=\"almost-certain\"" ], - "type": "similar" + "type": "uses" }, { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -36945,7 +36945,7 @@ "type": "uses" }, { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -36966,11 +36966,11 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "fab34d66-5668-460a-bc0f-250b9417cdbf", "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" + "estimative-language:likelihood-probability=\"likely\"" ], - "type": "uses" + "type": "similar" } ], "uuid": "db1355a7-e5c9-4e2c-8da7-eccf2ae9bf5c", @@ -36984,9 +36984,9 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0222", "http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html", - "http://www.intezer.com/evidence-aurora-operation-still-active-supply-chain-attack-through-ccleaner/" + "http://www.intezer.com/evidence-aurora-operation-still-active-supply-chain-attack-through-ccleaner/", + "https://attack.mitre.org/software/S0222" ], "synonyms": [ "CCBkdr" @@ -36994,14 +36994,14 @@ }, "related": [ { - "dest-uuid": "bd369cd9-abb8-41ce-b5bb-fff23ee86c00", + "dest-uuid": "118f61a5-eb3e-4fb6-931f-2096647f4ecd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "118f61a5-eb3e-4fb6-931f-2096647f4ecd", + "dest-uuid": "bd369cd9-abb8-41ce-b5bb-fff23ee86c00", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -37030,132 +37030,6 @@ ] }, "related": [ - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ @@ -37163,13 +37037,6 @@ ], "type": "uses" }, - { - "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ @@ -37177,20 +37044,6 @@ ], "type": "uses" }, - { - "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ @@ -37199,14 +37052,21 @@ "type": "uses" }, { - "dest-uuid": "4eeaf8a9-c86b-4954-a663-9555fb406466", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -37219,6 +37079,13 @@ ], "type": "uses" }, + { + "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64", "tags": [ @@ -37227,7 +37094,140 @@ "type": "uses" }, { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4eeaf8a9-c86b-4954-a663-9555fb406466", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -37245,28 +37245,14 @@ "Android" ], "refs": [ - "https://attack.mitre.org/software/S0322", - "http://arstechnica.com/security/2016/07/virulent-auto-rooting-malware-takes-control-of-10-million-android-devices/" + "http://arstechnica.com/security/2016/07/virulent-auto-rooting-malware-takes-control-of-10-million-android-devices/", + "https://attack.mitre.org/software/S0322" ], "synonyms": [ "HummingBad" ] }, "related": [ - { - "dest-uuid": "f5cacc72-f02a-42d1-a020-7a59650086bb", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "f981d199-2720-467e-9dc9-eea04dbe05cf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "351c0927-2fc1-4a2c-ad84-cbbee7eb8172", "tags": [ @@ -37280,6 +37266,20 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "f5cacc72-f02a-42d1-a020-7a59650086bb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f981d199-2720-467e-9dc9-eea04dbe05cf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "c8770c81-c29f-40d2-a140-38544206b2b4", @@ -37301,13 +37301,6 @@ ] }, "related": [ - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", "tags": [ @@ -37321,6 +37314,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "7451bcf9-e6e6-4a70-bc3d-1599173d0035", @@ -37344,14 +37344,7 @@ }, "related": [ { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -37364,6 +37357,55 @@ ], "type": "uses" }, + { + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7007935a-a8a7-4c0b-bd98-4e85be8ed197", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ @@ -37371,6 +37413,20 @@ ], "type": "uses" }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "c1b68a96-3c48-49ea-a6c0-9b27359f9c19", "tags": [ @@ -37384,62 +37440,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7007935a-a8a7-4c0b-bd98-4e85be8ed197", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "04227b24-7817-4de1-9050-b7b1b57f5866", @@ -37461,41 +37461,6 @@ ] }, "related": [ - { - "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d9e88203-2b5d-405f-a406-2933b1e3d7e4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "73c26732-6422-4081-8b63-6d0ae93d449e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", "tags": [ @@ -37503,6 +37468,20 @@ ], "type": "uses" }, + { + "dest-uuid": "1b51f5bc-b97a-498a-8dbd-bc6b1901bf19", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "351ddf79-2d3a-41b4-9bef-82ea5d3ccd69", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "3dd58c80-4c2e-458c-9503-1b2cd273c4d2", "tags": [ @@ -37510,13 +37489,6 @@ ], "type": "uses" }, - { - "dest-uuid": "cde2cb84-455e-410c-8aa9-086f2788bcd2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", "tags": [ @@ -37524,6 +37496,41 @@ ], "type": "uses" }, + { + "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "73c26732-6422-4081-8b63-6d0ae93d449e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "786f488c-cb1f-4602-89c5-86d982ee326b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", "tags": [ @@ -37531,6 +37538,20 @@ ], "type": "uses" }, + { + "dest-uuid": "a8c31121-852b-46bd-9ba4-674ae5afe7ad", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b327a9c0-e709-495c-aa6e-00b042136e2b", "tags": [ @@ -37546,7 +37567,28 @@ "type": "uses" }, { - "dest-uuid": "a8c31121-852b-46bd-9ba4-674ae5afe7ad", + "dest-uuid": "cde2cb84-455e-410c-8aa9-086f2788bcd2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d9e88203-2b5d-405f-a406-2933b1e3d7e4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -37565,48 +37607,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1b51f5bc-b97a-498a-8dbd-bc6b1901bf19", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "786f488c-cb1f-4602-89c5-86d982ee326b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "351ddf79-2d3a-41b4-9bef-82ea5d3ccd69", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "a3c59d82-2c7c-44e5-a869-68e0a3e5935e", @@ -37629,27 +37629,6 @@ ] }, "related": [ - { - "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9d7c32f4-ab39-49dc-8055-8106bc2294a1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", "tags": [ @@ -37657,41 +37636,6 @@ ], "type": "uses" }, - { - "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bd4d32f5-eed4-4018-a649-40b229dd1d69", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "3dd58c80-4c2e-458c-9503-1b2cd273c4d2", "tags": [ @@ -37700,21 +37644,28 @@ "type": "uses" }, { - "dest-uuid": "b327a9c0-e709-495c-aa6e-00b042136e2b", + "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", + "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "a8c31121-852b-46bd-9ba4-674ae5afe7ad", + "dest-uuid": "5ca3c7ec-55b2-4587-9376-cf6c96f8047a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -37728,7 +37679,56 @@ "type": "uses" }, { - "dest-uuid": "5ca3c7ec-55b2-4587-9376-cf6c96f8047a", + "dest-uuid": "9d7c32f4-ab39-49dc-8055-8106bc2294a1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a8c31121-852b-46bd-9ba4-674ae5afe7ad", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b327a9c0-e709-495c-aa6e-00b042136e2b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bd4d32f5-eed4-4018-a649-40b229dd1d69", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -37756,21 +37756,7 @@ }, "related": [ { - "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", + "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -37784,70 +37770,14 @@ "type": "uses" }, { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "40597f16-0963-4249-bf4c-ac93b7fb9807", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c3888c54-775d-4b2f-b759-75a2ececcbfd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -37861,7 +37791,7 @@ "type": "uses" }, { - "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -37875,63 +37805,7 @@ "type": "uses" }, { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -37945,7 +37819,14 @@ "type": "uses" }, { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -37959,14 +37840,84 @@ "type": "uses" }, { - "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "40597f16-0963-4249-bf4c-ac93b7fb9807", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -37978,6 +37929,55 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "c3888c54-775d-4b2f-b759-75a2ececcbfd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "295721d2-ee20-4fa3-ade3-37f4146b4570", @@ -37999,13 +37999,6 @@ ] }, "related": [ - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ @@ -38027,6 +38020,13 @@ ], "type": "uses" }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ @@ -38047,8 +38047,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0228", - "https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets", - "https://www.f-secure.com/documents/996508/1030745/nanhaishu_whitepaper.pdf" + "https://www.f-secure.com/documents/996508/1030745/nanhaishu_whitepaper.pdf", + "https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets" ], "synonyms": [ "NanHaiShu" @@ -38056,14 +38056,21 @@ }, "related": [ { - "dest-uuid": "7abd6950-7a07-4d9e-ade1-62414fa50619", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ - "estimative-language:likelihood-probability=\"likely\"" + "estimative-language:likelihood-probability=\"almost-certain\"" ], - "type": "similar" + "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -38084,14 +38091,14 @@ "type": "uses" }, { - "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", + "dest-uuid": "7abd6950-7a07-4d9e-ade1-62414fa50619", "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" + "estimative-language:likelihood-probability=\"likely\"" ], - "type": "uses" + "type": "similar" }, { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -38104,13 +38111,6 @@ ], "type": "uses" }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", "tags": [ @@ -38119,7 +38119,14 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -38133,14 +38140,7 @@ "type": "uses" }, { - "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -38166,6 +38166,20 @@ ] }, "related": [ + { + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967", "tags": [ @@ -38174,7 +38188,7 @@ "type": "uses" }, { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -38188,14 +38202,14 @@ "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "d10cbd34-42e3-45c0-84d2-535a09849584", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d10cbd34-42e3-45c0-84d2-535a09849584", + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -38214,20 +38228,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "f72251cb-2be5-421f-a081-99c29a1209e7", @@ -38250,14 +38250,7 @@ }, "related": [ { - "dest-uuid": "80447111-8085-40a4-a052-420926091ac6", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -38277,6 +38270,13 @@ ], "type": "uses" }, + { + "dest-uuid": "80447111-8085-40a4-a052-420926091ac6", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", "tags": [ @@ -38285,7 +38285,7 @@ "type": "uses" }, { - "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -38304,8 +38304,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0229", - "https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets", - "https://www.fireeye.com/blog/threat-research/2018/03/suspected-chinese-espionage-group-targeting-maritime-and-engineering-industries.html" + "https://www.fireeye.com/blog/threat-research/2018/03/suspected-chinese-espionage-group-targeting-maritime-and-engineering-industries.html", + "https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets" ], "synonyms": [ "Orz", @@ -38314,21 +38314,7 @@ }, "related": [ { - "dest-uuid": "fd419da6-5c0d-461e-96ee-64397efac63b", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -38342,7 +38328,21 @@ "type": "uses" }, { - "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -38356,7 +38356,7 @@ "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -38369,13 +38369,6 @@ ], "type": "uses" }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", "tags": [ @@ -38384,7 +38377,14 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -38398,18 +38398,18 @@ "type": "uses" }, { - "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "fd419da6-5c0d-461e-96ee-64397efac63b", "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" + "estimative-language:likelihood-probability=\"likely\"" ], - "type": "uses" + "type": "similar" } ], "uuid": "06d735e7-1db1-4dbe-ab4b-acbe419f902b", @@ -38423,14 +38423,21 @@ "Android" ], "refs": [ - "https://attack.mitre.org/software/S0323", - "http://blog.checkpoint.com/2017/01/24/charger-malware/" + "http://blog.checkpoint.com/2017/01/24/charger-malware/", + "https://attack.mitre.org/software/S0323" ], "synonyms": [ "Charger" ] }, "related": [ + { + "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "6e0545df-8df6-4990-971c-e96c4c60d561", "tags": [ @@ -38438,13 +38445,6 @@ ], "type": "similar" }, - { - "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", "tags": [ @@ -38453,14 +38453,14 @@ "type": "uses" }, { - "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", + "dest-uuid": "9d7c32f4-ab39-49dc-8055-8106bc2294a1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "9d7c32f4-ab39-49dc-8055-8106bc2294a1", + "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -38501,14 +38501,14 @@ "type": "uses" }, { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -38522,7 +38522,14 @@ "type": "uses" }, { - "dest-uuid": "f3d95a1f-bba2-44ce-9af7-37866cd63fd0", + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -38536,14 +38543,7 @@ "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "f3d95a1f-bba2-44ce-9af7-37866cd63fd0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -38571,35 +38571,7 @@ }, "related": [ { - "dest-uuid": "8f0e39c6-82c9-41ec-9f93-5696c0f2e274", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", + "dest-uuid": "39dd7871-f59b-495f-a9a5-3cb8cc50c9b2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -38612,6 +38584,20 @@ ], "type": "uses" }, + { + "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", "tags": [ @@ -38626,6 +38612,27 @@ ], "type": "uses" }, + { + "dest-uuid": "8f0e39c6-82c9-41ec-9f93-5696c0f2e274", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a", "tags": [ @@ -38634,14 +38641,7 @@ "type": "uses" }, { - "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "39dd7871-f59b-495f-a9a5-3cb8cc50c9b2", + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -38660,36 +38660,15 @@ ], "refs": [ "https://attack.mitre.org/software/S0234", - "https://www.eff.org/files/2016/08/03/i-got-a-letter-from-the-government.pdf", "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf", - "https://research.checkpoint.com/2020/bandook-signed-delivered/" + "https://research.checkpoint.com/2020/bandook-signed-delivered/", + "https://www.eff.org/files/2016/08/03/i-got-a-letter-from-the-government.pdf" ], "synonyms": [ "Bandook" ] }, "related": [ - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ @@ -38697,55 +38676,6 @@ ], "type": "uses" }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ @@ -38753,13 +38683,6 @@ ], "type": "uses" }, - { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967", "tags": [ @@ -38767,55 +38690,6 @@ ], "type": "uses" }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ @@ -38824,7 +38698,70 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -38838,14 +38775,77 @@ "type": "uses" }, { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -38872,14 +38872,14 @@ }, "related": [ { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -38913,28 +38913,7 @@ }, "related": [ { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bd4d32f5-eed4-4018-a649-40b229dd1d69", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", + "dest-uuid": "351c0927-2fc1-4a2c-ad84-cbbee7eb8172", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -38948,21 +38927,14 @@ "type": "uses" }, { - "dest-uuid": "73c26732-6422-4081-8b63-6d0ae93d449e", + "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "351c0927-2fc1-4a2c-ad84-cbbee7eb8172", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c5089859-b21f-40a3-8be4-63e381b8b1c0", + "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -38976,14 +38948,7 @@ "type": "uses" }, { - "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", + "dest-uuid": "73c26732-6422-4081-8b63-6d0ae93d449e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -38996,6 +38961,13 @@ ], "type": "uses" }, + { + "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b3c2e5de-0941-4b57-ba61-af029eb5517a", "tags": [ @@ -39003,12 +38975,40 @@ ], "type": "uses" }, + { + "dest-uuid": "bd4d32f5-eed4-4018-a649-40b229dd1d69", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c5089859-b21f-40a3-8be4-63e381b8b1c0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "86fc6f0c-86d9-473e-89f3-f50f3cb9319b", @@ -39030,90 +39030,6 @@ ] }, "related": [ - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ @@ -39121,20 +39037,6 @@ ], "type": "uses" }, - { - "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "806a49c4-970d-43f9-9acc-ac0ee11e6662", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ @@ -39142,12 +39044,110 @@ ], "type": "uses" }, + { + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "806a49c4-970d-43f9-9acc-ac0ee11e6662", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "308b3d68-a084-4dfb-885a-3125e1a9c1e8", @@ -39169,20 +39169,6 @@ ] }, "related": [ - { - "dest-uuid": "3dd58c80-4c2e-458c-9503-1b2cd273c4d2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", "tags": [ @@ -39190,34 +39176,6 @@ ], "type": "uses" }, - { - "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "fd658820-cbba-4c95-8ac9-0fac6b1099e2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "786f488c-cb1f-4602-89c5-86d982ee326b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "29e07491-8947-43a3-8d4e-9a787c45f3d3", "tags": [ @@ -39225,6 +39183,13 @@ ], "type": "uses" }, + { + "dest-uuid": "3dd58c80-4c2e-458c-9503-1b2cd273c4d2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", "tags": [ @@ -39239,6 +39204,34 @@ ], "type": "uses" }, + { + "dest-uuid": "786f488c-cb1f-4602-89c5-86d982ee326b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b327a9c0-e709-495c-aa6e-00b042136e2b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "d1f1337e-aea7-454c-86bd-482a98ffaf62", "tags": [ @@ -39254,7 +39247,14 @@ "type": "uses" }, { - "dest-uuid": "b327a9c0-e709-495c-aa6e-00b042136e2b", + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "fd658820-cbba-4c95-8ac9-0fac6b1099e2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -39282,20 +39282,6 @@ ] }, "related": [ - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d10cbd34-42e3-45c0-84d2-535a09849584", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ @@ -39309,6 +39295,20 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d10cbd34-42e3-45c0-84d2-535a09849584", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "a5e91d50-24fa-44ec-9894-39a88f658cea", @@ -39330,6 +39330,13 @@ ] }, "related": [ + { + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", "tags": [ @@ -39351,6 +39358,13 @@ ], "type": "uses" }, + { + "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ @@ -39358,20 +39372,6 @@ ], "type": "uses" }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", "tags": [ @@ -39380,7 +39380,7 @@ "type": "uses" }, { - "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -39448,49 +39448,42 @@ }, "related": [ { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -39504,7 +39497,28 @@ "type": "uses" }, { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -39525,21 +39539,7 @@ "type": "uses" }, { - "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -39553,7 +39553,14 @@ "type": "uses" }, { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -39566,41 +39573,6 @@ ], "type": "uses" }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "cd25c1b4-935c-4f0e-ba8d-552f28bc4783", "tags": [ @@ -39608,12 +39580,40 @@ ], "type": "uses" }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "d74c4a7e-ffbf-432f-9365-7ebf1f787cab", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "54a73038-1937-4d71-a253-316e76d5413c", @@ -39635,20 +39635,6 @@ ] }, "related": [ - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ @@ -39656,13 +39642,6 @@ ], "type": "uses" }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ @@ -39670,6 +39649,13 @@ ], "type": "uses" }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ @@ -39678,7 +39664,7 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -39691,13 +39677,6 @@ ], "type": "uses" }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", "tags": [ @@ -39706,28 +39685,7 @@ "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -39740,6 +39698,41 @@ ], "type": "uses" }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ @@ -39748,7 +39741,14 @@ "type": "uses" }, { - "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", + "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -39775,91 +39775,7 @@ }, "related": [ { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c1b68a96-3c48-49ea-a6c0-9b27359f9c19", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f7c0689c-4dbd-489b-81be-7cb7c7079ade", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c877e33f-1df6-40d6-b1e7-ce70f16f4979", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -39873,21 +39789,7 @@ "type": "uses" }, { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -39900,13 +39802,6 @@ ], "type": "uses" }, - { - "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ @@ -39922,7 +39817,28 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -39936,7 +39852,91 @@ "type": "uses" }, { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c1b68a96-3c48-49ea-a6c0-9b27359f9c19", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c877e33f-1df6-40d6-b1e7-ce70f16f4979", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f7c0689c-4dbd-489b-81be-7cb7c7079ade", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -39962,6 +39962,27 @@ ] }, "related": [ + { + "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "8f0e39c6-82c9-41ec-9f93-5696c0f2e274", "tags": [ @@ -39982,27 +40003,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "9ed10b5a-ff20-467f-bf2f-d3fbf763e381", @@ -40024,20 +40024,6 @@ ] }, "related": [ - { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ @@ -40046,7 +40032,7 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -40059,27 +40045,6 @@ ], "type": "uses" }, - { - "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ @@ -40095,42 +40060,7 @@ "type": "uses" }, { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b6075259-dba3-44e9-87c7-e954f37ec0d5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -40144,21 +40074,7 @@ "type": "uses" }, { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -40177,6 +40093,90 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b6075259-dba3-44e9-87c7-e954f37ec0d5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "c2417bab-3189-4d4d-9d60-96de2cdaf0ab", @@ -40200,14 +40200,70 @@ }, "related": [ { - "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", + "dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce", + "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4a5b7ade-8bb5-4853-84ed-23f262002665", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7b50a1d3-4ca7-45d1-989d-a6503f04bfe1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "86850eff-2729-40c3-b85e-c4af26da4a2d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -40227,62 +40283,6 @@ ], "type": "uses" }, - { - "dest-uuid": "86850eff-2729-40c3-b85e-c4af26da4a2d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4a5b7ade-8bb5-4853-84ed-23f262002665", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7b50a1d3-4ca7-45d1-989d-a6503f04bfe1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ @@ -40291,7 +40291,7 @@ "type": "uses" }, { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -40318,28 +40318,7 @@ }, "related": [ { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -40353,14 +40332,14 @@ "type": "uses" }, { - "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -40374,14 +40353,49 @@ "type": "uses" }, { - "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", + "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -40402,21 +40416,21 @@ "type": "uses" }, { - "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", + "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec", + "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -40430,28 +40444,14 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -40470,21 +40470,14 @@ ], "refs": [ "https://attack.mitre.org/software/S0372", - "https://www.carbonblack.com/2019/03/22/tau-threat-intelligence-notification-lockergoga-ransomware/", - "https://unit42.paloaltonetworks.com/born-this-way-origins-of-lockergoga/" + "https://unit42.paloaltonetworks.com/born-this-way-origins-of-lockergoga/", + "https://www.carbonblack.com/2019/03/22/tau-threat-intelligence-notification-lockergoga-ransomware/" ], "synonyms": [ "LockerGoga" ] }, "related": [ - { - "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", "tags": [ @@ -40492,13 +40485,6 @@ ], "type": "uses" }, - { - "dest-uuid": "b24e2a20-3b3d-4bf0-823b-1ed765398fb0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", "tags": [ @@ -40507,7 +40493,21 @@ "type": "uses" }, { - "dest-uuid": "ff73aa03-0090-4464-83ac-f89e233c02bc", + "dest-uuid": "b24e2a20-3b3d-4bf0-823b-1ed765398fb0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -40521,7 +40521,7 @@ "type": "uses" }, { - "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", + "dest-uuid": "ff73aa03-0090-4464-83ac-f89e233c02bc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -40547,20 +40547,6 @@ ] }, "related": [ - { - "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ @@ -40568,6 +40554,13 @@ ], "type": "uses" }, + { + "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ @@ -40575,6 +40568,13 @@ ], "type": "uses" }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", "tags": [ @@ -40602,13 +40602,6 @@ ] }, "related": [ - { - "dest-uuid": "b3c2e5de-0941-4b57-ba61-af029eb5517a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "351c0927-2fc1-4a2c-ad84-cbbee7eb8172", "tags": [ @@ -40616,20 +40609,6 @@ ], "type": "uses" }, - { - "dest-uuid": "702055ac-4e54-4ae9-9527-e23a38e0b160", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", "tags": [ @@ -40637,6 +40616,13 @@ ], "type": "uses" }, + { + "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", "tags": [ @@ -40645,7 +40631,7 @@ "type": "uses" }, { - "dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6", + "dest-uuid": "702055ac-4e54-4ae9-9527-e23a38e0b160", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -40657,6 +40643,20 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "b3c2e5de-0941-4b57-ba61-af029eb5517a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "3a913bac-4fae-4d0e-bca8-cae452f1599b", @@ -40675,8 +40675,8 @@ "refs": [ "https://attack.mitre.org/software/S0283", "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07195002/KL_AdwindPublicReport_2016.pdf", - "https://www.symantec.com/blogs/threat-intelligence/jrat-new-anti-parsing-techniques", - "https://www.ncsc.gov.uk/report/joint-report-on-publicly-available-hacking-tools" + "https://www.ncsc.gov.uk/report/joint-report-on-publicly-available-hacking-tools", + "https://www.symantec.com/blogs/threat-intelligence/jrat-new-anti-parsing-techniques" ], "synonyms": [ "jRAT", @@ -40693,21 +40693,7 @@ }, "related": [ { - "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -40720,111 +40706,6 @@ ], "type": "uses" }, - { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4eeaf8a9-c86b-4954-a663-9555fb406466", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ @@ -40832,13 +40713,6 @@ ], "type": "uses" }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "tags": [ @@ -40846,6 +40720,27 @@ ], "type": "uses" }, + { + "dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", "tags": [ @@ -40854,14 +40749,77 @@ "type": "uses" }, { - "dest-uuid": "c0dfe7b0-b873-4618-9ff8-53e31f70907f", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "dest-uuid": "4eeaf8a9-c86b-4954-a663-9555fb406466", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -40874,6 +40832,13 @@ ], "type": "uses" }, + { + "dest-uuid": "c0dfe7b0-b873-4618-9ff8-53e31f70907f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "tags": [ @@ -40882,7 +40847,42 @@ "type": "uses" }, { - "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -40908,6 +40908,55 @@ ] }, "related": [ + { + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", "tags": [ @@ -40923,14 +40972,7 @@ "type": "uses" }, { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -40943,13 +40985,6 @@ ], "type": "uses" }, - { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ @@ -40958,42 +40993,7 @@ "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -41027,28 +41027,7 @@ }, "related": [ { - "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -41062,14 +41041,14 @@ "type": "uses" }, { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -41083,21 +41062,7 @@ "type": "uses" }, { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -41110,6 +41075,27 @@ ], "type": "uses" }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ @@ -41125,7 +41111,21 @@ "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -41143,8 +41143,8 @@ "Android" ], "refs": [ - "https://attack.mitre.org/software/S0293", "http://blog.checkpoint.com/2015/09/21/braintest-a-new-level-of-sophistication-in-mobile-malware/", + "https://attack.mitre.org/software/S0293", "https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/" ], "synonyms": [ @@ -41152,13 +41152,6 @@ ] }, "related": [ - { - "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "351c0927-2fc1-4a2c-ad84-cbbee7eb8172", "tags": [ @@ -41166,13 +41159,6 @@ ], "type": "uses" }, - { - "dest-uuid": "c5089859-b21f-40a3-8be4-63e381b8b1c0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", "tags": [ @@ -41186,6 +41172,20 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "c5089859-b21f-40a3-8be4-63e381b8b1c0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "e13d084c-382f-40fd-aa9a-98d69e20301e", @@ -41208,104 +41208,6 @@ ] }, "related": [ - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "677569f9-a8b0-459e-ab24-7f18091fa7bf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c325b232-d5bc-4dde-a3ec-71f3db9e8adc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", "tags": [ @@ -41314,42 +41216,7 @@ "type": "uses" }, { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d467bc38-284b-4a00-96ac-125f447799fc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -41363,7 +41230,70 @@ "type": "uses" }, { - "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "677569f9-a8b0-459e-ab24-7f18091fa7bf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -41377,7 +41307,77 @@ "type": "uses" }, { - "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c325b232-d5bc-4dde-a3ec-71f3db9e8adc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d467bc38-284b-4a00-96ac-125f447799fc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -41411,7 +41411,14 @@ "type": "uses" }, { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "dest-uuid": "702055ac-4e54-4ae9-9527-e23a38e0b160", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -41431,26 +41438,19 @@ ], "type": "uses" }, - { - "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "702055ac-4e54-4ae9-9527-e23a38e0b160", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "35aae10a-97c5-471a-9c67-02c231a7a31a", @@ -41473,14 +41473,7 @@ }, "related": [ { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -41494,14 +41487,21 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -41528,98 +41528,14 @@ }, "related": [ { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -41633,7 +41549,21 @@ "type": "uses" }, { - "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -41653,6 +41583,13 @@ ], "type": "uses" }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "tags": [ @@ -41661,7 +41598,70 @@ "type": "uses" }, { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -41688,14 +41688,7 @@ }, "related": [ { - "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f981d199-2720-467e-9dc9-eea04dbe05cf", + "dest-uuid": "039bc59c-ecc7-4997-b2b4-4ab728bd91aa", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -41723,7 +41716,7 @@ "type": "uses" }, { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -41737,14 +41730,21 @@ "type": "uses" }, { - "dest-uuid": "039bc59c-ecc7-4997-b2b4-4ab728bd91aa", + "dest-uuid": "e3b936a4-6321-4172-9114-038a866362ec", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e3b936a4-6321-4172-9114-038a866362ec", + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f981d199-2720-467e-9dc9-eea04dbe05cf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -41771,28 +41771,7 @@ }, "related": [ { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -41806,21 +41785,14 @@ "type": "uses" }, { - "dest-uuid": "c325b232-d5bc-4dde-a3ec-71f3db9e8adc", + "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -41832,6 +41804,34 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c325b232-d5bc-4dde-a3ec-71f3db9e8adc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "9dbdadb6-fdbf-490f-a35f-38762d06a0d2", @@ -41854,28 +41854,7 @@ }, "related": [ { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -41888,6 +41867,20 @@ ], "type": "uses" }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ @@ -41896,7 +41889,7 @@ "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -41909,6 +41902,13 @@ ], "type": "uses" }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ @@ -41917,7 +41917,7 @@ "type": "uses" }, { - "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", + "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -41943,20 +41943,6 @@ ] }, "related": [ - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ @@ -41972,7 +41958,7 @@ "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -41985,6 +41971,13 @@ ], "type": "uses" }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ @@ -41993,14 +41986,7 @@ "type": "uses" }, { - "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -42019,6 +42005,20 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "75bba379-4ba1-467e-8c60-ec2b269ee984", @@ -42033,8 +42033,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0462", - "https://unit42.paloaltonetworks.com/unit42-the-fractured-block-campaign-carrotbat-malware-used-to-deliver-malware-targeting-southeast-asia/", - "https://unit42.paloaltonetworks.com/the-fractured-statue-campaign-u-s-government-targeted-in-spear-phishing-attacks/" + "https://unit42.paloaltonetworks.com/the-fractured-statue-campaign-u-s-government-targeted-in-spear-phishing-attacks/", + "https://unit42.paloaltonetworks.com/unit42-the-fractured-block-campaign-carrotbat-malware-used-to-deliver-malware-targeting-southeast-asia/" ], "synonyms": [ "CARROTBAT" @@ -42042,7 +42042,7 @@ }, "related": [ { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -42055,13 +42055,6 @@ ], "type": "uses" }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ @@ -42070,7 +42063,14 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -42096,6 +42096,13 @@ ] }, "related": [ + { + "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", "tags": [ @@ -42110,13 +42117,6 @@ ], "type": "uses" }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "c325b232-d5bc-4dde-a3ec-71f3db9e8adc", "tags": [ @@ -42125,14 +42125,14 @@ "type": "uses" }, { - "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -42151,49 +42151,14 @@ ], "refs": [ "https://attack.mitre.org/software/S0642", - "https://www.fireeye.com/blog/threat-research/2018/03/suspected-chinese-espionage-group-targeting-maritime-and-engineering-industries.html", - "https://www.accenture.com/us-en/blogs/cyber-defense/mudcarps-focus-on-submarine-technologies" + "https://www.accenture.com/us-en/blogs/cyber-defense/mudcarps-focus-on-submarine-technologies", + "https://www.fireeye.com/blog/threat-research/2018/03/suspected-chinese-espionage-group-targeting-maritime-and-engineering-industries.html" ], "synonyms": [ "BADFLICK" ] }, "related": [ - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "41868330-6ee2-4d0f-b743-9f2294c3c9b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ @@ -42216,7 +42181,21 @@ "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "41868330-6ee2-4d0f-b743-9f2294c3c9b6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -42228,6 +42207,27 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "57d83eac-a2ea-42b0-a7b2-c80c55157790", @@ -42251,14 +42251,7 @@ }, "related": [ { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c3888c54-775d-4b2f-b759-75a2ececcbfd", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -42271,48 +42264,6 @@ ], "type": "uses" }, - { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ @@ -42320,41 +42271,6 @@ ], "type": "uses" }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ @@ -42363,7 +42279,21 @@ "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -42382,6 +42312,76 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c3888c54-775d-4b2f-b759-75a2ececcbfd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "8e101fdd-9f7f-4916-bb04-6bd9e94c129c", @@ -42406,20 +42406,6 @@ ] }, "related": [ - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", "tags": [ @@ -42440,6 +42426,20 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "292eb0c5-b8e8-4af6-9e8f-0fda6b4528d3", @@ -42462,21 +42462,21 @@ }, "related": [ { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -42496,6 +42496,13 @@ ], "type": "uses" }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ @@ -42504,21 +42511,14 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -42545,62 +42545,6 @@ ] }, "related": [ - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "810aa4ad-61c9-49cb-993f-daa06199421d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a2029942-0a85-4947-b23c-ca434698171d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d10cbd34-42e3-45c0-84d2-535a09849584", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ @@ -42608,20 +42552,6 @@ ], "type": "uses" }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ @@ -42630,7 +42560,7 @@ "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -42656,6 +42586,76 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "810aa4ad-61c9-49cb-993f-daa06199421d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a2029942-0a85-4947-b23c-ca434698171d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d10cbd34-42e3-45c0-84d2-535a09849584", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "b8fdef82-d2cf-4948-8949-6466357b1be1", @@ -42678,21 +42678,7 @@ }, "related": [ { - "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "73c26732-6422-4081-8b63-6d0ae93d449e", + "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -42706,49 +42692,7 @@ "type": "uses" }, { - "dest-uuid": "bd4d32f5-eed4-4018-a649-40b229dd1d69", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9d7c32f4-ab39-49dc-8055-8106bc2294a1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1f1337e-aea7-454c-86bd-482a98ffaf62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3c2e5de-0941-4b57-ba61-af029eb5517a", + "dest-uuid": "73c26732-6422-4081-8b63-6d0ae93d449e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -42761,13 +42705,6 @@ ], "type": "uses" }, - { - "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "8c7862ff-3449-4ac6-b0fd-ac1298a822a5", "tags": [ @@ -42775,12 +42712,75 @@ ], "type": "uses" }, + { + "dest-uuid": "9d7c32f4-ab39-49dc-8055-8106bc2294a1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b327a9c0-e709-495c-aa6e-00b042136e2b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "b3c2e5de-0941-4b57-ba61-af029eb5517a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bd4d32f5-eed4-4018-a649-40b229dd1d69", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1f1337e-aea7-454c-86bd-482a98ffaf62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "21170624-89db-4e99-bf27-58d26be07c3a", @@ -42803,14 +42803,7 @@ }, "related": [ { - "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -42824,14 +42817,7 @@ "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -42845,7 +42831,7 @@ "type": "uses" }, { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -42859,7 +42845,7 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -42871,6 +42857,20 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "8be7c69e-d8e3-4970-9668-61de08e508cc", @@ -42885,9 +42885,9 @@ ], "refs": [ "https://attack.mitre.org/software/S0428", - "https://hub.dragos.com/hubfs/Year-in-Review/Dragos_2020_ICS_Cybersecurity_Year_In_Review.pdf?hsCtaTracking=159c0fc3-92d8-425d-aeb8-12824f2297e8%7Cf163726d-579b-4996-9a04-44e5a124d770", "https://blog.talosintelligence.com/2020/04/poetrat-covid-19-lures.html", - "https://blog.talosintelligence.com/2020/10/poetrat-update.html" + "https://blog.talosintelligence.com/2020/10/poetrat-update.html", + "https://hub.dragos.com/hubfs/Year-in-Review/Dragos_2020_ICS_Cybersecurity_Year_In_Review.pdf?hsCtaTracking=159c0fc3-92d8-425d-aeb8-12824f2297e8%7Cf163726d-579b-4996-9a04-44e5a124d770" ], "synonyms": [ "PoetRAT" @@ -42895,7 +42895,56 @@ }, "related": [ { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -42908,6 +42957,34 @@ ], "type": "uses" }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ @@ -42915,6 +42992,41 @@ ], "type": "uses" }, + { + "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "9a60a291-8960-4387-8a4a-2ab5c18bb50b", "tags": [ @@ -42930,84 +43042,7 @@ "type": "uses" }, { - "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "a19e86f8-1c0a-4fea-8407-23b73d615776", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -43020,20 +43055,6 @@ ], "type": "uses" }, - { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ @@ -43042,63 +43063,14 @@ "type": "uses" }, { - "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a19e86f8-1c0a-4fea-8407-23b73d615776", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", + "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -43112,7 +43084,28 @@ "type": "uses" }, { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -43126,7 +43119,14 @@ "type": "uses" }, { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -43154,84 +43154,7 @@ }, "related": [ { - "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a19e86f8-1c0a-4fea-8407-23b73d615776", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6b57dc31-b814-4a03-8706-28bc20d739c4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "22905430-4901-4c2a-84f6-98243cb173f8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d10cbd34-42e3-45c0-84d2-535a09849584", + "dest-uuid": "09b130a2-a77e-4af0-a361-f46f9aad1345", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -43245,21 +43168,21 @@ "type": "uses" }, { - "dest-uuid": "09b130a2-a77e-4af0-a361-f46f9aad1345", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", + "dest-uuid": "22905430-4901-4c2a-84f6-98243cb173f8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "573ad264-1371-4ae0-8482-d2673b719dba", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -43272,20 +43195,6 @@ ], "type": "uses" }, - { - "dest-uuid": "389735f1-f21c-4208-b8f0-f8031e7169b8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "37b11151-1776-4f8f-b328-30939fbf2ceb", "tags": [ @@ -43294,7 +43203,42 @@ "type": "uses" }, { - "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", + "dest-uuid": "389735f1-f21c-4208-b8f0-f8031e7169b8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "573ad264-1371-4ae0-8482-d2673b719dba", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6b57dc31-b814-4a03-8706-28bc20d739c4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a19e86f8-1c0a-4fea-8407-23b73d615776", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -43307,12 +43251,68 @@ ], "type": "uses" }, + { + "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d10cbd34-42e3-45c0-84d2-535a09849584", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "7bef1b56-4870-4e74-b32a-7dd88c390c44", @@ -43328,10 +43328,10 @@ "refs": [ "https://attack.mitre.org/software/S0284", "https://blog.talosintelligence.com/2018/07/multiple-cobalt-personality-disorder.html", - "https://securityintelligence.com/posts/more_eggs-anyone-threat-actor-itg08-strikes-again/", - "https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/", "https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf", - "https://usa.visa.com/dam/VCOM/global/support-legal/documents/fin6-cybercrime-group-expands-threat-To-ecommerce-merchants.pdf" + "https://securityintelligence.com/posts/more_eggs-anyone-threat-actor-itg08-strikes-again/", + "https://usa.visa.com/dam/VCOM/global/support-legal/documents/fin6-cybercrime-group-expands-threat-To-ecommerce-merchants.pdf", + "https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/" ], "synonyms": [ "More_eggs", @@ -43342,56 +43342,7 @@ }, "related": [ { - "dest-uuid": "132d5b37-aac5-4378-a8dc-3127b18a73dc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -43405,7 +43356,21 @@ "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "132d5b37-aac5-4378-a8dc-3127b18a73dc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -43418,6 +43383,55 @@ ], "type": "uses" }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ @@ -43431,20 +43445,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "bfd2738c-8b43-43c3-bc9f-d523c8e88bf4", @@ -43466,27 +43466,6 @@ ] }, "related": [ - { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ @@ -43494,20 +43473,6 @@ ], "type": "uses" }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ @@ -43516,7 +43481,49 @@ "type": "uses" }, { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -43544,21 +43551,14 @@ "type": "uses" }, { - "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -43592,14 +43592,14 @@ "type": "similar" }, { - "dest-uuid": "c5089859-b21f-40a3-8be4-63e381b8b1c0", + "dest-uuid": "351c0927-2fc1-4a2c-ad84-cbbee7eb8172", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "351c0927-2fc1-4a2c-ad84-cbbee7eb8172", + "dest-uuid": "c5089859-b21f-40a3-8be4-63e381b8b1c0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -43626,14 +43626,7 @@ }, "related": [ { - "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "dest-uuid": "10ffac09-e42d-4f56-ab20-db94c67d76ff", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -43646,20 +43639,6 @@ ], "type": "uses" }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ @@ -43667,13 +43646,6 @@ ], "type": "uses" }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", "tags": [ @@ -43681,6 +43653,27 @@ ], "type": "uses" }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ @@ -43689,7 +43682,7 @@ "type": "uses" }, { - "dest-uuid": "10ffac09-e42d-4f56-ab20-db94c67d76ff", + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -43702,13 +43695,6 @@ ], "type": "uses" }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "cd25c1b4-935c-4f0e-ba8d-552f28bc4783", "tags": [ @@ -43722,6 +43708,20 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "eedc01d5-95e6-4d21-bcd4-1121b1df4586", @@ -43736,28 +43736,14 @@ ], "refs": [ "https://attack.mitre.org/software/S0556", - "https://www.clearskysec.com/fox-kitten/", - "https://research.checkpoint.com/2020/ransomware-alert-pay2key/" + "https://research.checkpoint.com/2020/ransomware-alert-pay2key/", + "https://www.clearskysec.com/fox-kitten/" ], "synonyms": [ "Pay2Key" ] }, "related": [ - { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", "tags": [ @@ -43765,13 +43751,6 @@ ], "type": "uses" }, - { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ @@ -43779,6 +43758,13 @@ ], "type": "uses" }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", "tags": [ @@ -43786,6 +43772,20 @@ ], "type": "uses" }, + { + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ @@ -43794,7 +43794,7 @@ "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -43816,13 +43816,6 @@ "synonyms": [] }, "related": [ - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ @@ -43831,7 +43824,7 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -43844,6 +43837,13 @@ ], "type": "uses" }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", "tags": [ @@ -43871,48 +43871,6 @@ ] }, "related": [ - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c1b68a96-3c48-49ea-a6c0-9b27359f9c19", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ @@ -43921,14 +43879,7 @@ "type": "uses" }, { - "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -43941,20 +43892,6 @@ ], "type": "uses" }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ @@ -43963,7 +43900,14 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -43977,7 +43921,7 @@ "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -44004,6 +43948,27 @@ ], "type": "uses" }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ @@ -44011,6 +43976,13 @@ ], "type": "uses" }, + { + "dest-uuid": "c1b68a96-3c48-49ea-a6c0-9b27359f9c19", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "c8e87b83-edbb-48d4-9295-4974897525b7", "tags": [ @@ -44019,7 +43991,35 @@ "type": "uses" }, { - "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -44046,70 +44046,7 @@ }, "related": [ { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -44123,28 +44060,35 @@ "type": "uses" }, { - "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", + "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -44157,20 +44101,6 @@ ], "type": "uses" }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c1b68a96-3c48-49ea-a6c0-9b27359f9c19", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "4933e63b-9b77-476e-ab29-761bc5b7d15a", "tags": [ @@ -44179,7 +44109,7 @@ "type": "uses" }, { - "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -44193,7 +44123,70 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c1b68a96-3c48-49ea-a6c0-9b27359f9c19", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -44205,6 +44198,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "6cd07296-14aa-403d-9229-6343d03d4752", @@ -44227,13 +44227,6 @@ ] }, "related": [ - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ @@ -44241,6 +44234,13 @@ ], "type": "uses" }, + { + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ @@ -44248,34 +44248,6 @@ ], "type": "uses" }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1e9eb839-294b-48cc-b0d3-c45555a2a004", "tags": [ @@ -44290,13 +44262,6 @@ ], "type": "uses" }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ @@ -44305,7 +44270,14 @@ "type": "uses" }, { - "dest-uuid": "eb125d40-0b2d-41ac-a71a-3229241c2cd3", + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -44319,7 +44291,7 @@ "type": "uses" }, { - "dest-uuid": "d336b553-5da9-46ca-98a8-0b23f49fb447", + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -44333,14 +44305,21 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -44354,14 +44333,35 @@ "type": "uses" }, { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "dest-uuid": "d336b553-5da9-46ca-98a8-0b23f49fb447", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "eb125d40-0b2d-41ac-a71a-3229241c2cd3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -44389,14 +44389,14 @@ }, "related": [ { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -44410,28 +44410,35 @@ "type": "uses" }, { - "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", + "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -44444,6 +44451,55 @@ ], "type": "uses" }, + { + "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4eeaf8a9-c86b-4954-a663-9555fb406466", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "9a60a291-8960-4387-8a4a-2ab5c18bb50b", "tags": [ @@ -44451,6 +44507,62 @@ ], "type": "uses" }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ @@ -44466,63 +44578,7 @@ "type": "uses" }, { - "dest-uuid": "4eeaf8a9-c86b-4954-a663-9555fb406466", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -44535,68 +44591,12 @@ ], "type": "uses" }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "536be338-e2ef-4a6b-afb6-8d5568b91eb2", @@ -44619,7 +44619,7 @@ }, "related": [ { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -44633,35 +44633,7 @@ "type": "uses" }, { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -44674,6 +44646,34 @@ ], "type": "uses" }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ @@ -44682,7 +44682,7 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -44695,13 +44695,6 @@ ], "type": "uses" }, - { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "bc0f5e80-91c0-4e04-9fbb-e4e332c85dae", "tags": [ @@ -44710,21 +44703,28 @@ "type": "uses" }, { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -44751,14 +44751,14 @@ }, "related": [ { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "dest-uuid": "1cfcb312-b8d7-47a4-b560-4b16cc677292", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -44771,6 +44771,13 @@ ], "type": "uses" }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ @@ -44785,20 +44792,6 @@ ], "type": "uses" }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1cfcb312-b8d7-47a4-b560-4b16cc677292", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ @@ -44806,6 +44799,13 @@ ], "type": "uses" }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "bd369cd9-abb8-41ce-b5bb-fff23ee86c00", "tags": [ @@ -44814,14 +44814,14 @@ "type": "uses" }, { - "dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48", + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -44848,13 +44848,6 @@ ] }, "related": [ - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ @@ -44863,7 +44856,7 @@ "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -44884,21 +44877,14 @@ "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -44911,6 +44897,20 @@ ], "type": "uses" }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", "tags": [ @@ -44938,41 +44938,6 @@ ] }, "related": [ - { - "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ @@ -44980,13 +44945,6 @@ ], "type": "uses" }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ @@ -44994,6 +44952,41 @@ ], "type": "uses" }, + { + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ @@ -45001,6 +44994,20 @@ ], "type": "uses" }, + { + "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ @@ -45009,7 +45016,7 @@ "type": "uses" }, { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -45030,7 +45037,7 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -45044,14 +45051,7 @@ "type": "uses" }, { - "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -45070,15 +45070,106 @@ ], "refs": [ "https://attack.mitre.org/software/S0582", - "https://www.proofpoint.com/us/threat-insight/post/lookback-malware-targets-united-states-utilities-sector-phishing-attacks", + "https://hub.dragos.com/hubfs/Year-in-Review/Dragos_2020_ICS_Cybersecurity_Year_In_Review.pdf?hsCtaTracking=159c0fc3-92d8-425d-aeb8-12824f2297e8%7Cf163726d-579b-4996-9a04-44e5a124d770", "https://www.dragos.com/threat/talonite/", - "https://hub.dragos.com/hubfs/Year-in-Review/Dragos_2020_ICS_Cybersecurity_Year_In_Review.pdf?hsCtaTracking=159c0fc3-92d8-425d-aeb8-12824f2297e8%7Cf163726d-579b-4996-9a04-44e5a124d770" + "https://www.proofpoint.com/us/threat-insight/post/lookback-malware-targets-united-states-utilities-sector-phishing-attacks" ], "synonyms": [ "LookBack" ] }, "related": [ + { + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ @@ -45093,103 +45184,12 @@ ], "type": "uses" }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "ff73aa03-0090-4464-83ac-f89e233c02bc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "c9ccc4df-1f56-49e7-ad57-b383e1451688", @@ -45203,8 +45203,8 @@ "Android" ], "refs": [ - "https://attack.mitre.org/software/S0285", - "http://thehackernews.com/2014/01/first-widely-distributed-android.html" + "http://thehackernews.com/2014/01/first-widely-distributed-android.html", + "https://attack.mitre.org/software/S0285" ], "synonyms": [ "OldBoot" @@ -45239,14 +45239,7 @@ }, "related": [ { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -45260,7 +45253,14 @@ "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b46a801b-fd98-491c-a25a-bca25d6e3001", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -45274,14 +45274,14 @@ "type": "uses" }, { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "b46a801b-fd98-491c-a25a-bca25d6e3001", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -45308,7 +45308,7 @@ }, "related": [ { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -45322,14 +45322,14 @@ "type": "uses" }, { - "dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336", + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -45342,6 +45342,13 @@ ], "type": "uses" }, + { + "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ @@ -45349,6 +45356,13 @@ ], "type": "uses" }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", "tags": [ @@ -45357,7 +45371,7 @@ "type": "uses" }, { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -45376,20 +45390,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "64122557-5940-4271-9123-25bfc0c693db", @@ -45403,8 +45403,8 @@ "Android" ], "refs": [ - "https://attack.mitre.org/software/S0295", - "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/" + "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/", + "https://attack.mitre.org/software/S0295" ], "synonyms": [ "RCSAndroid" @@ -45412,28 +45412,7 @@ }, "related": [ { - "dest-uuid": "702055ac-4e54-4ae9-9527-e23a38e0b160", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3c2e5de-0941-4b57-ba61-af029eb5517a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -45447,7 +45426,21 @@ "type": "uses" }, { - "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "dest-uuid": "702055ac-4e54-4ae9-9527-e23a38e0b160", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3c2e5de-0941-4b57-ba61-af029eb5517a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -45473,6 +45466,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "363bc05d-13cb-4e98-a5b7-e250f2bbdc2b", @@ -45486,21 +45486,14 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0259", - "https://asert.arbornetworks.com/innaput-actors-utilize-remote-access-trojan-since-2016-presumably-targeting-victim-files/" + "https://asert.arbornetworks.com/innaput-actors-utilize-remote-access-trojan-since-2016-presumably-targeting-victim-files/", + "https://attack.mitre.org/software/S0259" ], "synonyms": [ "InnaputRAT" ] }, "related": [ - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ @@ -45509,28 +45502,7 @@ "type": "uses" }, { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -45551,14 +45523,35 @@ "type": "uses" }, { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -45570,6 +45563,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "c8b6cc43-ce61-42ae-87f3-a5f10526f952", @@ -45592,14 +45592,14 @@ }, "related": [ { - "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", + "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "dest-uuid": "351ddf79-2d3a-41b4-9bef-82ea5d3ccd69", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -45612,6 +45612,13 @@ ], "type": "uses" }, + { + "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", "tags": [ @@ -45619,27 +45626,6 @@ ], "type": "uses" }, - { - "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "702055ac-4e54-4ae9-9527-e23a38e0b160", "tags": [ @@ -45647,13 +45633,6 @@ ], "type": "uses" }, - { - "dest-uuid": "cf28ca46-1fd3-46b4-b1f6-ec0b72361848", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "8e27551a-5080-4148-a584-c64348212e4f", "tags": [ @@ -45661,20 +45640,6 @@ ], "type": "uses" }, - { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", "tags": [ @@ -45683,7 +45648,7 @@ "type": "uses" }, { - "dest-uuid": "ed2c05a1-4f81-4d97-9e1b-aff01c34ae84", + "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -45697,7 +45662,42 @@ "type": "uses" }, { - "dest-uuid": "351ddf79-2d3a-41b4-9bef-82ea5d3ccd69", + "dest-uuid": "cf28ca46-1fd3-46b4-b1f6-ec0b72361848", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ed2c05a1-4f81-4d97-9e1b-aff01c34ae84", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -45733,14 +45733,14 @@ "type": "uses" }, { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "f7c0689c-4dbd-489b-81be-7cb7c7079ade", + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -45754,7 +45754,7 @@ "type": "uses" }, { - "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", + "dest-uuid": "f7c0689c-4dbd-489b-81be-7cb7c7079ade", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -45773,13 +45773,13 @@ ], "refs": [ "https://attack.mitre.org/software/S0266", - "https://www.securityartwork.es/wp-content/uploads/2017/07/Trickbot-report-S2-Grupo.pdf", - "https://www.fidelissecurity.com/threatgeek/2016/10/trickbot-we-missed-you-dyre", + "https://blog.trendmicro.com/trendlabs-security-intelligence/trickbot-adds-remote-application-credential-grabbing-capabilities-to-its-repertoire/", "https://securityintelligence.com/tricks-of-the-trade-a-deeper-look-into-trickbots-machinations/", "https://www.crowdstrike.com/blog/wizard-spider-adversary-update/", - "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/tspy_trickload.n", - "https://blog.trendmicro.com/trendlabs-security-intelligence/trickbot-adds-remote-application-credential-grabbing-capabilities-to-its-repertoire/", - "https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/Totbrick" + "https://www.fidelissecurity.com/threatgeek/2016/10/trickbot-we-missed-you-dyre", + "https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/Totbrick", + "https://www.securityartwork.es/wp-content/uploads/2017/07/Trickbot-report-S2-Grupo.pdf", + "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/tspy_trickload.n" ], "synonyms": [ "TrickBot", @@ -45788,34 +45788,6 @@ ] }, "related": [ - { - "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ @@ -45823,104 +45795,6 @@ ], "type": "uses" }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "767dbf9e-df3f-45cb-8998-4903ab5f80c0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "01327cde-66c4-4123-bf34-5f258d59457b", "tags": [ @@ -45928,27 +45802,6 @@ ], "type": "uses" }, - { - "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f5946b5e-9408-485f-a7f7-b5efc88909b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ @@ -45956,104 +45809,6 @@ ], "type": "uses" }, - { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "315f51f0-6b03-4c1e-bfb2-84740afb8e21", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f5bb433e-bdf6-4781-84bc-35e97e43be89", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b2d03cea-aec1-45ca-9744-9ee583c1e1cc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ @@ -46062,21 +45817,70 @@ "type": "uses" }, { - "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", + "dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "1b7b1806-7746-41a1-a35d-e48dae25ddba", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "315f51f0-6b03-4c1e-bfb2-84740afb8e21", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -46090,7 +45894,35 @@ "type": "uses" }, { - "dest-uuid": "544b0346-29ad-41e1-a808-501bb4193f47", + "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "341e222a-a6e3-4f6f-b69c-831d792b1580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -46104,14 +45936,28 @@ "type": "uses" }, { - "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -46131,6 +45977,97 @@ ], "type": "uses" }, + { + "dest-uuid": "544b0346-29ad-41e1-a808-501bb4193f47", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "767dbf9e-df3f-45cb-8998-4903ab5f80c0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", "tags": [ @@ -46139,28 +46076,63 @@ "type": "uses" }, { - "dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce", + "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", + "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "341e222a-a6e3-4f6f-b69c-831d792b1580", + "dest-uuid": "b2d03cea-aec1-45ca-9744-9ee583c1e1cc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "1b7b1806-7746-41a1-a35d-e48dae25ddba", + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -46172,6 +46144,34 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f5946b5e-9408-485f-a7f7-b5efc88909b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f5bb433e-bdf6-4781-84bc-35e97e43be89", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "00806466-754d-44ea-ad6f-0caf59cb8556", @@ -46186,9 +46186,9 @@ ], "refs": [ "https://attack.mitre.org/software/S0662", + "https://documents.trendmicro.com/assets/white_papers/wp-uncovering-DRBcontrol.pdf", "https://www.secureworks.com/research/bronze-president-targets-ngos", - "https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html", - "https://documents.trendmicro.com/assets/white_papers/wp-uncovering-DRBcontrol.pdf" + "https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html" ], "synonyms": [ "RCSession" @@ -46196,77 +46196,7 @@ }, "related": [ { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -46280,35 +46210,21 @@ "type": "uses" }, { - "dest-uuid": "b8902400-e6c5-4ba2-95aa-2d35b442b118", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -46321,6 +46237,55 @@ ], "type": "uses" }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ @@ -46328,6 +46293,27 @@ ], "type": "uses" }, + { + "dest-uuid": "b8902400-e6c5-4ba2-95aa-2d35b442b118", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ @@ -46336,7 +46322,21 @@ "type": "uses" }, { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -46365,84 +46365,7 @@ }, "related": [ { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -46456,21 +46379,7 @@ "type": "uses" }, { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -46484,7 +46393,98 @@ "type": "uses" }, { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", + "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -46510,8 +46510,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0276", - "https://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials/", - "https://www.synack.com/2017/01/01/mac-malware-2016/" + "https://www.synack.com/2017/01/01/mac-malware-2016/", + "https://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials/" ], "synonyms": [ "Keydnap", @@ -46520,21 +46520,7 @@ }, "related": [ { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a2029942-0a85-4947-b23c-ca434698171d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d10cbd34-42e3-45c0-84d2-535a09849584", + "dest-uuid": "1a80d097-54df-41d8-9d33-34e755ec5e72", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -46548,7 +46534,7 @@ "type": "uses" }, { - "dest-uuid": "b22e5153-ac28-4cc6-865c-2054e36285cb", + "dest-uuid": "a2029942-0a85-4947-b23c-ca434698171d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -46562,14 +46548,7 @@ "type": "uses" }, { - "dest-uuid": "1a80d097-54df-41d8-9d33-34e755ec5e72", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e51137a5-1cdc-499e-911a-abaedaa5ac86", + "dest-uuid": "b22e5153-ac28-4cc6-865c-2054e36285cb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -46581,6 +46560,27 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "d10cbd34-42e3-45c0-84d2-535a09849584", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e51137a5-1cdc-499e-911a-abaedaa5ac86", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "4b072c90-bc7a-432b-940e-016fc1c01761", @@ -46605,13 +46605,6 @@ ] }, "related": [ - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ @@ -46626,6 +46619,41 @@ ], "type": "uses" }, + { + "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ @@ -46641,14 +46669,7 @@ "type": "uses" }, { - "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -46660,27 +46681,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "94d6d788-07bb-4dcc-b62f-e02626b00108", @@ -46694,8 +46694,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0672", - "http://www.novetta.com/wp-content/uploads/2014/11/Executive_Summary-Final_1.pdf" + "http://www.novetta.com/wp-content/uploads/2014/11/Executive_Summary-Final_1.pdf", + "https://attack.mitre.org/software/S0672" ], "synonyms": [ "Zox", @@ -46706,28 +46706,14 @@ }, "related": [ { - "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -46740,6 +46726,13 @@ ], "type": "uses" }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ @@ -46748,7 +46741,21 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -46760,13 +46767,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "fb28627c-d6ea-4c35-b138-ab5e96ae5445", @@ -46780,8 +46780,8 @@ "Android" ], "refs": [ - "https://attack.mitre.org/software/S0286", - "http://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-improve-android-malware-stealth-routines-with-obad/" + "http://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-improve-android-malware-stealth-routines-with-obad/", + "https://attack.mitre.org/software/S0286" ], "synonyms": [ "OBAD" @@ -46789,14 +46789,14 @@ }, "related": [ { - "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "dest-uuid": "82f04b1e-5371-4a6f-be06-411f0f43b483", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "82f04b1e-5371-4a6f-be06-411f0f43b483", + "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -46831,7 +46831,7 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -46845,7 +46845,7 @@ "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -46871,6 +46871,13 @@ ] }, "related": [ + { + "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", "tags": [ @@ -46878,6 +46885,13 @@ ], "type": "uses" }, + { + "dest-uuid": "ad255bfe-a9e6-4b52-a258-8d3462abe842", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ @@ -46891,20 +46905,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "ad255bfe-a9e6-4b52-a258-8d3462abe842", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "bdad6f3b-de88-42fa-9295-d29b5271808e", @@ -46919,8 +46919,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0268", - "https://researchcenter.paloaltonetworks.com/2018/07/unit42-bisonal-malware-used-attacks-russia-south-korea/", - "https://blog.talosintelligence.com/2020/03/bisonal-10-years-of-play.html" + "https://blog.talosintelligence.com/2020/03/bisonal-10-years-of-play.html", + "https://researchcenter.paloaltonetworks.com/2018/07/unit42-bisonal-malware-used-attacks-russia-south-korea/" ], "synonyms": [ "Bisonal" @@ -46928,14 +46928,105 @@ }, "related": [ { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "82caa33e-d11a-433a-94ea-9b5a5fbef81d", + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "34f1d81d-fe88-4f97-bd3b-a3164536255d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -46948,6 +47039,13 @@ ], "type": "uses" }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", "tags": [ @@ -46962,13 +47060,6 @@ ], "type": "uses" }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "7bd9c723-2f78-4309-82c5-47cad406572b", "tags": [ @@ -46977,84 +47068,14 @@ "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "82caa33e-d11a-433a-94ea-9b5a5fbef81d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -47068,77 +47089,21 @@ "type": "uses" }, { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "34f1d81d-fe88-4f97-bd3b-a3164536255d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -47152,14 +47117,49 @@ "type": "uses" }, { - "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -47186,28 +47186,7 @@ }, "related": [ { - "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -47221,7 +47200,21 @@ "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -47234,6 +47227,41 @@ ], "type": "uses" }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ @@ -47248,34 +47276,6 @@ ], "type": "uses" }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ @@ -47284,7 +47284,7 @@ "type": "uses" }, { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -47318,21 +47318,70 @@ }, "related": [ { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -47353,7 +47402,7 @@ "type": "uses" }, { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -47367,77 +47416,7 @@ "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d336b553-5da9-46ca-98a8-0b23f49fb447", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -47450,20 +47429,6 @@ ], "type": "uses" }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", "tags": [ @@ -47472,21 +47437,56 @@ "type": "uses" }, { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "dest-uuid": "d336b553-5da9-46ca-98a8-0b23f49fb447", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -47513,14 +47513,28 @@ }, "related": [ { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -47541,21 +47555,7 @@ "type": "uses" }, { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -47573,14 +47573,21 @@ "iOS" ], "refs": [ - "https://attack.mitre.org/software/S0287", - "http://researchcenter.paloaltonetworks.com/2016/02/pirated-ios-app-stores-client-successfully-evaded-apple-ios-code-review/" + "http://researchcenter.paloaltonetworks.com/2016/02/pirated-ios-app-stores-client-successfully-evaded-apple-ios-code-review/", + "https://attack.mitre.org/software/S0287" ], "synonyms": [ "ZergHelper" ] }, "related": [ + { + "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", "tags": [ @@ -47594,13 +47601,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "3c3b55a6-c3e9-4043-8aae-283fe96220c0", @@ -47623,13 +47623,6 @@ ] }, "related": [ - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ @@ -47637,13 +47630,6 @@ ], "type": "uses" }, - { - "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1eaebf46-e361-4437-bc23-d5d65a3b92e3", "tags": [ @@ -47658,6 +47644,13 @@ ], "type": "uses" }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "a2029942-0a85-4947-b23c-ca434698171d", "tags": [ @@ -47671,6 +47664,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "2cfe8a26-5be7-4a09-8915-ea3d9e787513", @@ -47684,9 +47684,9 @@ "iOS" ], "refs": [ - "https://attack.mitre.org/software/S0297", "http://researchcenter.paloaltonetworks.com/2015/09/novel-malware-xcodeghost-modifies-xcode-infects-apple-ios-apps-and-hits-app-store/", - "http://researchcenter.paloaltonetworks.com/2015/09/update-xcodeghost-attacker-can-phish-passwords-and-open-urls-though-infected-apps/" + "http://researchcenter.paloaltonetworks.com/2015/09/update-xcodeghost-attacker-can-phish-passwords-and-open-urls-though-infected-apps/", + "https://attack.mitre.org/software/S0297" ], "synonyms": [ "XcodeGhost" @@ -47701,14 +47701,14 @@ "type": "uses" }, { - "dest-uuid": "c4b96c0b-cb58-497a-a1c2-bb447d79d692", + "dest-uuid": "3dd58c80-4c2e-458c-9503-1b2cd273c4d2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "3dd58c80-4c2e-458c-9503-1b2cd273c4d2", + "dest-uuid": "c4b96c0b-cb58-497a-a1c2-bb447d79d692", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -47734,13 +47734,6 @@ ] }, "related": [ - { - "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "01327cde-66c4-4123-bf34-5f258d59457b", "tags": [ @@ -47748,62 +47741,6 @@ ], "type": "uses" }, - { - "dest-uuid": "d10cbd34-42e3-45c0-84d2-535a09849584", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1eaebf46-e361-4437-bc23-d5d65a3b92e3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a2029942-0a85-4947-b23c-ca434698171d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "315f51f0-6b03-4c1e-bfb2-84740afb8e21", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ @@ -47812,14 +47749,7 @@ "type": "uses" }, { - "dest-uuid": "2bce5b30-7014-4a5d-ade7-12913fe6ac36", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -47832,12 +47762,82 @@ ], "type": "uses" }, + { + "dest-uuid": "1eaebf46-e361-4437-bc23-d5d65a3b92e3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2bce5b30-7014-4a5d-ade7-12913fe6ac36", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "315f51f0-6b03-4c1e-bfb2-84740afb8e21", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a2029942-0a85-4947-b23c-ca434698171d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d10cbd34-42e3-45c0-84d2-535a09849584", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "c541efb4-e7b1-4ad6-9da8-b4e113f5dd42", @@ -47851,8 +47851,8 @@ "iOS" ], "refs": [ - "https://attack.mitre.org/software/S0288", - "http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-over-225000-apple-accounts-to-create-free-app-utopia/" + "http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-over-225000-apple-accounts-to-create-free-app-utopia/", + "https://attack.mitre.org/software/S0288" ], "synonyms": [ "KeyRaider" @@ -47860,14 +47860,14 @@ }, "related": [ { - "dest-uuid": "9d7c32f4-ab39-49dc-8055-8106bc2294a1", + "dest-uuid": "3b0b604f-10db-41a0-b54c-493124d455b9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "3b0b604f-10db-41a0-b54c-493124d455b9", + "dest-uuid": "9d7c32f4-ab39-49dc-8055-8106bc2294a1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -47927,20 +47927,6 @@ ] }, "related": [ - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", "tags": [ @@ -47948,34 +47934,6 @@ ], "type": "uses" }, - { - "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ @@ -47983,6 +47941,20 @@ ], "type": "uses" }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "c8e87b83-edbb-48d4-9295-4974897525b7", "tags": [ @@ -47990,12 +47962,40 @@ ], "type": "uses" }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "518bb5f1-91f4-4ff2-b09d-5a94e1ebe95f", @@ -48010,8 +48010,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0334", - "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/DARKCOMET", - "https://blog.malwarebytes.com/threat-analysis/2012/06/you-dirty-rat-part-1-darkcomet/" + "https://blog.malwarebytes.com/threat-analysis/2012/06/you-dirty-rat-part-1-darkcomet/", + "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/DARKCOMET" ], "synonyms": [ "DarkComet", @@ -48030,14 +48030,7 @@ "type": "uses" }, { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -48051,7 +48044,7 @@ "type": "uses" }, { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -48065,56 +48058,7 @@ "type": "uses" }, { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -48128,7 +48072,56 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -48142,7 +48135,14 @@ "type": "uses" }, { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -48169,7 +48169,7 @@ }, "related": [ { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -48183,7 +48183,7 @@ "type": "uses" }, { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -48197,7 +48197,14 @@ "type": "uses" }, { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -48211,7 +48218,7 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -48223,13 +48230,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "44c75271-0e4d-496f-ae0a-a6d883a42a65", @@ -48244,11 +48244,11 @@ ], "refs": [ "https://attack.mitre.org/software/S0533", - "https://us-cert.cisa.gov/ncas/analysis-reports/ar20-275a", - "https://twitter.com/craiu/status/1311920398259367942", - "https://twitter.com/CNMF_CyberAlert/status/1311743710997159953", "https://securelist.com/iamtheking-and-the-slothfulmedia-malware-family/99000/", - "https://twitter.com/ESETresearch/status/1311762215490461696" + "https://twitter.com/CNMF_CyberAlert/status/1311743710997159953", + "https://twitter.com/ESETresearch/status/1311762215490461696", + "https://twitter.com/craiu/status/1311920398259367942", + "https://us-cert.cisa.gov/ncas/analysis-reports/ar20-275a" ], "synonyms": [ "SLOTHFULMEDIA", @@ -48258,14 +48258,42 @@ }, "related": [ { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -48279,21 +48307,21 @@ "type": "uses" }, { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -48313,13 +48341,6 @@ ], "type": "uses" }, - { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", "tags": [ @@ -48328,14 +48349,21 @@ "type": "uses" }, { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -48349,56 +48377,14 @@ "type": "uses" }, { - "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -48412,7 +48398,21 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -48431,8 +48431,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0335", - "https://www.welivesecurity.com/2017/03/30/carbon-paper-peering-turlas-second-stage-backdoor/", - "https://securelist.com/shedding-skin-turlas-fresh-faces/88069/" + "https://securelist.com/shedding-skin-turlas-fresh-faces/88069/", + "https://www.welivesecurity.com/2017/03/30/carbon-paper-peering-turlas-second-stage-backdoor/" ], "synonyms": [ "Carbon" @@ -48447,21 +48447,7 @@ "type": "uses" }, { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -48481,6 +48467,62 @@ ], "type": "uses" }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", "tags": [ @@ -48503,42 +48545,7 @@ "type": "uses" }, { - "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -48552,21 +48559,14 @@ "type": "uses" }, { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", + "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -48593,27 +48593,6 @@ ] }, "related": [ - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ @@ -48628,34 +48607,6 @@ ], "type": "uses" }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f5946b5e-9408-485f-a7f7-b5efc88909b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ @@ -48664,21 +48615,7 @@ "type": "uses" }, { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9a60a291-8960-4387-8a4a-2ab5c18bb50b", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -48691,12 +48628,75 @@ ], "type": "uses" }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9a60a291-8960-4387-8a4a-2ab5c18bb50b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f5946b5e-9408-485f-a7f7-b5efc88909b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "071d5d65-83ec-4a55-acfa-be7d5f28ba9a", @@ -48711,23 +48711,16 @@ ], "refs": [ "https://attack.mitre.org/software/S0336", - "https://www.digitrustgroup.com/nanocore-not-your-average-rat/", "https://cofense.com/nanocore-rat-resurfaced-sewers/", "https://researchcenter.paloaltonetworks.com/2016/02/nanocorerat-behind-an-increase-in-tax-themed-phishing-e-mails/", - "https://researchcenter.paloaltonetworks.com/2018/08/unit42-gorgon-group-slithering-nation-state-cybercrime/" + "https://researchcenter.paloaltonetworks.com/2018/08/unit42-gorgon-group-slithering-nation-state-cybercrime/", + "https://www.digitrustgroup.com/nanocore-not-your-average-rat/" ], "synonyms": [ "NanoCore" ] }, "related": [ - { - "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ @@ -48735,41 +48728,6 @@ ], "type": "uses" }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967", "tags": [ @@ -48778,14 +48736,21 @@ "type": "uses" }, { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -48805,6 +48770,41 @@ ], "type": "uses" }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ @@ -48832,9 +48832,9 @@ ], "refs": [ "https://attack.mitre.org/software/S0373", - "https://www.cybereason.com/blog/information-stealing-malware-targeting-brazil-full-research", "https://cofense.com/seeing-resurgence-demonic-astaroth-wmic-trojan/", - "https://securelist.com/the-tetrade-brazilian-banking-malware/97779/" + "https://securelist.com/the-tetrade-brazilian-banking-malware/97779/", + "https://www.cybereason.com/blog/information-stealing-malware-targeting-brazil-full-research" ], "synonyms": [ "Astaroth", @@ -48843,77 +48843,42 @@ }, "related": [ { - "dest-uuid": "f7827069-0bf2-4764-af4f-23fae0d181b7", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "ebbe170d-aa74-4946-8511-9921243415a3", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", + "dest-uuid": "0a5231ec-41af-4a35-83d0-6bdf11f28c65", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f2857333-11d4-45bf-b064-2c28d8525be5", + "dest-uuid": "118f61a5-eb3e-4fb6-931f-2096647f4ecd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -48927,14 +48892,42 @@ "type": "uses" }, { - "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -48955,14 +48948,14 @@ "type": "uses" }, { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -48976,56 +48969,7 @@ "type": "uses" }, { - "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0a5231ec-41af-4a35-83d0-6bdf11f28c65", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -49039,28 +48983,7 @@ "type": "uses" }, { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -49074,14 +48997,91 @@ "type": "uses" }, { - "dest-uuid": "118f61a5-eb3e-4fb6-931f-2096647f4ecd", + "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ebbe170d-aa74-4946-8511-9921243415a3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f2857333-11d4-45bf-b064-2c28d8525be5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f7827069-0bf2-4764-af4f-23fae0d181b7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -49108,7 +49108,21 @@ }, "related": [ { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -49121,6 +49135,20 @@ ], "type": "uses" }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b", "tags": [ @@ -49136,21 +49164,7 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -49163,6 +49177,13 @@ ], "type": "uses" }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ @@ -49171,28 +49192,7 @@ "type": "uses" }, { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -49219,14 +49219,14 @@ }, "related": [ { - "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -49252,8 +49252,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0339", - "https://blog.talosintelligence.com/2017/06/palestine-delphi.html", - "https://blog.radware.com/security/2018/07/micropsia-malware/" + "https://blog.radware.com/security/2018/07/micropsia-malware/", + "https://blog.talosintelligence.com/2017/06/palestine-delphi.html" ], "synonyms": [ "Micropsia" @@ -49261,28 +49261,7 @@ }, "related": [ { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -49296,7 +49275,21 @@ "type": "uses" }, { - "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -49309,6 +49302,34 @@ ], "type": "uses" }, + { + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ @@ -49324,21 +49345,7 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -49351,26 +49358,19 @@ ], "type": "uses" }, - { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "8c050cea-86e1-4b63-bf21-7af4fa483349", @@ -49392,6 +49392,13 @@ ] }, "related": [ + { + "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ @@ -49399,6 +49406,13 @@ ], "type": "uses" }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ @@ -49412,20 +49426,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "dcac85c1-6485-4790-84f6-de5e6f6b91dd", @@ -49447,27 +49447,6 @@ ] }, "related": [ - { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b", "tags": [ @@ -49476,14 +49455,7 @@ "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529", + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -49497,7 +49469,35 @@ "type": "uses" }, { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -49525,28 +49525,7 @@ }, "related": [ { - "dest-uuid": "677569f9-a8b0-459e-ab24-7f18091fa7bf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -49560,7 +49539,7 @@ "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -49573,6 +49552,13 @@ ], "type": "uses" }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", "tags": [ @@ -49580,6 +49566,13 @@ ], "type": "uses" }, + { + "dest-uuid": "677569f9-a8b0-459e-ab24-7f18091fa7bf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ @@ -49588,14 +49581,21 @@ "type": "uses" }, { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -49615,26 +49615,26 @@ ], "type": "uses" }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "f9b05f33-d45d-4e4d-aafe-c208d38a0080", @@ -49649,8 +49649,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0435", - "https://blog.trendmicro.com/trendlabs-security-intelligence/plead-targeted-attacks-against-taiwanese-government-agencies-2/", "https://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blacktech-cyber-espionage-campaigns/", + "https://blog.trendmicro.com/trendlabs-security-intelligence/plead-targeted-attacks-against-taiwanese-government-agencies-2/", "https://blogs.jpcert.or.jp/en/2018/03/malware-tscooki-7aa0.html" ], "synonyms": [ @@ -49658,34 +49658,6 @@ ] }, "related": [ - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ @@ -49693,55 +49665,6 @@ ], "type": "uses" }, - { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f7c0689c-4dbd-489b-81be-7cb7c7079ade", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ @@ -49756,12 +49679,89 @@ ], "type": "uses" }, + { + "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f7c0689c-4dbd-489b-81be-7cb7c7079ade", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "b57f419e-8b12-49d3-886b-145383725dcd", @@ -49776,10 +49776,10 @@ ], "refs": [ "https://attack.mitre.org/software/S0534", - "https://www.cybereason.com/blog/a-bazar-of-tricks-following-team9s-development-cycles", - "https://www.fireeye.com/blog/threat-research/2020/10/kegtap-and-singlemalt-with-a-ransomware-chaser.html", + "https://research.nccgroup.com/2020/06/02/in-depth-analysis-of-the-new-team9-malware-family/", "https://www.crowdstrike.com/blog/wizard-spider-adversary-update/", - "https://research.nccgroup.com/2020/06/02/in-depth-analysis-of-the-new-team9-malware-family/" + "https://www.cybereason.com/blog/a-bazar-of-tricks-following-team9s-development-cycles", + "https://www.fireeye.com/blog/threat-research/2020/10/kegtap-and-singlemalt-with-a-ransomware-chaser.html" ], "synonyms": [ "Bazar", @@ -49789,49 +49789,35 @@ }, "related": [ { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "c8e87b83-edbb-48d4-9295-4974897525b7", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "dest-uuid": "118f61a5-eb3e-4fb6-931f-2096647f4ecd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "c1b68a96-3c48-49ea-a6c0-9b27359f9c19", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "dest-uuid": "11f29a39-0942-4d62-92b6-fe236cf3066e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -49845,7 +49831,77 @@ "type": "uses" }, { - "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", + "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -49866,98 +49922,7 @@ "type": "uses" }, { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "82caa33e-d11a-433a-94ea-9b5a5fbef81d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "6836813e-8ec8-4375-b459-abb388cb1a35", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -49971,28 +49936,7 @@ "type": "uses" }, { - "dest-uuid": "118f61a5-eb3e-4fb6-931f-2096647f4ecd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -50006,49 +49950,35 @@ "type": "uses" }, { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "82caa33e-d11a-433a-94ea-9b5a5fbef81d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -50061,6 +49991,13 @@ ], "type": "uses" }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ @@ -50068,6 +50005,20 @@ ], "type": "uses" }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", "tags": [ @@ -50076,28 +50027,7 @@ "type": "uses" }, { - "dest-uuid": "11f29a39-0942-4d62-92b6-fe236cf3066e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -50110,6 +50040,48 @@ ], "type": "uses" }, + { + "dest-uuid": "c1b68a96-3c48-49ea-a6c0-9b27359f9c19", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c8e87b83-edbb-48d4-9295-4974897525b7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", "tags": [ @@ -50117,6 +50089,27 @@ ], "type": "uses" }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ @@ -50125,14 +50118,21 @@ "type": "uses" }, { - "dest-uuid": "6836813e-8ec8-4375-b459-abb388cb1a35", + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -50158,13 +50158,6 @@ ] }, "related": [ - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ @@ -50172,48 +50165,6 @@ ], "type": "uses" }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ @@ -50221,6 +50172,13 @@ ], "type": "uses" }, + { + "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", "tags": [ @@ -50228,27 +50186,6 @@ ], "type": "uses" }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ @@ -50257,7 +50194,7 @@ "type": "uses" }, { - "dest-uuid": "41868330-6ee2-4d0f-b743-9f2294c3c9b6", + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -50270,6 +50207,48 @@ ], "type": "uses" }, + { + "dest-uuid": "41868330-6ee2-4d0f-b743-9f2294c3c9b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ @@ -50277,6 +50256,27 @@ ], "type": "uses" }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", "tags": [ @@ -50285,7 +50285,7 @@ "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -50319,77 +50319,7 @@ "type": "uses" }, { - "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -50402,6 +50332,55 @@ ], "type": "uses" }, + { + "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ @@ -50410,7 +50389,28 @@ "type": "uses" }, { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -50437,13 +50437,6 @@ ] }, "related": [ - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ @@ -50452,7 +50445,14 @@ "type": "uses" }, { - "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -50465,13 +50465,6 @@ ], "type": "uses" }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ @@ -50487,7 +50480,14 @@ "type": "uses" }, { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -50508,7 +50508,7 @@ "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -50534,20 +50534,6 @@ ] }, "related": [ - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ @@ -50555,34 +50541,6 @@ ], "type": "uses" }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ @@ -50590,6 +50548,20 @@ ], "type": "uses" }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "91541e7e-b969-40c6-bbd8-1b5352ec2938", "tags": [ @@ -50597,12 +50569,40 @@ ], "type": "uses" }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "c1b68a96-3c48-49ea-a6c0-9b27359f9c19", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "03ea629c-517a-41e3-94f8-c7e5368cf8f4", @@ -50625,28 +50625,7 @@ }, "related": [ { - "dest-uuid": "fd339382-bfec-4bf0-8d47-1caedc9e7e57", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "351c0927-2fc1-4a2c-ad84-cbbee7eb8172", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "dest-uuid": "039bc59c-ecc7-4997-b2b4-4ab728bd91aa", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -50660,14 +50639,14 @@ "type": "uses" }, { - "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", + "dest-uuid": "27f483c6-6666-44fa-8532-ffd5fc7dab38", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "dest-uuid": "351c0927-2fc1-4a2c-ad84-cbbee7eb8172", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -50681,14 +50660,7 @@ "type": "uses" }, { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "039bc59c-ecc7-4997-b2b4-4ab728bd91aa", + "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -50708,6 +50680,20 @@ ], "type": "uses" }, + { + "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", "tags": [ @@ -50716,14 +50702,28 @@ "type": "uses" }, { - "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", + "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "27f483c6-6666-44fa-8532-ffd5fc7dab38", + "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "fd339382-bfec-4bf0-8d47-1caedc9e7e57", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -50751,14 +50751,7 @@ }, "related": [ { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -50779,42 +50772,7 @@ "type": "uses" }, { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -50827,6 +50785,41 @@ ], "type": "uses" }, + { + "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ @@ -50835,7 +50828,14 @@ "type": "uses" }, { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -50862,84 +50862,7 @@ }, "related": [ { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "853c4192-4311-43e1-bfbb-b11b14911852", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b77cf5f3-6060-475d-bd60-40ccbf28fdc2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d4dc46e3-5ba5-45b9-8204-010867cacfcb", + "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -50953,7 +50876,84 @@ "type": "uses" }, { - "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "853c4192-4311-43e1-bfbb-b11b14911852", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b77cf5f3-6060-475d-bd60-40ccbf28fdc2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d4dc46e3-5ba5-45b9-8204-010867cacfcb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -50979,13 +50979,6 @@ ] }, "related": [ - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ @@ -50993,41 +50986,6 @@ ], "type": "uses" }, - { - "dest-uuid": "d467bc38-284b-4a00-96ac-125f447799fc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ @@ -51041,6 +50999,48 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d467bc38-284b-4a00-96ac-125f447799fc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "288fa242-e894-4c7e-ac86-856deedf5cea", @@ -51063,21 +51063,7 @@ }, "related": [ { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -51091,7 +51077,21 @@ "type": "uses" }, { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -51105,7 +51105,7 @@ "type": "uses" }, { - "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -51132,34 +51132,6 @@ ] }, "related": [ - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ @@ -51175,14 +51147,21 @@ "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -51196,7 +51175,28 @@ "type": "uses" }, { - "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -51223,63 +51223,7 @@ }, "related": [ { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -51293,7 +51237,63 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -51319,6 +51319,13 @@ ] }, "related": [ + { + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ @@ -51333,13 +51340,6 @@ ], "type": "uses" }, - { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ @@ -51348,7 +51348,7 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -51362,7 +51362,7 @@ "type": "uses" }, { - "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -51389,48 +51389,6 @@ ] }, "related": [ - { - "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ @@ -51438,27 +51396,6 @@ ], "type": "uses" }, - { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ @@ -51466,6 +51403,34 @@ ], "type": "uses" }, + { + "dest-uuid": "09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2acf44aa-542f-4366-b4eb-55ef5747759c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", "tags": [ @@ -51473,6 +51438,34 @@ ], "type": "uses" }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ @@ -51481,14 +51474,21 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "2acf44aa-542f-4366-b4eb-55ef5747759c", + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -51515,14 +51515,21 @@ }, "related": [ { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -51536,14 +51543,84 @@ "type": "uses" }, { - "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", + "dest-uuid": "0a5231ec-41af-4a35-83d0-6bdf11f28c65", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -51557,14 +51634,28 @@ "type": "uses" }, { - "dest-uuid": "9a60a291-8960-4387-8a4a-2ab5c18bb50b", + "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "eb125d40-0b2d-41ac-a71a-3229241c2cd3", + "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -51578,7 +51669,28 @@ "type": "uses" }, { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7c0f17c9-1af6-4628-9cbd-9e45482dd605", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9a60a291-8960-4387-8a4a-2ab5c18bb50b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -51598,111 +51710,6 @@ ], "type": "uses" }, - { - "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7c0f17c9-1af6-4628-9cbd-9e45482dd605", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0a5231ec-41af-4a35-83d0-6bdf11f28c65", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", "tags": [ @@ -51711,21 +51718,7 @@ "type": "uses" }, { - "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -51739,21 +51732,28 @@ "type": "uses" }, { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", + "dest-uuid": "eb125d40-0b2d-41ac-a71a-3229241c2cd3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", + "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -51772,8 +51772,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0483", - "https://securityintelligence.com/new-banking-trojan-icedid-discovered-by-ibm-x-force-research/", - "https://blogs.juniper.net/en-us/threat-research/covid-19-and-fmla-campaigns-used-to-install-new-icedid-banking-malware" + "https://blogs.juniper.net/en-us/threat-research/covid-19-and-fmla-campaigns-used-to-install-new-icedid-banking-malware", + "https://securityintelligence.com/new-banking-trojan-icedid-discovered-by-ibm-x-force-research/" ], "synonyms": [ "IcedID" @@ -51781,84 +51781,7 @@ }, "related": [ { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7c0f17c9-1af6-4628-9cbd-9e45482dd605", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "544b0346-29ad-41e1-a808-501bb4193f47", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -51872,14 +51795,35 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -51893,7 +51837,49 @@ "type": "uses" }, { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "544b0346-29ad-41e1-a808-501bb4193f47", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7c0f17c9-1af6-4628-9cbd-9e45482dd605", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -51907,7 +51893,21 @@ "type": "uses" }, { - "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -51926,10 +51926,10 @@ ], "refs": [ "https://attack.mitre.org/software/S0384", - "https://www.secureworks.com/research/dridex-bugat-v5-botnet-takeover-operation", - "https://securelist.com/dridex-a-history-of-evolution/78531/", "https://home.treasury.gov/news/press-releases/sm845", - "https://research.checkpoint.com/2021/stopping-serial-killer-catching-the-next-strike/" + "https://research.checkpoint.com/2021/stopping-serial-killer-catching-the-next-strike/", + "https://securelist.com/dridex-a-history-of-evolution/78531/", + "https://www.secureworks.com/research/dridex-bugat-v5-botnet-takeover-operation" ], "synonyms": [ "Dridex", @@ -51938,21 +51938,7 @@ }, "related": [ { - "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "544b0346-29ad-41e1-a808-501bb4193f47", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -51966,28 +51952,7 @@ "type": "uses" }, { - "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -52001,7 +51966,42 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "544b0346-29ad-41e1-a808-501bb4193f47", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -52015,7 +52015,7 @@ "type": "uses" }, { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -52042,70 +52042,7 @@ }, "related": [ { - "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bd369cd9-abb8-41ce-b5bb-fff23ee86c00", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -52118,6 +52055,34 @@ ], "type": "uses" }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ @@ -52126,7 +52091,35 @@ "type": "uses" }, { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bd369cd9-abb8-41ce-b5bb-fff23ee86c00", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -52140,7 +52133,14 @@ "type": "uses" }, { - "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -52167,14 +52167,35 @@ }, "related": [ { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "633a100c-b2c9-41bf-9be5-905c1b16c825", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -52195,14 +52216,14 @@ "type": "uses" }, { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -52215,33 +52236,12 @@ ], "type": "uses" }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "633a100c-b2c9-41bf-9be5-905c1b16c825", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "fc774af4-533b-4724-96d2-ac1026316794", @@ -52264,35 +52264,7 @@ }, "related": [ { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -52305,6 +52277,13 @@ ], "type": "uses" }, + { + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ @@ -52312,111 +52291,6 @@ ], "type": "uses" }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "86850eff-2729-40c3-b85e-c4af26da4a2d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c325b232-d5bc-4dde-a3ec-71f3db9e8adc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "91541e7e-b969-40c6-bbd8-1b5352ec2938", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ @@ -52425,14 +52299,21 @@ "type": "uses" }, { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -52446,7 +52327,21 @@ "type": "uses" }, { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -52460,14 +52355,14 @@ "type": "uses" }, { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -52480,6 +52375,111 @@ ], "type": "uses" }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "86850eff-2729-40c3-b85e-c4af26da4a2d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "91541e7e-b969-40c6-bbd8-1b5352ec2938", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c325b232-d5bc-4dde-a3ec-71f3db9e8adc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", "tags": [ @@ -52488,7 +52488,7 @@ "type": "uses" }, { - "dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b", + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -52515,7 +52515,14 @@ }, "related": [ { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -52529,7 +52536,7 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -52542,13 +52549,6 @@ ], "type": "uses" }, - { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ @@ -52557,7 +52557,7 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -52584,42 +52584,7 @@ }, "related": [ { - "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4bc31b94-045b-4752-8920-aebaebdb6470", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "853c4192-4311-43e1-bfbb-b11b14911852", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -52633,14 +52598,14 @@ "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -52654,7 +52619,7 @@ "type": "uses" }, { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -52668,7 +52633,28 @@ "type": "uses" }, { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "4bc31b94-045b-4752-8920-aebaebdb6470", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "853c4192-4311-43e1-bfbb-b11b14911852", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -52682,14 +52668,28 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -52724,7 +52724,21 @@ "type": "uses" }, { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "dest-uuid": "1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -52738,7 +52752,21 @@ "type": "uses" }, { - "dest-uuid": "1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf", + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -52764,34 +52792,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "21583311-6321-4891-8a37-3eb4e57b0fb1", @@ -52814,42 +52814,7 @@ }, "related": [ { - "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bd4d32f5-eed4-4018-a649-40b229dd1d69", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8e27551a-5080-4148-a584-c64348212e4f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "dest-uuid": "00290ac5-551e-44aa-bbd8-c4b913488a6d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -52863,14 +52828,14 @@ "type": "uses" }, { - "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", + "dest-uuid": "3dd58c80-4c2e-458c-9503-1b2cd273c4d2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "b327a9c0-e709-495c-aa6e-00b042136e2b", + "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -52884,21 +52849,7 @@ "type": "uses" }, { - "dest-uuid": "9d7c32f4-ab39-49dc-8055-8106bc2294a1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "00290ac5-551e-44aa-bbd8-c4b913488a6d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -52912,14 +52863,42 @@ "type": "uses" }, { - "dest-uuid": "3dd58c80-4c2e-458c-9503-1b2cd273c4d2", + "dest-uuid": "8e27551a-5080-4148-a584-c64348212e4f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9d7c32f4-ab39-49dc-8055-8106bc2294a1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b327a9c0-e709-495c-aa6e-00b042136e2b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bd4d32f5-eed4-4018-a649-40b229dd1d69", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -52938,6 +52917,27 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "a993495c-9813-4372-b9ec-d168c7f7ec0a", @@ -52952,11 +52952,11 @@ ], "refs": [ "https://attack.mitre.org/software/S0356", - "https://researchcenter.paloaltonetworks.com/2018/10/unit42-nokki-almost-ties-the-knot-with-dogcall-reaper-group-uses-new-malware-to-deploy-rat/", - "https://researchcenter.paloaltonetworks.com/2018/09/unit42-new-konni-malware-attacking-eurasia-southeast-asia/", - "https://medium.com/d-hunter/a-look-into-konni-2019-campaign-b45a0f321e9b", + "https://blog.malwarebytes.com/threat-intelligence/2021/08/new-variant-of-konni-malware-used-in-campaign-targetting-russia/", "https://blog.talosintelligence.com/2017/05/konni-malware-under-radar-for-years.html", - "https://blog.malwarebytes.com/threat-intelligence/2021/08/new-variant-of-konni-malware-used-in-campaign-targetting-russia/" + "https://medium.com/d-hunter/a-look-into-konni-2019-campaign-b45a0f321e9b", + "https://researchcenter.paloaltonetworks.com/2018/09/unit42-new-konni-malware-attacking-eurasia-southeast-asia/", + "https://researchcenter.paloaltonetworks.com/2018/10/unit42-nokki-almost-ties-the-knot-with-dogcall-reaper-group-uses-new-malware-to-deploy-rat/" ], "synonyms": [ "KONNI" @@ -52964,105 +52964,7 @@ }, "related": [ { - "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -53076,28 +52978,35 @@ "type": "uses" }, { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -53111,14 +53020,14 @@ "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -53132,7 +53041,56 @@ "type": "uses" }, { - "dest-uuid": "bc0f5e80-91c0-4e04-9fbb-e4e332c85dae", + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -53146,14 +53104,63 @@ "type": "uses" }, { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "677569f9-a8b0-459e-ab24-7f18091fa7bf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "93591901-3172-4e94-abf8-6034ab26f44a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -53173,6 +53180,27 @@ ], "type": "uses" }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bc0f5e80-91c0-4e04-9fbb-e4e332c85dae", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ @@ -53181,56 +53209,28 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "93591901-3172-4e94-abf8-6034ab26f44a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "677569f9-a8b0-459e-ab24-7f18091fa7bf", + "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -53264,14 +53264,7 @@ "type": "uses" }, { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "acd0ba37-7ba9-4cc5-ac61-796586cd856d", + "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -53285,7 +53278,7 @@ "type": "uses" }, { - "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -53297,6 +53290,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "acd0ba37-7ba9-4cc5-ac61-796586cd856d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "2cf7dec3-66fc-423f-b2c7-58f1de243b4e", @@ -53319,14 +53319,7 @@ }, "related": [ { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6836813e-8ec8-4375-b459-abb388cb1a35", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -53340,7 +53333,14 @@ "type": "uses" }, { - "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -53353,6 +53353,41 @@ ], "type": "uses" }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6836813e-8ec8-4375-b459-abb388cb1a35", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", "tags": [ @@ -53360,6 +53395,27 @@ ], "type": "uses" }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ @@ -53373,62 +53429,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "ecc2f65a-b452-4eaf-9689-7e181f17f7a5", @@ -53443,9 +53443,9 @@ ], "refs": [ "https://attack.mitre.org/software/S0385", + "https://blog.trendmicro.com/trendlabs-security-intelligence/autoit-compiled-worm-affecting-removable-media-delivers-fileless-version-of-bladabindi-njrat-backdoor/", "https://www.fireeye.com/blog/threat-research/2013/08/njw0rm-brother-from-the-same-mother.html", - "https://www.threatminer.org/_reports/2013/fta-1009---njrat-uncovered-1.pdf", - "https://blog.trendmicro.com/trendlabs-security-intelligence/autoit-compiled-worm-affecting-removable-media-delivers-fileless-version-of-bladabindi-njrat-backdoor/" + "https://www.threatminer.org/_reports/2013/fta-1009---njrat-uncovered-1.pdf" ], "synonyms": [ "njRAT", @@ -53455,97 +53455,6 @@ ] }, "related": [ - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ @@ -53553,48 +53462,6 @@ ], "type": "uses" }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "29ba5a15-3b7b-4732-b817-65ea8f6468e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ @@ -53603,14 +53470,35 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "29ba5a15-3b7b-4732-b817-65ea8f6468e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -53623,6 +53511,48 @@ ], "type": "uses" }, + { + "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", "tags": [ @@ -53638,14 +53568,28 @@ "type": "uses" }, { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -53658,6 +53602,27 @@ ], "type": "uses" }, + { + "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "c726e0a2-a57a-4b7b-a973-d0f013246617", "tags": [ @@ -53673,14 +53638,49 @@ "type": "uses" }, { - "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -53707,14 +53707,7 @@ }, "related": [ { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -53727,6 +53720,55 @@ ], "type": "uses" }, + { + "dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", "tags": [ @@ -53734,6 +53776,13 @@ ], "type": "uses" }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", "tags": [ @@ -53748,34 +53797,6 @@ ], "type": "uses" }, - { - "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ @@ -53784,28 +53805,7 @@ "type": "uses" }, { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec", + "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -53824,9 +53824,9 @@ ], "refs": [ "https://attack.mitre.org/software/S0583", - "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-003.pdf", + "https://digital.nhs.uk/cyber-alerts/2020/cc-3633", "https://thedfirreport.com/2020/11/23/pysa-mespinoza-ransomware/", - "https://digital.nhs.uk/cyber-alerts/2020/cc-3633" + "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-003.pdf" ], "synonyms": [ "Pysa", @@ -53835,7 +53835,21 @@ }, "related": [ { - "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -53848,6 +53862,34 @@ ], "type": "uses" }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", "tags": [ @@ -53855,6 +53897,34 @@ ], "type": "uses" }, + { + "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ @@ -53870,77 +53940,7 @@ "type": "uses" }, { - "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -53967,7 +53967,7 @@ }, "related": [ { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -53981,14 +53981,14 @@ "type": "uses" }, { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -54029,20 +54029,6 @@ ] }, "related": [ - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ @@ -54050,27 +54036,6 @@ ], "type": "uses" }, - { - "dest-uuid": "eec23884-3fa1-4d8a-ac50-6f104d51e235", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ @@ -54086,35 +54051,7 @@ "type": "uses" }, { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4eeaf8a9-c86b-4954-a663-9555fb406466", + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -54128,28 +54065,7 @@ "type": "uses" }, { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d0613359-5781-4fd2-b5be-c269270be1f6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -54162,6 +54078,41 @@ ], "type": "uses" }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4eeaf8a9-c86b-4954-a663-9555fb406466", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ @@ -54169,6 +54120,48 @@ ], "type": "uses" }, + { + "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d0613359-5781-4fd2-b5be-c269270be1f6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ @@ -54177,7 +54170,14 @@ "type": "uses" }, { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "eec23884-3fa1-4d8a-ac50-6f104d51e235", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -54197,10 +54197,10 @@ "refs": [ "https://attack.mitre.org/software/S0366", "https://logrhythm.com/blog/a-technical-analysis-of-wannacry-ransomware/", - "https://www.us-cert.gov/ncas/alerts/TA17-132A", - "https://www.washingtonpost.com/business/economy/more-than-150-countries-affected-by-massive-cyberattack-europol-says/2017/05/14/5091465e-3899-11e7-9e48-c4f199710b69_story.html?utm_term=.7fa16b41cad4", "https://www.fireeye.com/blog/threat-research/2017/05/wannacry-malware-profile.html", - "https://www.secureworks.com/research/wcry-ransomware-analysis" + "https://www.secureworks.com/research/wcry-ransomware-analysis", + "https://www.us-cert.gov/ncas/alerts/TA17-132A", + "https://www.washingtonpost.com/business/economy/more-than-150-countries-affected-by-massive-cyberattack-europol-says/2017/05/14/5091465e-3899-11e7-9e48-c4f199710b69_story.html?utm_term=.7fa16b41cad4" ], "synonyms": [ "WannaCry", @@ -54211,6 +54211,13 @@ ] }, "related": [ + { + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", "tags": [ @@ -54218,6 +54225,13 @@ ], "type": "uses" }, + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", "tags": [ @@ -54225,6 +54239,41 @@ ], "type": "uses" }, + { + "dest-uuid": "34e793de-0274-4982-9c1a-246ed1c19dee", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", "tags": [ @@ -54240,35 +54289,14 @@ "type": "uses" }, { - "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", + "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "34e793de-0274-4982-9c1a-246ed1c19dee", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "e0033c16-a07e-48aa-8204-7c3ca669998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -54281,27 +54309,6 @@ ], "type": "uses" }, - { - "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", "tags": [ @@ -54310,14 +54317,7 @@ "type": "uses" }, { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e0033c16-a07e-48aa-8204-7c3ca669998c", + "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -54343,13 +54343,6 @@ ] }, "related": [ - { - "dest-uuid": "853c4192-4311-43e1-bfbb-b11b14911852", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ @@ -54358,7 +54351,7 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "853c4192-4311-43e1-bfbb-b11b14911852", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -54370,6 +54363,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "96eca9b9-b37f-42f1-96dc-a2c441403194", @@ -54395,77 +54395,7 @@ }, "related": [ { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -54479,7 +54409,7 @@ "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -54493,7 +54423,77 @@ "type": "uses" }, { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -54520,126 +54520,14 @@ }, "related": [ { - "dest-uuid": "0a5231ec-41af-4a35-83d0-6bdf11f28c65", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c877e33f-1df6-40d6-b1e7-ce70f16f4979", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -54653,63 +54541,28 @@ "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "dest-uuid": "0a5231ec-41af-4a35-83d0-6bdf11f28c65", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c726e0a2-a57a-4b7b-a973-d0f013246617", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5e4a2073-9643-44cb-a0b5-e7f4048446c7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -54722,6 +54575,97 @@ ], "type": "uses" }, + { + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5e4a2073-9643-44cb-a0b5-e7f4048446c7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ @@ -54730,7 +54674,63 @@ "type": "uses" }, { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c726e0a2-a57a-4b7b-a973-d0f013246617", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c877e33f-1df6-40d6-b1e7-ce70f16f4979", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -54756,19 +54756,19 @@ ], "refs": [ "https://attack.mitre.org/software/S0367", - "https://blog.trendmicro.com/trendlabs-security-intelligence/new-banking-malware-uses-network-sniffing-for-data-theft/", - "https://securelist.com/the-banking-trojan-emotet-detailed-analysis/69560/", - "https://www.cisecurity.org/blog/emotet-changes-ttp-and-arrives-in-united-states/", - "https://support.malwarebytes.com/docs/DOC-2295", - "https://www.symantec.com/blogs/threat-intelligence/evolution-emotet-trojan-distributor", - "https://www.us-cert.gov/ncas/alerts/TA18-201A", - "https://www.welivesecurity.com/2018/11/09/emotet-launches-major-new-spam-campaign/", - "https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader", "https://blog.talosintelligence.com/2019/01/return-of-emotet.html", + "https://blog.trendmicro.com/trendlabs-security-intelligence/new-banking-malware-uses-network-sniffing-for-data-theft/", "https://documents.trendmicro.com/assets/white_papers/ExploringEmotetsActivities_Final.pdf", + "https://redcanary.com/blog/stopping-emotet-before-it-moves-laterally/", + "https://securelist.com/the-banking-trojan-emotet-detailed-analysis/69560/", + "https://support.malwarebytes.com/docs/DOC-2295", + "https://www.cisecurity.org/blog/emotet-changes-ttp-and-arrives-in-united-states/", "https://www.cisecurity.org/white-papers/ms-isac-security-primer-emotet/", "https://www.picussecurity.com/blog/the-christmas-card-you-never-wanted-a-new-wave-of-emotet-is-back-to-wreak-havoc.html", - "https://redcanary.com/blog/stopping-emotet-before-it-moves-laterally/" + "https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader", + "https://www.symantec.com/blogs/threat-intelligence/evolution-emotet-trojan-distributor", + "https://www.us-cert.gov/ncas/alerts/TA18-201A", + "https://www.welivesecurity.com/2018/11/09/emotet-launches-major-new-spam-campaign/" ], "synonyms": [ "Emotet", @@ -54777,42 +54777,21 @@ }, "related": [ { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", + "dest-uuid": "09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -54826,35 +54805,14 @@ "type": "uses" }, { - "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4bc31b94-045b-4752-8920-aebaebdb6470", + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -54875,21 +54833,49 @@ "type": "uses" }, { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", + "dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "dest-uuid": "4bc31b94-045b-4752-8920-aebaebdb6470", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -54902,6 +54888,41 @@ ], "type": "uses" }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ @@ -54909,20 +54930,6 @@ ], "type": "uses" }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", "tags": [ @@ -54931,7 +54938,21 @@ "type": "uses" }, { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", + "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -54952,14 +54973,7 @@ "type": "uses" }, { - "dest-uuid": "fdc47f44-dd32-4b99-af5f-209f556f63c2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -54972,20 +54986,6 @@ ], "type": "uses" }, - { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", "tags": [ @@ -54994,7 +54994,7 @@ "type": "uses" }, { - "dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529", + "dest-uuid": "fdc47f44-dd32-4b99-af5f-209f556f63c2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -55021,77 +55021,7 @@ }, "related": [ { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -55105,14 +55035,7 @@ "type": "uses" }, { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", + "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -55133,7 +55056,14 @@ "type": "uses" }, { - "dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e", + "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -55147,7 +55077,14 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -55159,6 +55096,69 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "454fe82d-6fd2-4ac6-91ab-28a33fe01369", @@ -55173,35 +55173,14 @@ ], "refs": [ "https://attack.mitre.org/software/S0637", - "https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/", - "https://labs.sentinelone.com/noblebaron-new-poisoned-installers-could-be-used-in-supply-chain-attacks/" + "https://labs.sentinelone.com/noblebaron-new-poisoned-installers-could-be-used-in-supply-chain-attacks/", + "https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/" ], "synonyms": [ "NativeZone" ] }, "related": [ - { - "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "853c4192-4311-43e1-bfbb-b11b14911852", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ @@ -55216,12 +55195,33 @@ ], "type": "uses" }, + { + "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "853c4192-4311-43e1-bfbb-b11b14911852", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84", @@ -55237,9 +55237,9 @@ ], "refs": [ "https://attack.mitre.org/software/S0638", - "https://www.sogeti.com/globalassets/reports/cybersecchronicles_-_babuk.pdf", - "https://www.mcafee.com/enterprise/en-us/assets/reports/rp-babuk-ransomware.pdf", "https://www.cyberscoop.com/babuk-ransomware-serco-attack/", + "https://www.mcafee.com/enterprise/en-us/assets/reports/rp-babuk-ransomware.pdf", + "https://www.sogeti.com/globalassets/reports/cybersecchronicles_-_babuk.pdf", "https://www.trendmicro.com/en_us/research/21/b/new-in-ransomware.html" ], "synonyms": [ @@ -55250,14 +55250,21 @@ }, "related": [ { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -55270,6 +55277,34 @@ ], "type": "uses" }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ @@ -55285,35 +55320,21 @@ "type": "uses" }, { - "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", + "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -55325,27 +55346,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "61c7a91a-0b83-461d-ad32-75d96eed4a09", @@ -55361,9 +55361,9 @@ "refs": [ "https://attack.mitre.org/software/S0368", "https://blog.talosintelligence.com/2017/06/worldwide-ransomware-variant.html", + "https://www.justice.gov/opa/press-release/file/1328521/download", "https://www.us-cert.gov/ncas/alerts/TA17-181A", - "https://www.welivesecurity.com/2017/06/30/telebots-back-supply-chain-attacks-against-ukraine/", - "https://www.justice.gov/opa/press-release/file/1328521/download" + "https://www.welivesecurity.com/2017/06/30/telebots-back-supply-chain-attacks-against-ukraine/" ], "synonyms": [ "NotPetya", @@ -55376,21 +55376,7 @@ }, "related": [ { - "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -55404,56 +55390,7 @@ "type": "uses" }, { - "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "fdc47f44-dd32-4b99-af5f-209f556f63c2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ff73aa03-0090-4464-83ac-f89e233c02bc", + "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -55466,12 +55403,75 @@ ], "type": "uses" }, + { + "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "fdc47f44-dd32-4b99-af5f-209f556f63c2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ff73aa03-0090-4464-83ac-f89e233c02bc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "5719af9d-6b16-46f9-9b28-fb019541ddbb", @@ -55486,10 +55486,10 @@ ], "refs": [ "https://attack.mitre.org/software/S0386", - "https://www.cyber.nj.gov/threat-profiles/trojan-variants/ursnif", - "https://www.proofpoint.com/us/threat-insight/post/ursnif-variant-dreambot-adds-tor-functionality", "https://blog.trendmicro.com/trendlabs-security-intelligence/ursnif-the-multifaceted-malware/?_ga=2.165628854.808042651.1508120821-744063452.1505819992", - "https://www.fireeye.com/blog/threat-research/2017/11/ursnif-variant-malicious-tls-callback-technique.html" + "https://www.cyber.nj.gov/threat-profiles/trojan-variants/ursnif", + "https://www.fireeye.com/blog/threat-research/2017/11/ursnif-variant-malicious-tls-callback-technique.html", + "https://www.proofpoint.com/us/threat-insight/post/ursnif-variant-dreambot-adds-tor-functionality" ], "synonyms": [ "Ursnif", @@ -55499,69 +55499,6 @@ ] }, "related": [ - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f5946b5e-9408-485f-a7f7-b5efc88909b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "118f61a5-eb3e-4fb6-931f-2096647f4ecd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ @@ -55577,21 +55514,7 @@ "type": "uses" }, { - "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e49ee9d2-0d98-44ef-85e5-5d3100065744", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "246fd3c7-f5e3-466d-8787-4c13d9e3b61c", + "dest-uuid": "118f61a5-eb3e-4fb6-931f-2096647f4ecd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -55605,49 +55528,14 @@ "type": "uses" }, { - "dest-uuid": "2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "544b0346-29ad-41e1-a808-501bb4193f47", + "dest-uuid": "246fd3c7-f5e3-466d-8787-4c13d9e3b61c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -55661,56 +55549,14 @@ "type": "uses" }, { - "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", + "dest-uuid": "2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -55723,6 +55569,27 @@ ], "type": "uses" }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ @@ -55730,6 +55597,55 @@ ], "type": "uses" }, + { + "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "544b0346-29ad-41e1-a808-501bb4193f47", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ @@ -55738,7 +55654,91 @@ "type": "uses" }, { - "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", + "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e49ee9d2-0d98-44ef-85e5-5d3100065744", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f5946b5e-9408-485f-a7f7-b5efc88909b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -55765,14 +55765,21 @@ }, "related": [ { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -55793,7 +55800,28 @@ "type": "uses" }, { - "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -55813,27 +55841,6 @@ ], "type": "uses" }, - { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ @@ -55841,26 +55848,19 @@ ], "type": "uses" }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "a8a778f5-0035-4870-bb25-53dc05029586", @@ -55882,13 +55882,6 @@ ] }, "related": [ - { - "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "31a0a2ac-c67c-4a7e-b9ed-6a96477d4e8e", "tags": [ @@ -55896,13 +55889,6 @@ ], "type": "uses" }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ @@ -55910,20 +55896,6 @@ ], "type": "uses" }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d10cbd34-42e3-45c0-84d2-535a09849584", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", "tags": [ @@ -55931,6 +55903,20 @@ ], "type": "uses" }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", "tags": [ @@ -55938,6 +55924,13 @@ ], "type": "uses" }, + { + "dest-uuid": "d10cbd34-42e3-45c0-84d2-535a09849584", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ @@ -55946,7 +55939,14 @@ "type": "uses" }, { - "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -55965,8 +55965,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0693", - "https://www.welivesecurity.com/2022/03/15/caddywiper-new-wiper-malware-discovered-ukraine", - "https://blog.talosintelligence.com/2022/03/threat-advisory-caddywiper.html" + "https://blog.talosintelligence.com/2022/03/threat-advisory-caddywiper.html", + "https://www.welivesecurity.com/2022/03/15/caddywiper-new-wiper-malware-discovered-ukraine" ], "synonyms": [ "CaddyWiper" @@ -55974,7 +55974,14 @@ }, "related": [ { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "0af0ca99-357d-4ba1-805f-674fdfb7bef9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "34e793de-0274-4982-9c1a-246ed1c19dee", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -55995,7 +56002,7 @@ "type": "uses" }, { - "dest-uuid": "0af0ca99-357d-4ba1-805f-674fdfb7bef9", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -56008,13 +56015,6 @@ ], "type": "uses" }, - { - "dest-uuid": "34e793de-0274-4982-9c1a-246ed1c19dee", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", "tags": [ @@ -56035,8 +56035,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0377", - "https://www.welivesecurity.com/2014/02/21/an-in-depth-analysis-of-linuxebury/", "https://www.bleepingcomputer.com/news/security/russian-hacker-pleads-guilty-for-role-in-infamous-linux-ebury-malware/", + "https://www.welivesecurity.com/2014/02/21/an-in-depth-analysis-of-linuxebury/", "https://www.welivesecurity.com/2017/10/30/windigo-ebury-update-2/" ], "synonyms": [ @@ -56044,62 +56044,6 @@ ] }, "related": [ - { - "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "633a100c-b2c9-41bf-9be5-905c1b16c825", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "74d2a63f-3c7b-4852-92da-02d8fbab16da", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ @@ -56107,55 +56051,6 @@ ], "type": "uses" }, - { - "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "960c3c86-1480-4d72-b4e0-8c242e84a5c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "06c00069-771a-4d57-8ef5-d3718c1a8771", "tags": [ @@ -56177,12 +56072,117 @@ ], "type": "uses" }, + { + "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "633a100c-b2c9-41bf-9be5-905c1b16c825", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "74d2a63f-3c7b-4852-92da-02d8fbab16da", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "960c3c86-1480-4d72-b4e0-8c242e84a5c5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "d6b3fcd0-1c86-4350-96f0-965ed02fcc51", @@ -56197,50 +56197,15 @@ ], "refs": [ "https://attack.mitre.org/software/S0387", + "https://blog.rapid7.com/2013/06/07/keyboy-targeted-attacks-against-vietnam-and-india/", "https://citizenlab.ca/2016/11/parliament-keyboy/", - "https://www.pwc.co.uk/issues/cyber-security-data-privacy/research/the-keyboys-are-back-in-town.html", - "https://blog.rapid7.com/2013/06/07/keyboy-targeted-attacks-against-vietnam-and-india/" + "https://www.pwc.co.uk/issues/cyber-security-data-privacy/research/the-keyboys-are-back-in-town.html" ], "synonyms": [ "KeyBoy" ] }, "related": [ - { - "dest-uuid": "6836813e-8ec8-4375-b459-abb388cb1a35", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ @@ -56248,13 +56213,6 @@ ], "type": "uses" }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ @@ -56262,6 +56220,13 @@ ], "type": "uses" }, + { + "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ @@ -56269,48 +56234,6 @@ ], "type": "uses" }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ @@ -56325,6 +56248,48 @@ ], "type": "uses" }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6836813e-8ec8-4375-b459-abb388cb1a35", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "c325b232-d5bc-4dde-a3ec-71f3db9e8adc", "tags": [ @@ -56332,12 +56297,47 @@ ], "type": "uses" }, + { + "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "5dd649c0-bca4-488b-bd85-b180474ec62e", @@ -56359,6 +56359,13 @@ ] }, "related": [ + { + "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "16ab6452-c3c1-497c-a47d-206018ca1ada", "tags": [ @@ -56367,7 +56374,7 @@ "type": "uses" }, { - "dest-uuid": "f2857333-11d4-45bf-b064-2c28d8525be5", + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -56388,14 +56395,7 @@ "type": "uses" }, { - "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "dest-uuid": "f2857333-11d4-45bf-b064-2c28d8525be5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -56422,14 +56422,7 @@ }, "related": [ { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -56442,13 +56435,6 @@ ], "type": "uses" }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ @@ -56456,12 +56442,26 @@ ], "type": "uses" }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "cb444a16-3ea5-4a91-88c6-f329adcb8af3", @@ -56476,9 +56476,9 @@ ], "refs": [ "https://attack.mitre.org/software/S0398", - "https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/", "https://securelist.com/luckymouse-hits-national-data-center/86083/", - "https://thehackernews.com/2018/06/chinese-watering-hole-attack.html" + "https://thehackernews.com/2018/06/chinese-watering-hole-attack.html", + "https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/" ], "synonyms": [ "HyperBro" @@ -56492,6 +56492,20 @@ ], "type": "uses" }, + { + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ @@ -56500,7 +56514,35 @@ "type": "uses" }, { - "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -56521,49 +56563,7 @@ "type": "uses" }, { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -56587,13 +56587,6 @@ ] }, "related": [ - { - "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ @@ -56601,20 +56594,6 @@ ], "type": "uses" }, - { - "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ @@ -56629,12 +56608,33 @@ ], "type": "uses" }, + { + "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "aaf3fa65-8b27-4e68-91de-2b7738fe4c82", @@ -56663,34 +56663,6 @@ ], "type": "uses" }, - { - "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e4c347e9-fb91-4bc5-83b8-391e389131e2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "3dd58c80-4c2e-458c-9503-1b2cd273c4d2", "tags": [ @@ -56705,6 +56677,13 @@ ], "type": "uses" }, + { + "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", "tags": [ @@ -56713,7 +56692,7 @@ "type": "uses" }, { - "dest-uuid": "8e27551a-5080-4148-a584-c64348212e4f", + "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -56726,6 +56705,20 @@ ], "type": "uses" }, + { + "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8e27551a-5080-4148-a584-c64348212e4f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", "tags": [ @@ -56733,20 +56726,6 @@ ], "type": "uses" }, - { - "dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", "tags": [ @@ -56760,6 +56739,27 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e4c347e9-fb91-4bc5-83b8-391e389131e2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "c41a8b7c-3e42-4eee-b87d-ad8a100ee878", @@ -56782,7 +56782,14 @@ }, "related": [ { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -56796,7 +56803,7 @@ "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -56810,7 +56817,7 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -56824,7 +56831,63 @@ "type": "uses" }, { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "dest-uuid": "4eeaf8a9-c86b-4954-a663-9555fb406466", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -56845,35 +56908,14 @@ "type": "uses" }, { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -56885,48 +56927,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4eeaf8a9-c86b-4954-a663-9555fb406466", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "5763217a-05b6-4edd-9bca-057e47b5e403", @@ -56949,7 +56949,35 @@ }, "related": [ { - "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", + "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1b51f5bc-b97a-498a-8dbd-bc6b1901bf19", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "29e07491-8947-43a3-8d4e-9a787c45f3d3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "52eff1c7-dd30-4121-b762-24ae6fa61bbb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -56962,6 +56990,76 @@ ], "type": "uses" }, + { + "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "786f488c-cb1f-4602-89c5-86d982ee326b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bd4d32f5-eed4-4018-a649-40b229dd1d69", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e083305c-49e7-4c87-aae8-9689213bffbe", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", "tags": [ @@ -56976,110 +57074,12 @@ ], "type": "uses" }, - { - "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "29e07491-8947-43a3-8d4e-9a787c45f3d3", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "52eff1c7-dd30-4121-b762-24ae6fa61bbb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1b51f5bc-b97a-498a-8dbd-bc6b1901bf19", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bd4d32f5-eed4-4018-a649-40b229dd1d69", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "786f488c-cb1f-4602-89c5-86d982ee326b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "e083305c-49e7-4c87-aae8-9689213bffbe", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "aef537ba-10c2-40ed-a57a-80b8508aada4", @@ -57102,14 +57102,7 @@ }, "related": [ { - "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -57122,13 +57115,6 @@ ], "type": "uses" }, - { - "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967", "tags": [ @@ -57143,6 +57129,13 @@ ], "type": "uses" }, + { + "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ @@ -57151,7 +57144,14 @@ "type": "uses" }, { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -57178,6 +57178,13 @@ ] }, "related": [ + { + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ @@ -57185,27 +57192,6 @@ ], "type": "uses" }, - { - "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec", "tags": [ @@ -57214,7 +57200,28 @@ "type": "uses" }, { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -57228,7 +57235,21 @@ "type": "uses" }, { - "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -57254,27 +57275,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "5864e59f-eb4c-43ad-83b2-b5e4fae056c9", @@ -57289,14 +57289,28 @@ ], "refs": [ "https://attack.mitre.org/software/S0464", - "https://unit42.paloaltonetworks.com/unit42-the-fractured-block-campaign-carrotbat-malware-used-to-deliver-malware-targeting-southeast-asia/", - "https://unit42.paloaltonetworks.com/the-fractured-statue-campaign-u-s-government-targeted-in-spear-phishing-attacks/" + "https://unit42.paloaltonetworks.com/the-fractured-statue-campaign-u-s-government-targeted-in-spear-phishing-attacks/", + "https://unit42.paloaltonetworks.com/unit42-the-fractured-block-campaign-carrotbat-malware-used-to-deliver-malware-targeting-southeast-asia/" ], "synonyms": [ "SYSCON" ] }, "related": [ + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ @@ -57311,26 +57325,12 @@ ], "type": "uses" }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "edf5aee2-9b1c-4252-8e64-25b12f14c8b3", @@ -57345,10 +57345,10 @@ ], "refs": [ "https://attack.mitre.org/software/S0446", + "https://www.bleepingcomputer.com/news/security/ryuk-ransomware-uses-wake-on-lan-to-encrypt-offline-devices/", "https://www.crowdstrike.com/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware/", "https://www.fireeye.com/blog/threat-research/2019/01/a-nasty-trick-from-credential-theft-malware-to-business-disruption.html", - "https://www.fireeye.com/blog/threat-research/2019/04/pick-six-intercepting-a-fin6-intrusion.html", - "https://www.bleepingcomputer.com/news/security/ryuk-ransomware-uses-wake-on-lan-to-encrypt-offline-devices/" + "https://www.fireeye.com/blog/threat-research/2019/04/pick-six-intercepting-a-fin6-intrusion.html" ], "synonyms": [ "Ryuk" @@ -57356,35 +57356,7 @@ }, "related": [ { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -57398,28 +57370,7 @@ "type": "uses" }, { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -57432,6 +57383,34 @@ ], "type": "uses" }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "451a9977-d255-43c9-b431-66de80130c8c", "tags": [ @@ -57447,14 +57426,28 @@ "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -57468,14 +57461,14 @@ "type": "uses" }, { - "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -57489,14 +57482,14 @@ "type": "uses" }, { - "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", + "dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -57508,6 +57501,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "a020a61c-423f-4195-8c46-ba1d21abba37", @@ -57522,37 +57522,16 @@ ], "refs": [ "https://attack.mitre.org/software/S0447", - "https://insights.infoblox.com/threat-intelligence-reports/threat-intelligence--22", "https://blog.morphisec.com/lokibot-with-autoit-obfuscator-frenchy-shellcode", - "https://us-cert.cisa.gov/ncas/alerts/aa20-266a", - "https://blog.talosintelligence.com/2021/01/a-deep-dive-into-lokibot-infection-chain.html" + "https://blog.talosintelligence.com/2021/01/a-deep-dive-into-lokibot-infection-chain.html", + "https://insights.infoblox.com/threat-intelligence-reports/threat-intelligence--22", + "https://us-cert.cisa.gov/ncas/alerts/aa20-266a" ], "synonyms": [ "Lokibot" ] }, "related": [ - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ @@ -57560,104 +57539,6 @@ ], "type": "uses" }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4933e63b-9b77-476e-ab29-761bc5b7d15a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ @@ -57666,7 +57547,21 @@ "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -57680,14 +57575,7 @@ "type": "uses" }, { - "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -57707,6 +57595,13 @@ ], "type": "uses" }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", "tags": [ @@ -57714,6 +57609,13 @@ ], "type": "uses" }, + { + "dest-uuid": "4933e63b-9b77-476e-ab29-761bc5b7d15a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", "tags": [ @@ -57722,7 +57624,105 @@ "type": "uses" }, { - "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -57741,9 +57741,9 @@ ], "refs": [ "https://attack.mitre.org/software/S0484", - "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/carberp", "https://securelist.com/the-great-bank-robbery-the-carbanak-apt/68732/", - "https://www.rsa.com/content/dam/en/white-paper/the-carbanak-fin7-syndicate.pdf" + "https://www.rsa.com/content/dam/en/white-paper/the-carbanak-fin7-syndicate.pdf", + "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/carberp" ], "synonyms": [ "Carberp" @@ -57751,28 +57751,7 @@ }, "related": [ { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "dest-uuid": "01327cde-66c4-4123-bf34-5f258d59457b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -57786,42 +57765,7 @@ "type": "uses" }, { - "dest-uuid": "01327cde-66c4-4123-bf34-5f258d59457b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "544b0346-29ad-41e1-a808-501bb4193f47", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -57835,77 +57779,21 @@ "type": "uses" }, { - "dest-uuid": "82caa33e-d11a-433a-94ea-9b5a5fbef81d", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f5946b5e-9408-485f-a7f7-b5efc88909b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7c0f17c9-1af6-4628-9cbd-9e45482dd605", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -57918,12 +57806,124 @@ ], "type": "uses" }, + { + "dest-uuid": "544b0346-29ad-41e1-a808-501bb4193f47", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7c0f17c9-1af6-4628-9cbd-9e45482dd605", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "82caa33e-d11a-433a-94ea-9b5a5fbef81d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f5946b5e-9408-485f-a7f7-b5efc88909b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "bbcd7a02-ef24-4171-ac94-a93540173b94", @@ -57938,9 +57938,9 @@ ], "refs": [ "https://attack.mitre.org/software/S0449", + "https://news.sophos.com/en-us/2020/09/17/maze-attackers-adopt-ragnar-locker-virtual-machine-technique/", "https://www.fireeye.com/blog/threat-research/2020/05/tactics-techniques-procedures-associated-with-maze-ransomware-incidents.html", - "https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ransomware-maze/", - "https://news.sophos.com/en-us/2020/09/17/maze-attackers-adopt-ragnar-locker-virtual-machine-technique/" + "https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ransomware-maze/" ], "synonyms": [ "Maze" @@ -57948,7 +57948,42 @@ }, "related": [ { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -57968,6 +58003,13 @@ ], "type": "uses" }, + { + "dest-uuid": "7bd9c723-2f78-4309-82c5-47cad406572b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", "tags": [ @@ -57975,97 +58017,6 @@ ], "type": "uses" }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ff73aa03-0090-4464-83ac-f89e233c02bc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c1b68a96-3c48-49ea-a6c0-9b27359f9c19", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "tags": [ @@ -58080,6 +58031,27 @@ ], "type": "uses" }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b5327dd1-6bf9-4785-a199-25bcbd1f4a9d", "tags": [ @@ -58088,7 +58060,14 @@ "type": "uses" }, { - "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", + "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c1b68a96-3c48-49ea-a6c0-9b27359f9c19", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -58102,7 +58081,28 @@ "type": "uses" }, { - "dest-uuid": "7bd9c723-2f78-4309-82c5-47cad406572b", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ff73aa03-0090-4464-83ac-f89e233c02bc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -58129,14 +58129,14 @@ }, "related": [ { - "dest-uuid": "351c0927-2fc1-4a2c-ad84-cbbee7eb8172", + "dest-uuid": "039bc59c-ecc7-4997-b2b4-4ab728bd91aa", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d1f1337e-aea7-454c-86bd-482a98ffaf62", + "dest-uuid": "351c0927-2fc1-4a2c-ad84-cbbee7eb8172", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -58149,6 +58149,20 @@ ], "type": "uses" }, + { + "dest-uuid": "c5089859-b21f-40a3-8be4-63e381b8b1c0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cde2cb84-455e-410c-8aa9-086f2788bcd2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", "tags": [ @@ -58156,6 +58170,13 @@ ], "type": "uses" }, + { + "dest-uuid": "d1f1337e-aea7-454c-86bd-482a98ffaf62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a", "tags": [ @@ -58169,27 +58190,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "c5089859-b21f-40a3-8be4-63e381b8b1c0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "039bc59c-ecc7-4997-b2b4-4ab728bd91aa", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cde2cb84-455e-410c-8aa9-086f2788bcd2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "22faaa56-a8ac-4292-9be6-b571b255ee40", @@ -58212,7 +58212,14 @@ }, "related": [ { - "dest-uuid": "c6a146ae-9c63-4606-97ff-e261e76e8380", + "dest-uuid": "00290ac5-551e-44aa-bbd8-c4b913488a6d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -58226,7 +58233,7 @@ "type": "uses" }, { - "dest-uuid": "f981d199-2720-467e-9dc9-eea04dbe05cf", + "dest-uuid": "52eff1c7-dd30-4121-b762-24ae6fa61bbb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -58239,6 +58246,13 @@ ], "type": "uses" }, + { + "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "786f488c-cb1f-4602-89c5-86d982ee326b", "tags": [ @@ -58246,34 +58260,6 @@ ], "type": "uses" }, - { - "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "00290ac5-551e-44aa-bbd8-c4b913488a6d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1f1337e-aea7-454c-86bd-482a98ffaf62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bd4d32f5-eed4-4018-a649-40b229dd1d69", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "b327a9c0-e709-495c-aa6e-00b042136e2b", "tags": [ @@ -58282,7 +58268,28 @@ "type": "uses" }, { - "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", + "dest-uuid": "bd4d32f5-eed4-4018-a649-40b229dd1d69", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c6a146ae-9c63-4606-97ff-e261e76e8380", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1f1337e-aea7-454c-86bd-482a98ffaf62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -58296,14 +58303,7 @@ "type": "uses" }, { - "dest-uuid": "52eff1c7-dd30-4121-b762-24ae6fa61bbb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", + "dest-uuid": "f981d199-2720-467e-9dc9-eea04dbe05cf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -58322,8 +58322,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0554", - "https://digital.nhs.uk/cyber-alerts/2020/cc-3681#summary", "https://cybleinc.com/2020/10/31/egregor-ransomware-a-deep-dive-into-its-activities-and-techniques/", + "https://digital.nhs.uk/cyber-alerts/2020/cc-3681#summary", "https://securityboulevard.com/2020/10/egregor-sekhmets-cousin/" ], "synonyms": [ @@ -58332,70 +58332,7 @@ }, "related": [ { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "82caa33e-d11a-433a-94ea-9b5a5fbef81d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -58408,6 +58345,27 @@ ], "type": "uses" }, + { + "dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ @@ -58416,28 +58374,14 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ae676644-d2d2-41b7-af7e-9bed1b55898c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -58458,35 +58402,28 @@ "type": "uses" }, { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "c8e87b83-edbb-48d4-9295-4974897525b7", + "dest-uuid": "82caa33e-d11a-433a-94ea-9b5a5fbef81d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -58500,7 +58437,70 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "ae676644-d2d2-41b7-af7e-9bed1b55898c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c8e87b83-edbb-48d4-9295-4974897525b7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -58528,146 +58528,6 @@ ] }, "related": [ - { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0a5231ec-41af-4a35-83d0-6bdf11f28c65", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ @@ -58675,55 +58535,6 @@ ], "type": "uses" }, - { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9c99724c-a483-4d60-ad9d-7f004e42e8e8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f7827069-0bf2-4764-af4f-23fae0d181b7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ @@ -58732,42 +58543,70 @@ "type": "uses" }, { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "82caa33e-d11a-433a-94ea-9b5a5fbef81d", + "dest-uuid": "0a5231ec-41af-4a35-83d0-6bdf11f28c65", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", + "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -58781,42 +58620,56 @@ "type": "uses" }, { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "a2029942-0a85-4947-b23c-ca434698171d", + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d0613359-5781-4fd2-b5be-c269270be1f6", + "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "82caa33e-d11a-433a-94ea-9b5a5fbef81d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -58836,6 +58689,76 @@ ], "type": "uses" }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9c99724c-a483-4d60-ad9d-7f004e42e8e8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a2029942-0a85-4947-b23c-ca434698171d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", "tags": [ @@ -58844,7 +58767,84 @@ "type": "uses" }, { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "dest-uuid": "d0613359-5781-4fd2-b5be-c269270be1f6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f7827069-0bf2-4764-af4f-23fae0d181b7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -58871,14 +58871,14 @@ }, "related": [ { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -58891,6 +58891,13 @@ ], "type": "uses" }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ @@ -58899,14 +58906,7 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -58932,20 +58932,6 @@ ] }, "related": [ - { - "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ @@ -58954,14 +58940,21 @@ "type": "uses" }, { - "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", + "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", + "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -58980,6 +58973,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "471d0e9f-2c8a-4e4b-8f3b-f85d2407806e", @@ -58994,8 +58994,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0546", - "https://www.cybereason.com/hubfs/dam/collateral/reports/Molerats-in-the-Cloud-New-Malware-Arsenal-Abuses-Cloud-Platforms-in-Middle-East-Espionage-Campaign.pdf", - "https://www.bleepingcomputer.com/news/security/hacking-group-s-new-malware-abuses-google-and-facebook-services/" + "https://www.bleepingcomputer.com/news/security/hacking-group-s-new-malware-abuses-google-and-facebook-services/", + "https://www.cybereason.com/hubfs/dam/collateral/reports/Molerats-in-the-Cloud-New-Malware-Arsenal-Abuses-Cloud-Platforms-in-Middle-East-Espionage-Campaign.pdf" ], "synonyms": [ "SharpStage" @@ -59010,7 +59010,14 @@ "type": "uses" }, { - "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -59031,14 +59038,7 @@ "type": "uses" }, { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -59051,13 +59051,6 @@ ], "type": "uses" }, - { - "dest-uuid": "c1b68a96-3c48-49ea-a6c0-9b27359f9c19", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ @@ -59066,14 +59059,21 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "c1b68a96-3c48-49ea-a6c0-9b27359f9c19", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -59100,14 +59100,14 @@ }, "related": [ { - "dest-uuid": "f7c0689c-4dbd-489b-81be-7cb7c7079ade", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -59121,21 +59121,7 @@ "type": "uses" }, { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -59155,6 +59141,13 @@ ], "type": "uses" }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ @@ -59163,7 +59156,14 @@ "type": "uses" }, { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f7c0689c-4dbd-489b-81be-7cb7c7079ade", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -59190,7 +59190,7 @@ }, "related": [ { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -59203,13 +59203,6 @@ ], "type": "uses" }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", "tags": [ @@ -59218,7 +59211,7 @@ "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -59232,28 +59225,28 @@ "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "dest-uuid": "79a47ad0-fc3b-4821-9f01-a026b1ddba21", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -59267,14 +59260,21 @@ "type": "uses" }, { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "79a47ad0-fc3b-4821-9f01-a026b1ddba21", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -59295,7 +59295,7 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -59314,8 +59314,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0547", - "https://www.cybereason.com/hubfs/dam/collateral/reports/Molerats-in-the-Cloud-New-Malware-Arsenal-Abuses-Cloud-Platforms-in-Middle-East-Espionage-Campaign.pdf", - "https://www.bleepingcomputer.com/news/security/hacking-group-s-new-malware-abuses-google-and-facebook-services/" + "https://www.bleepingcomputer.com/news/security/hacking-group-s-new-malware-abuses-google-and-facebook-services/", + "https://www.cybereason.com/hubfs/dam/collateral/reports/Molerats-in-the-Cloud-New-Malware-Arsenal-Abuses-Cloud-Platforms-in-Middle-East-Espionage-Campaign.pdf" ], "synonyms": [ "DropBook" @@ -59323,7 +59323,21 @@ }, "related": [ { - "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "40597f16-0963-4249-bf4c-ac93b7fb9807", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -59336,6 +59350,13 @@ ], "type": "uses" }, + { + "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "c1b68a96-3c48-49ea-a6c0-9b27359f9c19", "tags": [ @@ -59357,27 +59378,6 @@ ], "type": "uses" }, - { - "dest-uuid": "40597f16-0963-4249-bf4c-ac93b7fb9807", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ @@ -59413,42 +59413,7 @@ "type": "uses" }, { - "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -59462,28 +59427,7 @@ "type": "uses" }, { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -59496,6 +59440,62 @@ ], "type": "uses" }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ @@ -59504,14 +59504,14 @@ "type": "uses" }, { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", + "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -59552,20 +59552,6 @@ ], "type": "uses" }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", "tags": [ @@ -59574,28 +59560,7 @@ "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -59609,14 +59574,21 @@ "type": "uses" }, { - "dest-uuid": "573ad264-1371-4ae0-8482-d2673b719dba", + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -59630,21 +59602,21 @@ "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", + "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", + "dest-uuid": "573ad264-1371-4ae0-8482-d2673b719dba", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -59665,14 +59637,42 @@ "type": "uses" }, { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -59703,7 +59703,35 @@ }, "related": [ { - "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2bb20118-e6c0-41dc-a07c-283ea4dd0fb8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3911658a-6506-4deb-9ab4-595a51ae71ad", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "39dd7871-f59b-495f-a9a5-3cb8cc50c9b2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3dd58c80-4c2e-458c-9503-1b2cd273c4d2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -59716,6 +59744,132 @@ ], "type": "uses" }, + { + "dest-uuid": "60623164-ccd8-4508-a141-b5a34820b3de", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "702055ac-4e54-4ae9-9527-e23a38e0b160", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "73c26732-6422-4081-8b63-6d0ae93d449e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "786f488c-cb1f-4602-89c5-86d982ee326b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "82f04b1e-5371-4a6f-be06-411f0f43b483", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8e27551a-5080-4148-a584-c64348212e4f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "948a447c-d783-4ba0-8516-a64140fcacd5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b327a9c0-e709-495c-aa6e-00b042136e2b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c6a146ae-9c63-4606-97ff-e261e76e8380", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cde2cb84-455e-410c-8aa9-086f2788bcd2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1f1337e-aea7-454c-86bd-482a98ffaf62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", "tags": [ @@ -59729,160 +59883,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "73c26732-6422-4081-8b63-6d0ae93d449e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2bb20118-e6c0-41dc-a07c-283ea4dd0fb8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cde2cb84-455e-410c-8aa9-086f2788bcd2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "786f488c-cb1f-4602-89c5-86d982ee326b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8e27551a-5080-4148-a584-c64348212e4f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3dd58c80-4c2e-458c-9503-1b2cd273c4d2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3911658a-6506-4deb-9ab4-595a51ae71ad", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "60623164-ccd8-4508-a141-b5a34820b3de", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1f1337e-aea7-454c-86bd-482a98ffaf62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "39dd7871-f59b-495f-a9a5-3cb8cc50c9b2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c6a146ae-9c63-4606-97ff-e261e76e8380", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "82f04b1e-5371-4a6f-be06-411f0f43b483", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "948a447c-d783-4ba0-8516-a64140fcacd5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "702055ac-4e54-4ae9-9527-e23a38e0b160", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b327a9c0-e709-495c-aa6e-00b042136e2b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "52c994fa-b6c8-45a8-9586-a4275cf19307", @@ -59897,8 +59897,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0458", - "https://www.welivesecurity.com/2020/05/13/ramsay-cyberespionage-toolkit-airgapped-networks/", - "https://www.programmersought.com/article/62493896999/" + "https://www.programmersought.com/article/62493896999/", + "https://www.welivesecurity.com/2020/05/13/ramsay-cyberespionage-toolkit-airgapped-networks/" ], "synonyms": [ "Ramsay" @@ -59906,119 +59906,21 @@ }, "related": [ { - "dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "246fd3c7-f5e3-466d-8787-4c13d9e3b61c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -60032,14 +59934,21 @@ "type": "uses" }, { - "dest-uuid": "cc89ecbd-3d33-4a41-bcca-001e702d18fd", + "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -60053,7 +59962,126 @@ "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "246fd3c7-f5e3-466d-8787-4c13d9e3b61c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -60074,14 +60102,14 @@ "type": "uses" }, { - "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -60095,49 +60123,14 @@ "type": "uses" }, { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -60151,28 +60144,35 @@ "type": "uses" }, { - "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", + "dest-uuid": "cc89ecbd-3d33-4a41-bcca-001e702d18fd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -60200,21 +60200,42 @@ }, "related": [ { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "ad255bfe-a9e6-4b52-a258-8d3462abe842", + "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -60235,42 +60256,7 @@ "type": "uses" }, { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c3888c54-775d-4b2f-b759-75a2ececcbfd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -60284,7 +60270,49 @@ "type": "uses" }, { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "dest-uuid": "ad255bfe-a9e6-4b52-a258-8d3462abe842", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c3888c54-775d-4b2f-b759-75a2ececcbfd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d467bc38-284b-4a00-96ac-125f447799fc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -60304,40 +60332,12 @@ ], "type": "uses" }, - { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d467bc38-284b-4a00-96ac-125f447799fc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "4b346d12-7f91-48d2-8f06-b26ffa0d825b", @@ -60359,41 +60359,6 @@ ] }, "related": [ - { - "dest-uuid": "ed2c05a1-4f81-4d97-9e1b-aff01c34ae84", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cde2cb84-455e-410c-8aa9-086f2788bcd2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", "tags": [ @@ -60401,55 +60366,6 @@ ], "type": "uses" }, - { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8e27551a-5080-4148-a584-c64348212e4f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cf28ca46-1fd3-46b4-b1f6-ec0b72361848", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", "tags": [ @@ -60457,12 +60373,96 @@ ], "type": "uses" }, + { + "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8e27551a-5080-4148-a584-c64348212e4f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b327a9c0-e709-495c-aa6e-00b042136e2b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "cde2cb84-455e-410c-8aa9-086f2788bcd2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cf28ca46-1fd3-46b4-b1f6-ec0b72361848", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ed2c05a1-4f81-4d97-9e1b-aff01c34ae84", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "ddbe5657-e21e-4a89-8221-2f1362d397ec", @@ -60484,6 +60484,13 @@ ] }, "related": [ + { + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ @@ -60491,34 +60498,6 @@ ], "type": "uses" }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ @@ -60527,14 +60506,35 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -60561,28 +60561,7 @@ }, "related": [ { - "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -60596,14 +60575,7 @@ "type": "uses" }, { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", + "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -60617,7 +60589,35 @@ "type": "uses" }, { - "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -60631,7 +60631,7 @@ "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -60657,20 +60657,6 @@ ] }, "related": [ - { - "dest-uuid": "451a9977-d255-43c9-b431-66de80130c8c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ @@ -60678,41 +60664,6 @@ ], "type": "uses" }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ @@ -60720,6 +60671,20 @@ ], "type": "uses" }, + { + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "451a9977-d255-43c9-b431-66de80130c8c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "565275d5-fcc3-4b66-b4e7-928e4cac6b8c", "tags": [ @@ -60727,6 +60692,20 @@ ], "type": "uses" }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", "tags": [ @@ -60734,6 +60713,27 @@ ], "type": "uses" }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ @@ -60761,57 +60761,15 @@ ], "refs": [ "https://attack.mitre.org/software/S0466", - "https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1554718868.pdf", "https://objective-see.com/blog/blog_0x3B.html", - "https://objective-see.com/blog/blog_0x3D.html" + "https://objective-see.com/blog/blog_0x3D.html", + "https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1554718868.pdf" ], "synonyms": [ "WindTail" ] }, "related": [ - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ @@ -60819,27 +60777,6 @@ ], "type": "uses" }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", "tags": [ @@ -60848,7 +60785,14 @@ "type": "uses" }, { - "dest-uuid": "b4b7458f-81f2-4d38-84be-1c5ba0167a52", + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -60862,7 +60806,63 @@ "type": "uses" }, { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b4b7458f-81f2-4d38-84be-1c5ba0167a52", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -60889,42 +60889,14 @@ }, "related": [ { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -60938,28 +60910,14 @@ "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -60979,41 +60937,6 @@ ], "type": "uses" }, - { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f7827069-0bf2-4764-af4f-23fae0d181b7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ @@ -61021,20 +60944,6 @@ ], "type": "uses" }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ @@ -61042,6 +60951,69 @@ ], "type": "uses" }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ @@ -61049,6 +61021,34 @@ ], "type": "uses" }, + { + "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f7827069-0bf2-4764-af4f-23fae0d181b7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", "tags": [ @@ -61077,126 +61077,7 @@ }, "related": [ { - "dest-uuid": "41868330-6ee2-4d0f-b743-9f2294c3c9b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0a5231ec-41af-4a35-83d0-6bdf11f28c65", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -61210,21 +61091,70 @@ "type": "uses" }, { - "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", + "dest-uuid": "0a5231ec-41af-4a35-83d0-6bdf11f28c65", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", + "dest-uuid": "10ffac09-e42d-4f56-ab20-db94c67d76ff", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "41868330-6ee2-4d0f-b743-9f2294c3c9b6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -61238,7 +61168,77 @@ "type": "uses" }, { - "dest-uuid": "10ffac09-e42d-4f56-ab20-db94c67d76ff", + "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -61266,105 +61266,7 @@ }, "related": [ { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f7c0689c-4dbd-489b-81be-7cb7c7079ade", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -61378,7 +61280,7 @@ "type": "uses" }, { - "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -61390,6 +61292,104 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f7c0689c-4dbd-489b-81be-7cb7c7079ade", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "350f12cf-fd3b-4dad-b323-14b943090df4", @@ -61404,8 +61404,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0476", - "https://www.cybereason.com/blog/valak-more-than-meets-the-eye", - "https://unit42.paloaltonetworks.com/valak-evolution/" + "https://unit42.paloaltonetworks.com/valak-evolution/", + "https://www.cybereason.com/blog/valak-more-than-meets-the-eye" ], "synonyms": [ "Valak" @@ -61419,118 +61419,6 @@ ], "type": "uses" }, - { - "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "341e222a-a6e3-4f6f-b69c-831d792b1580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f2857333-11d4-45bf-b064-2c28d8525be5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ @@ -61538,41 +61426,6 @@ ], "type": "uses" }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "84e02621-8fdf-470f-bd58-993bb6a89d91", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ @@ -61581,7 +61434,21 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -61595,28 +61462,14 @@ "type": "uses" }, { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d336b553-5da9-46ca-98a8-0b23f49fb447", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -61629,6 +61482,111 @@ ], "type": "uses" }, + { + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "341e222a-a6e3-4f6f-b69c-831d792b1580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "84e02621-8fdf-470f-bd58-993bb6a89d91", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", "tags": [ @@ -61636,12 +61594,54 @@ ], "type": "uses" }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d336b553-5da9-46ca-98a8-0b23f49fb447", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "f2857333-11d4-45bf-b064-2c28d8525be5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "ade37ada-14af-4b44-b36c-210eec255d53", @@ -61663,13 +61663,6 @@ ] }, "related": [ - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ @@ -61678,14 +61671,21 @@ "type": "uses" }, { - "dest-uuid": "960c3c86-1480-4d72-b4e0-8c242e84a5c5", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -61706,7 +61706,7 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "960c3c86-1480-4d72-b4e0-8c242e84a5c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -61720,7 +61720,7 @@ "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -61746,41 +61746,6 @@ ] }, "related": [ - { - "dest-uuid": "6b57dc31-b814-4a03-8706-28bc20d739c4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2acf44aa-542f-4366-b4eb-55ef5747759c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a1b52199-c8c5-438a-9ded-656f1d0888c6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "06c00069-771a-4d57-8ef5-d3718c1a8771", "tags": [ @@ -61788,34 +61753,6 @@ ], "type": "uses" }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cd25c1b4-935c-4f0e-ba8d-552f28bc4783", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", "tags": [ @@ -61823,13 +61760,6 @@ ], "type": "uses" }, - { - "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ @@ -61838,7 +61768,28 @@ "type": "uses" }, { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "2acf44aa-542f-4366-b4eb-55ef5747759c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6b57dc31-b814-4a03-8706-28bc20d739c4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -61852,7 +61803,56 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a1b52199-c8c5-438a-9ded-656f1d0888c6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cd25c1b4-935c-4f0e-ba8d-552f28bc4783", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -61878,27 +61878,6 @@ ] }, "related": [ - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ @@ -61907,7 +61886,7 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -61921,7 +61900,28 @@ "type": "uses" }, { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -61948,34 +61948,6 @@ ] }, "related": [ - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ @@ -61998,14 +61970,14 @@ "type": "uses" }, { - "dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -62019,7 +61991,14 @@ "type": "uses" }, { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "dest-uuid": "2d3f5b3c-54ca-4f4d-bb1f-849346d31230", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -62040,28 +62019,7 @@ "type": "uses" }, { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ca9d3402-ada3-484d-876a-d717bd6e05f2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -62075,14 +62033,49 @@ "type": "uses" }, { - "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "2d3f5b3c-54ca-4f4d-bb1f-849346d31230", + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ca9d3402-ada3-484d-876a-d717bd6e05f2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -62094,6 +62087,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "7e0f8b0f-716e-494d-827e-310bd6ed709e", @@ -62116,7 +62116,42 @@ }, "related": [ { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -62129,6 +62164,27 @@ ], "type": "uses" }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e4dc8c01-417f-458d-9ee0-bb0617c1b391", "tags": [ @@ -62143,62 +62199,6 @@ ], "type": "uses" }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", "tags": [ @@ -62220,16 +62220,16 @@ "refs": [ "https://attack.mitre.org/software/S0496", "https://blog.talosintelligence.com/2019/04/sodinokibi-ransomware-exploits-weblogic.html", - "https://www.secureworks.com/research/revil-sodinokibi-ransomware", - "https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html", - "https://www.group-ib.com/whitepapers/ransomware-uncovered.html", - "https://www.gdatasoftware.com/blog/2019/06/31724-strange-bits-sodinokibi-spam-cinarat-and-fake-g-data", "https://intel471.com/blog/revil-ransomware-as-a-service-an-analysis-of-a-ransomware-affiliate-operation/", "https://securelist.com/sodin-ransomware/91473/", + "https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html", + "https://www.gdatasoftware.com/blog/2019/06/31724-strange-bits-sodinokibi-spam-cinarat-and-fake-g-data", + "https://www.group-ib.com/whitepapers/ransomware-uncovered.html", + "https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-crescendo/", "https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-what-the-code-tells-us/", "https://www.picussecurity.com/blog/a-brief-history-and-further-technical-analysis-of-sodinokibi-ransomware", - "https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-crescendo/", "https://www.secureworks.com/blog/revil-the-gandcrab-connection", + "https://www.secureworks.com/research/revil-sodinokibi-ransomware", "https://www.tetradefense.com/incident-response-services/cause-and-effect-sodinokibi-ransomware-analysis" ], "synonyms": [ @@ -62240,21 +62240,7 @@ }, "related": [ { - "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -62268,14 +62254,7 @@ "type": "uses" }, { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c1b68a96-3c48-49ea-a6c0-9b27359f9c19", + "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -62288,69 +62267,6 @@ ], "type": "uses" }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "28170e17-8384-415c-8486-2e6b294cb803", "tags": [ @@ -62358,27 +62274,6 @@ ], "type": "uses" }, - { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "677569f9-a8b0-459e-ab24-7f18091fa7bf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c", "tags": [ @@ -62387,56 +62282,21 @@ "type": "uses" }, { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "86850eff-2729-40c3-b85e-c4af26da4a2d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -62449,6 +62309,76 @@ ], "type": "uses" }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "677569f9-a8b0-459e-ab24-7f18091fa7bf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "86850eff-2729-40c3-b85e-c4af26da4a2d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", "tags": [ @@ -62456,12 +62386,82 @@ ], "type": "uses" }, + { + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c1b68a96-3c48-49ea-a6c0-9b27359f9c19", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5", @@ -62484,21 +62484,14 @@ }, "related": [ { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -62511,6 +62504,41 @@ ], "type": "uses" }, + { + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", "tags": [ @@ -62518,6 +62546,13 @@ ], "type": "uses" }, + { + "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ @@ -62525,6 +62560,41 @@ ], "type": "uses" }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ @@ -62538,76 +62608,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "eac3d77f-2b7b-4599-ba74-948dc16633ad", @@ -62629,62 +62629,6 @@ ] }, "related": [ - { - "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "73c26732-6422-4081-8b63-6d0ae93d449e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3dd58c80-4c2e-458c-9503-1b2cd273c4d2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bd4d32f5-eed4-4018-a649-40b229dd1d69", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ed2c05a1-4f81-4d97-9e1b-aff01c34ae84", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", "tags": [ @@ -62693,7 +62637,7 @@ "type": "uses" }, { - "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "dest-uuid": "3dd58c80-4c2e-458c-9503-1b2cd273c4d2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -62713,12 +62657,68 @@ ], "type": "uses" }, + { + "dest-uuid": "73c26732-6422-4081-8b63-6d0ae93d449e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "a8c31121-852b-46bd-9ba4-674ae5afe7ad", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bd4d32f5-eed4-4018-a649-40b229dd1d69", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ed2c05a1-4f81-4d97-9e1b-aff01c34ae84", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "aecc0097-c9f8-4786-9b39-e891ff173f54", @@ -62741,21 +62741,7 @@ }, "related": [ { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -62769,21 +62755,7 @@ "type": "uses" }, { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c3888c54-775d-4b2f-b759-75a2ececcbfd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -62797,14 +62769,7 @@ "type": "uses" }, { - "dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "960c3c86-1480-4d72-b4e0-8c242e84a5c5", + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -62818,21 +62783,56 @@ "type": "uses" }, { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "960c3c86-1480-4d72-b4e0-8c242e84a5c5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c3888c54-775d-4b2f-b759-75a2ececcbfd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -62862,7 +62862,42 @@ }, "related": [ { - "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", + "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "573ad264-1371-4ae0-8482-d2673b719dba", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d10cbd34-42e3-45c0-84d2-535a09849584", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -62883,42 +62918,7 @@ "type": "uses" }, { - "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d10cbd34-42e3-45c0-84d2-535a09849584", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "573ad264-1371-4ae0-8482-d2673b719dba", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -62944,27 +62944,6 @@ ] }, "related": [ - { - "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", "tags": [ @@ -62972,62 +62951,6 @@ ], "type": "uses" }, - { - "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8e27551a-5080-4148-a584-c64348212e4f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "39dd7871-f59b-495f-a9a5-3cb8cc50c9b2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1b51f5bc-b97a-498a-8dbd-bc6b1901bf19", "tags": [ @@ -63036,7 +62959,28 @@ "type": "uses" }, { - "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "dest-uuid": "39dd7871-f59b-495f-a9a5-3cb8cc50c9b2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -63056,12 +63000,68 @@ ], "type": "uses" }, + { + "dest-uuid": "79eec66a-9bd0-4a3f-ac82-19159e94bd44", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8e27551a-5080-4148-a584-c64348212e4f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b327a9c0-e709-495c-aa6e-00b042136e2b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "dfdac962-9461-47f0-a212-36dfce2a97e6", @@ -63083,6 +63083,20 @@ ] }, "related": [ + { + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ @@ -63090,6 +63104,20 @@ ], "type": "uses" }, + { + "dest-uuid": "b8902400-e6c5-4ba2-95aa-2d35b442b118", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ @@ -63103,34 +63131,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b8902400-e6c5-4ba2-95aa-2d35b442b118", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "a04d9a4c-bb52-40bf-98ec-e350c2d6a862", @@ -63162,21 +63162,7 @@ "type": "uses" }, { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "82caa33e-d11a-433a-94ea-9b5a5fbef81d", + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -63190,7 +63176,14 @@ "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -63204,28 +63197,7 @@ "type": "uses" }, { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "82caa33e-d11a-433a-94ea-9b5a5fbef81d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -63239,7 +63211,35 @@ "type": "uses" }, { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -63266,7 +63266,35 @@ }, "related": [ { - "dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a", + "dest-uuid": "0d95940f-9583-4e0f-824c-a42c1be47fad", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "52eff1c7-dd30-4121-b762-24ae6fa61bbb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -63287,28 +63315,7 @@ "type": "uses" }, { - "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "52eff1c7-dd30-4121-b762-24ae6fa61bbb", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0d95940f-9583-4e0f-824c-a42c1be47fad", + "dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -63322,14 +63329,7 @@ "type": "uses" }, { - "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ed2c05a1-4f81-4d97-9e1b-aff01c34ae84", + "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -63343,7 +63343,7 @@ "type": "uses" }, { - "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", + "dest-uuid": "ed2c05a1-4f81-4d97-9e1b-aff01c34ae84", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -63370,28 +63370,7 @@ }, "related": [ { - "dest-uuid": "b327a9c0-e709-495c-aa6e-00b042136e2b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6", + "dest-uuid": "2f0e8d80-4b8b-4f4a-b5cc-132afe7e057d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -63405,49 +63384,7 @@ "type": "uses" }, { - "dest-uuid": "73c26732-6422-4081-8b63-6d0ae93d449e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e083305c-49e7-4c87-aae8-9689213bffbe", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3c2e5de-0941-4b57-ba61-af029eb5517a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2f0e8d80-4b8b-4f4a-b5cc-132afe7e057d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "fd658820-cbba-4c95-8ac9-0fac6b1099e2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c6a146ae-9c63-4606-97ff-e261e76e8380", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -63461,7 +63398,21 @@ "type": "uses" }, { - "dest-uuid": "c5089859-b21f-40a3-8be4-63e381b8b1c0", + "dest-uuid": "702055ac-4e54-4ae9-9527-e23a38e0b160", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "73c26732-6422-4081-8b63-6d0ae93d449e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -63475,14 +63426,63 @@ "type": "uses" }, { - "dest-uuid": "702055ac-4e54-4ae9-9527-e23a38e0b160", + "dest-uuid": "b327a9c0-e709-495c-aa6e-00b042136e2b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", + "dest-uuid": "b3c2e5de-0941-4b57-ba61-af029eb5517a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c5089859-b21f-40a3-8be4-63e381b8b1c0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c6a146ae-9c63-4606-97ff-e261e76e8380", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e083305c-49e7-4c87-aae8-9689213bffbe", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "fd658820-cbba-4c95-8ac9-0fac6b1099e2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -63509,13 +63509,6 @@ ] }, "related": [ - { - "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ @@ -63523,20 +63516,6 @@ ], "type": "uses" }, - { - "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ @@ -63545,7 +63524,14 @@ "type": "uses" }, { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -63557,6 +63543,20 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "4efc3e00-72f2-466a-ab7c-8a7dc6603b19", @@ -63571,8 +63571,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0575", - "https://www.carbonblack.com/blog/tau-threat-discovery-conti-ransomware/", "https://cybleinc.com/2021/01/21/conti-ransomware-resurfaces-targeting-government-large-organizations/", + "https://www.carbonblack.com/blog/tau-threat-discovery-conti-ransomware/", "https://www.cybereason.com/blog/cybereason-vs.-conti-ransomware" ], "synonyms": [ @@ -63581,35 +63581,14 @@ }, "related": [ { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "246fd3c7-f5e3-466d-8787-4c13d9e3b61c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -63623,7 +63602,14 @@ "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -63637,14 +63623,14 @@ "type": "uses" }, { - "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "246fd3c7-f5e3-466d-8787-4c13d9e3b61c", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -63664,33 +63650,47 @@ ], "type": "uses" }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "4dea7d8e-af94-4bfb-afe4-7ff54f59308b", @@ -63705,42 +63705,14 @@ ], "refs": [ "https://attack.mitre.org/software/S0585", - "https://www.amnestyusa.org/wp-content/uploads/2021/02/Click-and-Bait_Vietnamese-Human-Rights-Defenders-Targeted-with-Spyware-Attacks.pdf", - "https://unit42.paloaltonetworks.com/tracking-oceanlotus-new-downloader-kerrdown/" + "https://unit42.paloaltonetworks.com/tracking-oceanlotus-new-downloader-kerrdown/", + "https://www.amnestyusa.org/wp-content/uploads/2021/02/Click-and-Bait_Vietnamese-Human-Rights-Defenders-Targeted-with-Spyware-Attacks.pdf" ], "synonyms": [ "Kerrdown" ] }, "related": [ - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ @@ -63749,7 +63721,14 @@ "type": "uses" }, { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -63770,7 +63749,21 @@ "type": "uses" }, { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -63782,6 +63775,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "8c1d01ff-fdc0-4586-99bd-c248e0761af5", @@ -63796,9 +63796,9 @@ ], "refs": [ "https://attack.mitre.org/software/S0559", + "https://orangematter.solarwinds.com/2021/01/11/new-findings-from-our-investigation-of-sunburst/", "https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html", - "https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/", - "https://orangematter.solarwinds.com/2021/01/11/new-findings-from-our-investigation-of-sunburst/" + "https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/" ], "synonyms": [ "SUNBURST", @@ -63807,7 +63807,7 @@ }, "related": [ { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -63820,174 +63820,6 @@ ], "type": "uses" }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6d4a7fb3-5a24-42be-ae61-6728a2b581f6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bd9c723-2f78-4309-82c5-47cad406572b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "eec23884-3fa1-4d8a-ac50-6f104d51e235", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c325b232-d5bc-4dde-a3ec-71f3db9e8adc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b0533c6e-8fea-4788-874f-b799cacc4b92", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f7c0689c-4dbd-489b-81be-7cb7c7079ade", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ @@ -63995,6 +63827,13 @@ ], "type": "uses" }, + { + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", "tags": [ @@ -64009,6 +63848,76 @@ ], "type": "uses" }, + { + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6d4a7fb3-5a24-42be-ae61-6728a2b581f6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", "tags": [ @@ -64017,7 +63926,70 @@ "type": "uses" }, { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bd9c723-2f78-4309-82c5-47cad406572b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b0533c6e-8fea-4788-874f-b799cacc4b92", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c325b232-d5bc-4dde-a3ec-71f3db9e8adc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -64029,6 +64001,34 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "eec23884-3fa1-4d8a-ac50-6f104d51e235", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f7c0689c-4dbd-489b-81be-7cb7c7079ade", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "a8839c95-029f-44cf-8f3d-a3cf2039e927", @@ -64043,10 +64043,10 @@ ], "refs": [ "https://attack.mitre.org/software/S0595", - "https://objective-see.com/blog/blog_0x60.html", - "https://www.sentinelone.com/blog/evilquest-a-new-macos-malware-rolls-ransomware-spyware-and-data-theft-into-one/", "https://blog.malwarebytes.com/detections/osx-thiefquest/", - "https://blog.malwarebytes.com/mac/2020/07/mac-thiefquest-malware-may-not-be-ransomware-after-all/" + "https://blog.malwarebytes.com/mac/2020/07/mac-thiefquest-malware-may-not-be-ransomware-after-all/", + "https://objective-see.com/blog/blog_0x60.html", + "https://www.sentinelone.com/blog/evilquest-a-new-macos-malware-rolls-ransomware-spyware-and-data-theft-into-one/" ], "synonyms": [ "ThiefQuest", @@ -64055,83 +64055,6 @@ ] }, "related": [ - { - "dest-uuid": "e4dc8c01-417f-458d-9ee0-bb0617c1b391", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "960c3c86-1480-4d72-b4e0-8c242e84a5c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4933e63b-9b77-476e-ab29-761bc5b7d15a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ @@ -64153,6 +64076,27 @@ ], "type": "uses" }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4933e63b-9b77-476e-ab29-761bc5b7d15a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "573ad264-1371-4ae0-8482-d2673b719dba", "tags": [ @@ -64161,7 +64105,42 @@ "type": "uses" }, { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "960c3c86-1480-4d72-b4e0-8c242e84a5c5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -64175,7 +64154,28 @@ "type": "uses" }, { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e4dc8c01-417f-458d-9ee0-bb0617c1b391", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -64201,34 +64201,6 @@ ] }, "related": [ - { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ @@ -64236,34 +64208,6 @@ ], "type": "uses" }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ @@ -64271,6 +64215,62 @@ ], "type": "uses" }, + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ @@ -64279,7 +64279,7 @@ "type": "uses" }, { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -64305,41 +64305,6 @@ ] }, "related": [ - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "10ffac09-e42d-4f56-ab20-db94c67d76ff", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ @@ -64347,83 +64312,6 @@ ], "type": "uses" }, - { - "dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ @@ -64431,12 +64319,124 @@ ], "type": "uses" }, + { + "dest-uuid": "10ffac09-e42d-4f56-ab20-db94c67d76ff", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0", @@ -64461,49 +64461,7 @@ }, "related": [ { - "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e7cbc1de-1f79-48ee-abfd-da1241c65a15", + "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -64517,7 +64475,14 @@ "type": "uses" }, { - "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", + "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -64530,6 +64495,13 @@ ], "type": "uses" }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ @@ -64537,6 +64509,55 @@ ], "type": "uses" }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b24e2a20-3b3d-4bf0-823b-1ed765398fb0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e7cbc1de-1f79-48ee-abfd-da1241c65a15", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", "tags": [ @@ -64550,27 +64571,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b24e2a20-3b3d-4bf0-823b-1ed765398fb0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "909617c3-6d87-4330-8f32-bd3af38c3b92", @@ -64585,10 +64585,10 @@ ], "refs": [ "https://attack.mitre.org/software/S0567", - "https://usa.kaspersky.com/about/press-releases/2019_dtrack-previously-unknown-spy-tool-hits-financial-institutions-and-research-centers", "https://securelist.com/my-name-is-dtrack/93338/", - "https://www.dragos.com/threat/wassonite/", + "https://usa.kaspersky.com/about/press-releases/2019_dtrack-previously-unknown-spy-tool-hits-financial-institutions-and-research-centers", "https://www.cyberbit.com/blog/endpoint-security/dtrack-apt-malware-found-in-nuclear-power-plant/", + "https://www.dragos.com/threat/wassonite/", "https://www.zdnet.com/article/confirmed-north-korean-malware-found-on-indian-nuclear-plants-network/" ], "synonyms": [ @@ -64597,63 +64597,7 @@ }, "related": [ { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -64667,21 +64611,14 @@ "type": "uses" }, { - "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", + "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -64695,21 +64632,35 @@ "type": "uses" }, { - "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -64723,7 +64674,28 @@ "type": "uses" }, { - "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -64736,6 +64708,20 @@ ], "type": "uses" }, + { + "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ @@ -64744,14 +64730,28 @@ "type": "uses" }, { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -64777,48 +64777,6 @@ ] }, "related": [ - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c325b232-d5bc-4dde-a3ec-71f3db9e8adc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ @@ -64827,28 +64785,7 @@ "type": "uses" }, { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -64862,7 +64799,35 @@ "type": "uses" }, { - "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", + "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -64875,6 +64840,13 @@ ], "type": "uses" }, + { + "dest-uuid": "c325b232-d5bc-4dde-a3ec-71f3db9e8adc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ @@ -64883,7 +64855,35 @@ "type": "uses" }, { - "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -64902,8 +64902,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0658", - "https://documents.trendmicro.com/assets/pdf/XCSSET_Technical_Brief.pdf", - "https://blog.malwarebytes.com/detections/osx-dubrobber/" + "https://blog.malwarebytes.com/detections/osx-dubrobber/", + "https://documents.trendmicro.com/assets/pdf/XCSSET_Technical_Brief.pdf" ], "synonyms": [ "XCSSET", @@ -64912,119 +64912,7 @@ }, "related": [ { - "dest-uuid": "7d20fff9-8751-404e-badd-ccd71bda0236", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "72b74d71-8169-42aa-92e0-e7b04b9f5a08", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "573ad264-1371-4ae0-8482-d2673b719dba", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "633a100c-b2c9-41bf-9be5-905c1b16c825", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c1b68a96-3c48-49ea-a6c0-9b27359f9c19", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6b57dc31-b814-4a03-8706-28bc20d739c4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -65038,7 +64926,14 @@ "type": "uses" }, { - "dest-uuid": "810aa4ad-61c9-49cb-993f-daa06199421d", + "dest-uuid": "10ffac09-e42d-4f56-ab20-db94c67d76ff", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "191cc6af-1bb2-4344-ab5f-28e496638720", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -65059,21 +64954,77 @@ "type": "uses" }, { - "dest-uuid": "a2029942-0a85-4947-b23c-ca434698171d", + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "10ffac09-e42d-4f56-ab20-db94c67d76ff", + "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", + "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "573ad264-1371-4ae0-8482-d2673b719dba", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "633a100c-b2c9-41bf-9be5-905c1b16c825", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6b57dc31-b814-4a03-8706-28bc20d739c4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "72b74d71-8169-42aa-92e0-e7b04b9f5a08", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7d20fff9-8751-404e-badd-ccd71bda0236", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "810aa4ad-61c9-49cb-993f-daa06199421d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -65087,14 +65038,63 @@ "type": "uses" }, { - "dest-uuid": "191cc6af-1bb2-4344-ab5f-28e496638720", + "dest-uuid": "a2029942-0a85-4947-b23c-ca434698171d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c1b68a96-3c48-49ea-a6c0-9b27359f9c19", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -65113,8 +65113,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0568", - "https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/", - "https://www.prevailion.com/phantom-in-the-command-shell-2/" + "https://www.prevailion.com/phantom-in-the-command-shell-2/", + "https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/" ], "synonyms": [ "EVILNUM" @@ -65122,14 +65122,14 @@ }, "related": [ { - "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -65143,14 +65143,21 @@ "type": "uses" }, { - "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", + "dest-uuid": "10ffac09-e42d-4f56-ab20-db94c67d76ff", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "10ffac09-e42d-4f56-ab20-db94c67d76ff", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -65164,21 +65171,7 @@ "type": "uses" }, { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9c99724c-a483-4d60-ad9d-7f004e42e8e8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -65192,14 +65185,14 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "9c99724c-a483-4d60-ad9d-7f004e42e8e8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -65213,7 +65206,14 @@ "type": "uses" }, { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -65246,13 +65246,6 @@ ], "type": "uses" }, - { - "dest-uuid": "f244b8dd-af6c-4391-a497-fc03627ce995", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ @@ -65266,6 +65259,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "f244b8dd-af6c-4391-a497-fc03627ce995", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "d52291b4-bb23-45a8-aef0-3dc7e986ba15", @@ -65281,14 +65281,63 @@ "refs": [ "https://attack.mitre.org/software/S0659", "https://thedfirreport.com/2021/12/13/diavol-ransomware/", - "https://www.ic3.gov/Media/News/2022/220120.pdf", - "https://www.fortinet.com/blog/threat-research/diavol-new-ransomware-used-by-wizard-spider" + "https://www.fortinet.com/blog/threat-research/diavol-new-ransomware-used-by-wizard-spider", + "https://www.ic3.gov/Media/News/2022/220120.pdf" ], "synonyms": [ "Diavol" ] }, "related": [ + { + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ @@ -65297,7 +65346,14 @@ "type": "uses" }, { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "dest-uuid": "8c41090b-aa47-4331-986b-8c9a51a91103", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -65310,6 +65366,48 @@ ], "type": "uses" }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ @@ -65323,104 +65421,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8c41090b-aa47-4331-986b-8c9a51a91103", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "4e9bdf9a-4957-47f6-87b3-c76898d3f623", @@ -65443,34 +65443,6 @@ ] }, "related": [ - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ @@ -65478,27 +65450,6 @@ ], "type": "uses" }, - { - "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ @@ -65507,7 +65458,21 @@ "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -65521,7 +65486,42 @@ "type": "uses" }, { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -65540,10 +65540,10 @@ ], "refs": [ "https://attack.mitre.org/software/S0596", + "https://content.fireeye.com/apt-41/rpt-apt41", "https://go.recordedfuture.com/hubfs/reports/cta-2021-0228.pdf", - "https://securelist.com/shadowpad-in-corporate-networks/81432/", "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2017/08/07172148/ShadowPad_technical_description_PDF.pdf", - "https://content.fireeye.com/apt-41/rpt-apt41" + "https://securelist.com/shadowpad-in-corporate-networks/81432/" ], "synonyms": [ "ShadowPad", @@ -65551,62 +65551,6 @@ ] }, "related": [ - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4eeaf8a9-c86b-4954-a663-9555fb406466", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d467bc38-284b-4a00-96ac-125f447799fc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ @@ -65614,55 +65558,6 @@ ], "type": "uses" }, - { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9a60a291-8960-4387-8a4a-2ab5c18bb50b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "118f61a5-eb3e-4fb6-931f-2096647f4ecd", "tags": [ @@ -65671,7 +65566,7 @@ "type": "uses" }, { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -65683,6 +65578,111 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4eeaf8a9-c86b-4954-a663-9555fb406466", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9a60a291-8960-4387-8a4a-2ab5c18bb50b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d467bc38-284b-4a00-96ac-125f447799fc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "ec9e00dd-0313-4d5b-8105-c20aa47abffc", @@ -65712,21 +65712,7 @@ "type": "uses" }, { - "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -65740,28 +65726,7 @@ "type": "uses" }, { - "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cf28ca46-1fd3-46b4-b1f6-ec0b72361848", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3b936a4-6321-4172-9114-038a866362ec", + "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -65774,12 +65739,47 @@ ], "type": "uses" }, + { + "dest-uuid": "cf28ca46-1fd3-46b4-b1f6-ec0b72361848", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3b936a4-6321-4172-9114-038a866362ec", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62", @@ -65794,11 +65794,11 @@ ], "refs": [ "https://attack.mitre.org/software/S0578", - "https://www.guidepointsecurity.com/supernova-solarwinds-net-webshell-analysis/", "https://unit42.paloaltonetworks.com/solarstorm-supernova/", - "https://www.solarwinds.com/sa-overview/securityadvisory", "https://us-cert.cisa.gov/ncas/analysis-reports/ar21-027a", - "https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/" + "https://www.guidepointsecurity.com/supernova-solarwinds-net-webshell-analysis/", + "https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/", + "https://www.solarwinds.com/sa-overview/securityadvisory" ], "synonyms": [ "SUPERNOVA" @@ -65806,21 +65806,7 @@ }, "related": [ { - "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -65834,7 +65820,21 @@ "type": "uses" }, { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -65863,41 +65863,6 @@ ] }, "related": [ - { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "09b130a2-a77e-4af0-a361-f46f9aad1345", "tags": [ @@ -65905,55 +65870,6 @@ ], "type": "uses" }, - { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2acf44aa-542f-4366-b4eb-55ef5747759c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b0533c6e-8fea-4788-874f-b799cacc4b92", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ @@ -65962,7 +65878,21 @@ "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "2acf44aa-542f-4366-b4eb-55ef5747759c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -65974,6 +65904,76 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b0533c6e-8fea-4788-874f-b799cacc4b92", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "d18cb958-f4ad-4fb3-bb4f-e8994d206550", @@ -66003,14 +66003,14 @@ "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -66036,6 +66036,27 @@ ] }, "related": [ + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "41d9846c-f6af-4302-a654-24bba2729bc6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", "tags": [ @@ -66050,27 +66071,6 @@ ], "type": "uses" }, - { - "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "74d2a63f-3c7b-4852-92da-02d8fbab16da", "tags": [ @@ -66086,21 +66086,7 @@ "type": "uses" }, { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -66114,14 +66100,14 @@ "type": "uses" }, { - "dest-uuid": "41d9846c-f6af-4302-a654-24bba2729bc6", + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -66133,6 +66119,20 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "f3f1fbed-7e29-49cb-8579-4a378f858deb", @@ -66149,8 +66149,8 @@ "refs": [ "https://attack.mitre.org/software/S0588", "https://www.crowdstrike.com/blog/observations-from-the-stellarparticle-campaign/", - "https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/", - "https://www.fireeye.com/blog/threat-research/2021/03/sunshuttle-second-stage-backdoor-targeting-us-based-entity.html" + "https://www.fireeye.com/blog/threat-research/2021/03/sunshuttle-second-stage-backdoor-targeting-us-based-entity.html", + "https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/" ], "synonyms": [ "GoldMax", @@ -66159,35 +66159,7 @@ }, "related": [ { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2acf44aa-542f-4366-b4eb-55ef5747759c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -66201,49 +66173,14 @@ "type": "uses" }, { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f7c0689c-4dbd-489b-81be-7cb7c7079ade", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "2acf44aa-542f-4366-b4eb-55ef5747759c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -66256,13 +66193,6 @@ ], "type": "uses" }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", "tags": [ @@ -66270,12 +66200,82 @@ ], "type": "uses" }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f7c0689c-4dbd-489b-81be-7cb7c7079ade", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "5c747acd-47f0-4c5a-b9e5-213541fc01e0", @@ -66297,62 +66297,6 @@ ] }, "related": [ - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ @@ -66368,28 +66312,28 @@ "type": "uses" }, { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -66402,6 +66346,20 @@ ], "type": "uses" }, + { + "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", "tags": [ @@ -66410,7 +66368,49 @@ "type": "uses" }, { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -66431,8 +66431,8 @@ "refs": [ "https://attack.mitre.org/software/S0599", "https://blog.aquasec.com/threat-alert-kinsing-malware-container-vulnerability", - "https://sysdig.com/blog/zoom-into-kinsing-kdevtmpfsi/", - "https://info.aquasec.com/hubfs/Threat%20reports/AquaSecurity_Cloud_Native_Threat_Report_2021.pdf?utm_campaign=WP%20-%20Jun2021%20Nautilus%202021%20Threat%20Research%20Report&utm_medium=email&_hsmi=132931006&_hsenc=p2ANqtz-_8oopT5Uhqab8B7kE0l3iFo1koirxtyfTehxF7N-EdGYrwk30gfiwp5SiNlW3G0TNKZxUcDkYOtwQ9S6nNVNyEO-Dgrw&utm_content=132931006&utm_source=hs_automation" + "https://info.aquasec.com/hubfs/Threat%20reports/AquaSecurity_Cloud_Native_Threat_Report_2021.pdf?utm_campaign=WP%20-%20Jun2021%20Nautilus%202021%20Threat%20Research%20Report&utm_medium=email&_hsmi=132931006&_hsenc=p2ANqtz-_8oopT5Uhqab8B7kE0l3iFo1koirxtyfTehxF7N-EdGYrwk30gfiwp5SiNlW3G0TNKZxUcDkYOtwQ9S6nNVNyEO-Dgrw&utm_content=132931006&utm_source=hs_automation", + "https://sysdig.com/blog/zoom-into-kinsing-kdevtmpfsi/" ], "synonyms": [ "Kinsing" @@ -66440,49 +66440,21 @@ }, "related": [ { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "dest-uuid": "09b130a2-a77e-4af0-a361-f46f9aad1345", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", + "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "cd25c1b4-935c-4f0e-ba8d-552f28bc4783", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "56e0d8b8-3e25-49dd-9050-3aa252f5aa92", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf", + "dest-uuid": "2acf44aa-542f-4366-b4eb-55ef5747759c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -66496,21 +66468,14 @@ "type": "uses" }, { - "dest-uuid": "09b130a2-a77e-4af0-a361-f46f9aad1345", + "dest-uuid": "56e0d8b8-3e25-49dd-9050-3aa252f5aa92", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", + "dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -66530,20 +66495,6 @@ ], "type": "uses" }, - { - "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2acf44aa-542f-4366-b4eb-55ef5747759c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "8187bd2a-866f-4457-9009-86b0ddedffa3", "tags": [ @@ -66557,6 +66508,55 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cd25c1b4-935c-4f0e-ba8d-552f28bc4783", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "d6e55656-e43f-411f-a7af-45df650471c5", @@ -66582,21 +66582,7 @@ }, "related": [ { - "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -66609,6 +66595,13 @@ ], "type": "uses" }, + { + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "2de47683-f398-448f-b947-9abcc3e32fad", "tags": [ @@ -66631,7 +66624,14 @@ "type": "uses" }, { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "41868330-6ee2-4d0f-b743-9f2294c3c9b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -66645,21 +66645,7 @@ "type": "uses" }, { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "41868330-6ee2-4d0f-b743-9f2294c3c9b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -66672,6 +66658,20 @@ ], "type": "uses" }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ @@ -66679,27 +66679,6 @@ ], "type": "uses" }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", "tags": [ @@ -66708,14 +66687,35 @@ "type": "uses" }, { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -66741,20 +66741,6 @@ ] }, "related": [ - { - "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ @@ -66777,7 +66763,14 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -66789,6 +66782,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "579607c2-d046-40df-99ab-beb479c37a2a", @@ -66811,21 +66811,14 @@ }, "related": [ { - "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "132d5b37-aac5-4378-a8dc-3127b18a73dc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -66839,14 +66832,7 @@ "type": "uses" }, { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -66860,7 +66846,21 @@ "type": "uses" }, { - "dest-uuid": "132d5b37-aac5-4378-a8dc-3127b18a73dc", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -66893,41 +66893,6 @@ ] }, "related": [ - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ @@ -66935,13 +66900,6 @@ ], "type": "uses" }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "tags": [ @@ -66950,14 +66908,7 @@ "type": "uses" }, { - "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -66970,6 +66921,55 @@ ], "type": "uses" }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", "tags": [ @@ -66978,7 +66978,7 @@ "type": "uses" }, { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -67005,56 +67005,7 @@ }, "related": [ { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -67068,49 +67019,7 @@ "type": "uses" }, { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -67124,7 +67033,56 @@ "type": "uses" }, { - "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", + "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -67138,7 +67096,49 @@ "type": "uses" }, { - "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -67165,48 +67165,6 @@ ] }, "related": [ - { - "dest-uuid": "c1b68a96-3c48-49ea-a6c0-9b27359f9c19", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ @@ -67214,6 +67172,20 @@ ], "type": "uses" }, + { + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ @@ -67222,14 +67194,49 @@ "type": "uses" }, { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4eeaf8a9-c86b-4954-a663-9555fb406466", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -67250,49 +67257,14 @@ "type": "uses" }, { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4eeaf8a9-c86b-4954-a663-9555fb406466", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -67306,7 +67278,28 @@ "type": "uses" }, { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c1b68a96-3c48-49ea-a6c0-9b27359f9c19", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -67320,14 +67313,21 @@ "type": "uses" }, { - "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -67353,13 +67353,6 @@ ] }, "related": [ - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ @@ -67367,41 +67360,6 @@ ], "type": "uses" }, - { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "853c4192-4311-43e1-bfbb-b11b14911852", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ @@ -67409,6 +67367,20 @@ ], "type": "uses" }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ @@ -67417,7 +67389,21 @@ "type": "uses" }, { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "853c4192-4311-43e1-bfbb-b11b14911852", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -67431,7 +67417,7 @@ "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -67443,6 +67429,20 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "0715560d-4299-4e84-9e20-6e80ab57e4f2", @@ -67465,14 +67465,7 @@ }, "related": [ { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -67486,14 +67479,7 @@ "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -67507,7 +67493,14 @@ "type": "uses" }, { - "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bc0f5e80-91c0-4e04-9fbb-e4e332c85dae", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -67521,7 +67514,14 @@ "type": "uses" }, { - "dest-uuid": "bc0f5e80-91c0-4e04-9fbb-e4e332c85dae", + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -67540,13 +67540,13 @@ ], "refs": [ "https://attack.mitre.org/software/S0697", - "https://www.cisa.gov/uscert/ncas/alerts/aa22-057a", - "https://www.crowdstrike.com/blog/how-to-decrypt-the-partyticket-ransomware-targeting-ukraine", "https://blog.qualys.com/vulnerabilities-threat-research/2022/03/01/ukrainian-targets-hit-by-hermeticwiper-new-datawiper-malware", - "https://www.welivesecurity.com/2022/02/24/hermeticwiper-new-data-wiping-malware-hits-ukraine", - "https://www.sentinelone.com/labs/hermetic-wiper-ukraine-under-attack", "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ukraine-wiper-malware-russia", - "https://www.crowdstrike.com/blog/how-crowdstrike-falcon-protects-against-wiper-malware-used-in-ukraine-attacks/" + "https://www.cisa.gov/uscert/ncas/alerts/aa22-057a", + "https://www.crowdstrike.com/blog/how-crowdstrike-falcon-protects-against-wiper-malware-used-in-ukraine-attacks/", + "https://www.crowdstrike.com/blog/how-to-decrypt-the-partyticket-ransomware-targeting-ukraine", + "https://www.sentinelone.com/labs/hermetic-wiper-ukraine-under-attack", + "https://www.welivesecurity.com/2022/02/24/hermeticwiper-new-data-wiping-malware-hits-ukraine" ], "synonyms": [ "HermeticWiper", @@ -67555,111 +67555,6 @@ ] }, "related": [ - { - "dest-uuid": "ff73aa03-0090-4464-83ac-f89e233c02bc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5d2be8b9-d24c-4e98-83bf-2f5f79477163", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "fb640c43-aa6b-431e-a961-a279010424ac", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "74d2a63f-3c7b-4852-92da-02d8fbab16da", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ @@ -67667,13 +67562,6 @@ ], "type": "uses" }, - { - "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0af0ca99-357d-4ba1-805f-674fdfb7bef9", "tags": [ @@ -67681,6 +67569,55 @@ ], "type": "uses" }, + { + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", "tags": [ @@ -67689,14 +67626,14 @@ "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "dest-uuid": "5d2be8b9-d24c-4e98-83bf-2f5f79477163", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -67709,6 +67646,27 @@ ], "type": "uses" }, + { + "dest-uuid": "74d2a63f-3c7b-4852-92da-02d8fbab16da", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ @@ -67716,6 +67674,27 @@ ], "type": "uses" }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48", "tags": [ @@ -67724,7 +67703,28 @@ "type": "uses" }, { - "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", + "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "fb640c43-aa6b-431e-a961-a279010424ac", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ff73aa03-0090-4464-83ac-f89e233c02bc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -67751,70 +67751,7 @@ }, "related": [ { - "dest-uuid": "5d2be8b9-d24c-4e98-83bf-2f5f79477163", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b24e2a20-3b3d-4bf0-823b-1ed765398fb0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -67828,14 +67765,28 @@ "type": "uses" }, { - "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", + "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "8c41090b-aa47-4331-986b-8c9a51a91103", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5d2be8b9-d24c-4e98-83bf-2f5f79477163", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -67856,14 +67807,56 @@ "type": "uses" }, { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "dest-uuid": "8c41090b-aa47-4331-986b-8c9a51a91103", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b24e2a20-3b3d-4bf0-823b-1ed765398fb0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -67884,7 +67877,14 @@ "type": "uses" }, { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -67903,8 +67903,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0689", - "https://www.cybereason.com/blog/cybereason-vs.-whispergate-wiper", "https://unit42.paloaltonetworks.com/ukraine-cyber-conflict-cve-2021-32648-whispergate/#whispergate-malware-family", + "https://www.cybereason.com/blog/cybereason-vs.-whispergate-wiper", "https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/" ], "synonyms": [ @@ -67913,28 +67913,7 @@ }, "related": [ { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "dest-uuid": "0af0ca99-357d-4ba1-805f-674fdfb7bef9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -67948,21 +67927,14 @@ "type": "uses" }, { - "dest-uuid": "0af0ca99-357d-4ba1-805f-674fdfb7bef9", + "dest-uuid": "2cd950a6-16c4-404a-aa01-044322395107", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "ff73aa03-0090-4464-83ac-f89e233c02bc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6151cbea-819b-455a-9fa6-99a1cc58797d", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -67975,48 +67947,6 @@ ], "type": "uses" }, - { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2cd950a6-16c4-404a-aa01-044322395107", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ @@ -68025,35 +67955,7 @@ "type": "uses" }, { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "fb640c43-aa6b-431e-a961-a279010424ac", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -68066,6 +67968,34 @@ ], "type": "uses" }, + { + "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6151cbea-819b-455a-9fa6-99a1cc58797d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "82caa33e-d11a-433a-94ea-9b5a5fbef81d", "tags": [ @@ -68074,7 +68004,56 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -68088,7 +68067,28 @@ "type": "uses" }, { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "fb640c43-aa6b-431e-a961-a279010424ac", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ff73aa03-0090-4464-83ac-f89e233c02bc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -68115,7 +68115,7 @@ }, "related": [ { - "dest-uuid": "2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -68129,35 +68129,7 @@ "type": "uses" }, { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", + "dest-uuid": "09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -68171,35 +68143,14 @@ "type": "uses" }, { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "dest-uuid": "2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", + "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -68219,17 +68170,66 @@ ], "type": "uses" }, + { + "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "ff7ed9c1-dca3-4e62-9da6-72c5d388b8fa", "value": "HermeticWizard - S0698" } ], - "version": 23 + "version": 24 } diff --git a/clusters/mitre-tool.json b/clusters/mitre-tool.json index a54ce7c..6864bc4 100644 --- a/clusters/mitre-tool.json +++ b/clusters/mitre-tool.json @@ -17,8 +17,8 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0005", - "http://www.ampliasecurity.com/research/wcefaq.html" + "http://www.ampliasecurity.com/research/wcefaq.html", + "https://attack.mitre.org/software/S0005" ], "synonyms": [ "Windows Credential Editor", @@ -77,14 +77,7 @@ }, "related": [ { - "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -98,7 +91,14 @@ "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -111,6 +111,20 @@ ], "type": "uses" }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", "tags": [ @@ -118,20 +132,6 @@ ], "type": "uses" }, - { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ @@ -139,26 +139,26 @@ ], "type": "uses" }, + { + "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "5256c0f8-9108-4c92-8b09-482dfacdcd94", @@ -181,7 +181,7 @@ }, "related": [ { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -194,6 +194,20 @@ ], "type": "uses" }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", "tags": [ @@ -201,6 +215,55 @@ ], "type": "uses" }, + { + "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "cd25c1b4-935c-4f0e-ba8d-552f28bc4783", "tags": [ @@ -215,34 +278,6 @@ ], "type": "uses" }, - { - "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ @@ -250,41 +285,6 @@ ], "type": "uses" }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", "tags": [ @@ -350,9 +350,9 @@ "Windows" ], "refs": [ + "https://adsecurity.org/?page_id=1821", "https://attack.mitre.org/software/S0002", - "https://github.com/gentilkiwi/mimikatz", - "https://adsecurity.org/?page_id=1821" + "https://github.com/gentilkiwi/mimikatz" ], "synonyms": [ "Mimikatz" @@ -360,49 +360,7 @@ }, "related": [ { - "dest-uuid": "7f3a035d-d83a-45b8-8111-412aa8ade802", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "b7dc639b-24cd-482d-a7f1-8897eda21023", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "564998d8-ab3e-4123-93fb-eccaa6b9714a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d273434a-448e-4598-8e14-607f4a0d5e27", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "768dce68-8d0d-477a-b01d-0eea98b963a1", + "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -415,13 +373,6 @@ ], "type": "uses" }, - { - "dest-uuid": "f303a39a-6255-4b89-aecc-18c4d8ca7163", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", "tags": [ @@ -437,14 +388,7 @@ "type": "uses" }, { - "dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", + "dest-uuid": "564998d8-ab3e-4123-93fb-eccaa6b9714a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -457,6 +401,13 @@ ], "type": "uses" }, + { + "dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ @@ -464,6 +415,48 @@ ], "type": "uses" }, + { + "dest-uuid": "768dce68-8d0d-477a-b01d-0eea98b963a1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7b211ac6-c815-4189-93a9-ab415deca926", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7f3a035d-d83a-45b8-8111-412aa8ade802", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b7dc639b-24cd-482d-a7f1-8897eda21023", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d273434a-448e-4598-8e14-607f4a0d5e27", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "d336b553-5da9-46ca-98a8-0b23f49fb447", "tags": [ @@ -472,7 +465,14 @@ "type": "uses" }, { - "dest-uuid": "7b211ac6-c815-4189-93a9-ab415deca926", + "dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f303a39a-6255-4b89-aecc-18c4d8ca7163", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -501,6 +501,13 @@ ] }, "related": [ + { + "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "3fb18a77-91ef-4c68-a9a9-fa6bdbea38e8", "tags": [ @@ -521,13 +528,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "d5e96a35-7b0b-4c6a-9533-d63ecbda563e", @@ -550,14 +550,14 @@ }, "related": [ { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -570,13 +570,6 @@ ], "type": "uses" }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", "tags": [ @@ -585,14 +578,7 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -613,7 +599,21 @@ "type": "uses" }, { - "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -667,11 +667,11 @@ }, "related": [ { - "dest-uuid": "8410d208-7450-407d-b56c-e5c1ced19632", + "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", "tags": [ - "estimative-language:likelihood-probability=\"likely\"" + "estimative-language:likelihood-probability=\"almost-certain\"" ], - "type": "similar" + "type": "uses" }, { "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", @@ -681,11 +681,11 @@ "type": "uses" }, { - "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", + "dest-uuid": "8410d208-7450-407d-b56c-e5c1ced19632", "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" + "estimative-language:likelihood-probability=\"likely\"" ], - "type": "uses" + "type": "similar" } ], "uuid": "b07c2c47-fefb-4d7c-a69e-6a3296171f54", @@ -785,14 +785,14 @@ }, "related": [ { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -865,6 +865,13 @@ ] }, "related": [ + { + "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c", "tags": [ @@ -878,13 +885,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "38952eac-cb1b-4a71-bad2-ee8223a1c8fe", @@ -900,9 +900,9 @@ "refs": [ "https://attack.mitre.org/software/S0106", "https://technet.microsoft.com/en-us/library/bb490880.aspx", + "https://technet.microsoft.com/en-us/library/bb490886.aspx", "https://technet.microsoft.com/en-us/library/cc755121.aspx", - "https://technet.microsoft.com/en-us/library/cc771049.aspx", - "https://technet.microsoft.com/en-us/library/bb490886.aspx" + "https://technet.microsoft.com/en-us/library/cc771049.aspx" ], "synonyms": [ "cmd", @@ -910,6 +910,20 @@ ] }, "related": [ + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", "tags": [ @@ -924,13 +938,6 @@ ], "type": "uses" }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ @@ -944,13 +951,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "bba595da-b73a-4354-aa6c-224d4de7cb4e", @@ -1030,14 +1030,14 @@ "type": "uses" }, { - "dest-uuid": "f63fe421-b1d1-45c0-b8a7-02cd16ff2bed", + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "dest-uuid": "f63fe421-b1d1-45c0-b8a7-02cd16ff2bed", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1063,13 +1063,6 @@ ] }, "related": [ - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", "tags": [ @@ -1084,6 +1077,13 @@ ], "type": "uses" }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", "tags": [ @@ -1104,9 +1104,9 @@ ], "refs": [ "https://attack.mitre.org/software/S0250", - "https://www.malwarebytes.com/resources/files/2021/02/lazyscripter.pdf", + "https://github.com/zerosum0x0/koadic", "https://researchcenter.paloaltonetworks.com/2018/06/unit42-sofacy-groups-parallel-attacks/", - "https://github.com/zerosum0x0/koadic" + "https://www.malwarebytes.com/resources/files/2021/02/lazyscripter.pdf" ], "synonyms": [ "Koadic" @@ -1114,112 +1114,7 @@ }, "related": [ { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1233,21 +1128,35 @@ "type": "uses" }, { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", + "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1261,28 +1170,28 @@ "type": "uses" }, { - "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1295,12 +1204,103 @@ ], "type": "uses" }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "c8655260-9f4b-44e3-85e1-6538a5f6e4f4", @@ -1315,14 +1315,28 @@ ], "refs": [ "https://attack.mitre.org/software/S0029", - "https://technet.microsoft.com/en-us/sysinternals/bb897553.aspx", - "https://digital-forensics.sans.org/blog/2012/12/17/protecting-privileged-domain-accounts-psexec-deep-dive" + "https://digital-forensics.sans.org/blog/2012/12/17/protecting-privileged-domain-accounts-psexec-deep-dive", + "https://technet.microsoft.com/en-us/sysinternals/bb897553.aspx" ], "synonyms": [ "PsExec" ] }, "related": [ + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "6dd05630-9bd8-11e8-a8b9-47ce338a4367", "tags": [ @@ -1331,7 +1345,7 @@ "type": "similar" }, { - "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "dest-uuid": "7610cada-1499-41a4-b3dd-46467b68d177", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1345,21 +1359,7 @@ "type": "uses" }, { - "dest-uuid": "7610cada-1499-41a4-b3dd-46467b68d177", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", + "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1377,9 +1377,9 @@ "Windows" ], "refs": [ + "http://windowsitpro.com/windows/netexe-reference", "https://attack.mitre.org/software/S0039", - "https://msdn.microsoft.com/en-us/library/aa939914", - "http://windowsitpro.com/windows/netexe-reference" + "https://msdn.microsoft.com/en-us/library/aa939914" ], "synonyms": [ "Net", @@ -1388,21 +1388,21 @@ }, "related": [ { - "dest-uuid": "7610cada-1499-41a4-b3dd-46467b68d177", + "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1422,6 +1422,13 @@ ], "type": "uses" }, + { + "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", "tags": [ @@ -1430,28 +1437,7 @@ "type": "uses" }, { - "dest-uuid": "a750a9f6-0bde-4bb3-9aae-1e2786e9780c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", + "dest-uuid": "7610cada-1499-41a4-b3dd-46467b68d177", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1465,14 +1451,14 @@ "type": "uses" }, { - "dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c", + "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", + "dest-uuid": "a750a9f6-0bde-4bb3-9aae-1e2786e9780c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1486,7 +1472,21 @@ "type": "uses" }, { - "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1514,14 +1514,21 @@ }, "related": [ { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1540,13 +1547,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "c256da91-6dd5-40b2-beeb-ee3b22ab3d27", @@ -1560,9 +1560,9 @@ "Android" ], "refs": [ + "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html", "https://attack.mitre.org/software/S0408", "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf", - "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html", "https://www.flexispy.com/" ], "synonyms": [ @@ -1571,70 +1571,7 @@ }, "related": [ { - "dest-uuid": "948a447c-d783-4ba0-8516-a64140fcacd5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "fd658820-cbba-4c95-8ac9-0fac6b1099e2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c5089859-b21f-40a3-8be4-63e381b8b1c0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bd4d32f5-eed4-4018-a649-40b229dd1d69", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "702055ac-4e54-4ae9-9527-e23a38e0b160", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8e27551a-5080-4148-a584-c64348212e4f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1655,21 +1592,14 @@ "type": "uses" }, { - "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", + "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e4c347e9-fb91-4bc5-83b8-391e389131e2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", + "dest-uuid": "702055ac-4e54-4ae9-9527-e23a38e0b160", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1682,6 +1612,27 @@ ], "type": "uses" }, + { + "dest-uuid": "8e27551a-5080-4148-a584-c64348212e4f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "948a447c-d783-4ba0-8516-a64140fcacd5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "a8c31121-852b-46bd-9ba4-674ae5afe7ad", "tags": [ @@ -1689,12 +1640,61 @@ ], "type": "uses" }, + { + "dest-uuid": "bd4d32f5-eed4-4018-a649-40b229dd1d69", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c5089859-b21f-40a3-8be4-63e381b8b1c0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e4c347e9-fb91-4bc5-83b8-391e389131e2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "fd658820-cbba-4c95-8ac9-0fac6b1099e2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "1622fd3d-fcfc-4d02-ac49-f2d786f79b81", @@ -1709,8 +1709,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0075", - "https://technet.microsoft.com/en-us/library/cc732643.aspx", - "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html" + "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html", + "https://technet.microsoft.com/en-us/library/cc732643.aspx" ], "synonyms": [ "Reg", @@ -1719,14 +1719,14 @@ }, "related": [ { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "dest-uuid": "341e222a-a6e3-4f6f-b69c-831d792b1580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "341e222a-a6e3-4f6f-b69c-831d792b1580", + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1755,13 +1755,6 @@ "synonyms": [] }, "related": [ - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", "tags": [ @@ -1775,6 +1768,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "2e45723a-31da-4a7e-aaa6-e01998a6788f", @@ -1793,21 +1793,14 @@ "https://attack.mitre.org/software/S0590", "https://manpages.debian.org/testing/nbtscan/nbtscan.1.en.html", "https://sectools.org/tool/nbtscan/", - "https://www.symantec.com/blogs/threat-intelligence/waterbug-espionage-governments", - "https://www.fireeye.com/blog/threat-research/2019/01/apt39-iranian-cyber-espionage-group-focused-on-personal-information.html" + "https://www.fireeye.com/blog/threat-research/2019/01/apt39-iranian-cyber-espionage-group-focused-on-personal-information.html", + "https://www.symantec.com/blogs/threat-intelligence/waterbug-espionage-governments" ], "synonyms": [ "NBTscan" ] }, "related": [ - { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ @@ -1822,6 +1815,13 @@ ], "type": "uses" }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ @@ -1830,7 +1830,7 @@ "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -1860,6 +1860,13 @@ ] }, "related": [ + { + "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ @@ -1874,13 +1881,6 @@ ], "type": "uses" }, - { - "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", "tags": [ @@ -2042,19 +2042,19 @@ "synonyms": [] }, "related": [ - { - "dest-uuid": "ccde5b0d-fe13-48e6-a6f4-4e434ce29371", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "ccde5b0d-fe13-48e6-a6f4-4e434ce29371", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "102c3898-85e0-43ee-ae28-62a0a3ed9507", @@ -2124,8 +2124,8 @@ "external_id": "S0123", "mitre_platforms": [], "refs": [ - "https://attack.mitre.org/software/S0123", - "https://ashwinrayaprolu.wordpress.com/2011/04/12/xcmd-an-alternative-to-psexec/" + "https://ashwinrayaprolu.wordpress.com/2011/04/12/xcmd-an-alternative-to-psexec/", + "https://attack.mitre.org/software/S0123" ], "synonyms": [] }, @@ -2150,9 +2150,9 @@ ], "refs": [ "https://attack.mitre.org/software/S0521", - "https://www.fox-it.com/media/kadlze5c/201912_report_operation_wocao.pdf", + "https://github.com/BloodHoundAD/BloodHound", "https://www.crowdstrike.com/blog/hidden-administrative-accounts-bloodhound-to-the-rescue/", - "https://github.com/BloodHoundAD/BloodHound" + "https://www.fox-it.com/media/kadlze5c/201912_report_operation_wocao.pdf" ], "synonyms": [ "BloodHound" @@ -2160,42 +2160,14 @@ }, "related": [ { - "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "dest-uuid": "1b20efbf-8063-4fc3-a07d-b575318a301b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2216,7 +2188,21 @@ "type": "uses" }, { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2230,7 +2216,14 @@ "type": "uses" }, { - "dest-uuid": "1b20efbf-8063-4fc3-a07d-b575318a301b", + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2242,6 +2235,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "066b057c-944e-4cfc-b654-e3dfba04b926", @@ -2267,182 +2267,7 @@ }, "related": [ { - "dest-uuid": "bdb420be-5882-41c8-b439-02bbef69d83f", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7610cada-1499-41a4-b3dd-46467b68d177", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "650c784b-7504-4df7-ab2c-4ea882384d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7b211ac6-c815-4189-93a9-ab415deca926", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6add2ab5-2711-4e9d-87c8-7a0be8531530", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "86850eff-2729-40c3-b85e-c4af26da4a2d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2456,77 +2281,28 @@ "type": "uses" }, { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", + "dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfefe2ed-4389-4318-8762-f0272b350a1b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2540,14 +2316,238 @@ "type": "uses" }, { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", + "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", + "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "650c784b-7504-4df7-ab2c-4ea882384d1e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6add2ab5-2711-4e9d-87c8-7a0be8531530", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7610cada-1499-41a4-b3dd-46467b68d177", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7b211ac6-c815-4189-93a9-ab415deca926", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "86850eff-2729-40c3-b85e-c4af26da4a2d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bdb420be-5882-41c8-b439-02bbef69d83f", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dfefe2ed-4389-4318-8762-f0272b350a1b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2583,14 +2583,14 @@ "type": "uses" }, { - "dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a", + "dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c", + "dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2608,22 +2608,15 @@ "Windows" ], "refs": [ + "http://researchcenter.paloaltonetworks.com/2015/12/bbsrat-attacks-targeting-russian-organizations-linked-to-roaming-tiger/", "https://attack.mitre.org/software/S0361", - "https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/expand", - "http://researchcenter.paloaltonetworks.com/2015/12/bbsrat-attacks-targeting-russian-organizations-linked-to-roaming-tiger/" + "https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/expand" ], "synonyms": [ "Expand" ] }, "related": [ - { - "dest-uuid": "f2857333-11d4-45bf-b064-2c28d8525be5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ @@ -2637,6 +2630,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "f2857333-11d4-45bf-b064-2c28d8525be5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "ca656c25-44f1-471b-9d9f-e2a3bbb84973", @@ -2652,8 +2652,8 @@ "macOS" ], "refs": [ - "https://attack.mitre.org/software/S0183", - "http://www.dtic.mil/dtic/tr/fulltext/u2/a465464.pdf" + "http://www.dtic.mil/dtic/tr/fulltext/u2/a465464.pdf", + "https://attack.mitre.org/software/S0183" ], "synonyms": [ "Tor" @@ -2661,14 +2661,14 @@ }, "related": [ { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2698,14 +2698,14 @@ "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2731,13 +2731,6 @@ ] }, "related": [ - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1e9eb839-294b-48cc-b0d3-c45555a2a004", "tags": [ @@ -2746,7 +2739,7 @@ "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2760,7 +2753,14 @@ "type": "uses" }, { - "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2808,10 +2808,10 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0194", - "https://github.com/PowerShellMafia/PowerSploit", + "http://powersploit.readthedocs.io", "http://www.powershellmagazine.com/2014/07/08/powersploit/", - "http://powersploit.readthedocs.io" + "https://attack.mitre.org/software/S0194", + "https://github.com/PowerShellMafia/PowerSploit" ], "synonyms": [ "PowerSploit" @@ -2819,7 +2819,63 @@ }, "related": [ { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "0c2d00da-7742-49e7-9928-4514e5075d32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2840,28 +2896,7 @@ "type": "uses" }, { - "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f2877f7f-9a4c-4251-879f-1224e3006bee", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "dest-uuid": "4933e63b-9b77-476e-ab29-761bc5b7d15a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2875,63 +2910,7 @@ "type": "uses" }, { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c4ad009b-6e13-4419-8d21-918a1652de02", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d336b553-5da9-46ca-98a8-0b23f49fb447", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b0533c6e-8fea-4788-874f-b799cacc4b92", + "dest-uuid": "58af3705-8740-4c68-9329-ec015a7013c2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2945,14 +2924,7 @@ "type": "uses" }, { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf96a5a3-3bce-43b7-8597-88545984c07b", + "dest-uuid": "767dbf9e-df3f-45cb-8998-4903ab5f80c0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2966,7 +2938,14 @@ "type": "uses" }, { - "dest-uuid": "4933e63b-9b77-476e-ab29-761bc5b7d15a", + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -2980,42 +2959,63 @@ "type": "uses" }, { - "dest-uuid": "0c2d00da-7742-49e7-9928-4514e5075d32", + "dest-uuid": "b0533c6e-8fea-4788-874f-b799cacc4b92", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "58af3705-8740-4c68-9329-ec015a7013c2", + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", + "dest-uuid": "bf96a5a3-3bce-43b7-8597-88545984c07b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967", + "dest-uuid": "c4ad009b-6e13-4419-8d21-918a1652de02", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "767dbf9e-df3f-45cb-8998-4903ab5f80c0", + "dest-uuid": "d336b553-5da9-46ca-98a8-0b23f49fb447", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f2877f7f-9a4c-4251-879f-1224e3006bee", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -3061,42 +3061,14 @@ "Windows" ], "refs": [ - "https://attack.mitre.org/software/S0581", - " https://unit42.paloaltonetworks.com/ironnetinjector/" + " https://unit42.paloaltonetworks.com/ironnetinjector/", + "https://attack.mitre.org/software/S0581" ], "synonyms": [ "IronNetInjector" ] }, "related": [ - { - "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ @@ -3104,6 +3076,13 @@ ], "type": "uses" }, + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", "tags": [ @@ -3118,12 +3097,33 @@ ], "type": "uses" }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "b1595ddd-a783-482a-90e1-8afc8d48467e", @@ -3262,8 +3262,8 @@ "external_id": "S0225", "mitre_platforms": [], "refs": [ - "https://attack.mitre.org/software/S0225", - "http://sqlmap.org/" + "http://sqlmap.org/", + "https://attack.mitre.org/software/S0225" ], "synonyms": [] }, @@ -3288,9 +3288,9 @@ ], "refs": [ "https://attack.mitre.org/software/S0262", - "https://securelist.com/apt10-sophisticated-multi-layered-loader-ecipekac-discovered-in-a41apt-campaign/101519/", "https://documents.trendmicro.com/assets/tech-brief-untangling-the-patchwork-cyberespionage-group.pdf", "https://github.com/quasar/QuasarRAT", + "https://securelist.com/apt10-sophisticated-multi-layered-loader-ecipekac-discovered-in-a41apt-campaign/101519/", "https://www.volexity.com/blog/2018/06/07/patchwork-apt-group-targets-us-think-tanks/" ], "synonyms": [ @@ -3299,20 +3299,6 @@ ] }, "related": [ - { - "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ @@ -3320,13 +3306,6 @@ ], "type": "uses" }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ @@ -3335,7 +3314,7 @@ "type": "uses" }, { - "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -3348,13 +3327,6 @@ ], "type": "uses" }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ @@ -3363,14 +3335,28 @@ "type": "uses" }, { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -3383,6 +3369,20 @@ ], "type": "uses" }, + { + "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ @@ -3391,7 +3391,7 @@ "type": "uses" }, { - "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", + "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -3437,8 +3437,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0332", - "https://www.fortinet.com/blog/threat-research/remcos-a-new-rat-in-the-wild-2.html", "https://blog.talosintelligence.com/2018/08/picking-apart-remcos.html", + "https://www.fortinet.com/blog/threat-research/remcos-a-new-rat-in-the-wild-2.html", "https://www.riskiq.com/blog/labs/spear-phishing-turkish-defense-contractors/" ], "synonyms": [ @@ -3446,27 +3446,6 @@ ] }, "related": [ - { - "dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ @@ -3474,20 +3453,6 @@ ], "type": "uses" }, - { - "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ @@ -3496,14 +3461,14 @@ "type": "uses" }, { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -3517,21 +3482,14 @@ "type": "uses" }, { - "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", + "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -3544,6 +3502,13 @@ ], "type": "uses" }, + { + "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", "tags": [ @@ -3552,7 +3517,42 @@ "type": "uses" }, { - "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -3588,49 +3588,7 @@ "type": "uses" }, { - "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -3644,14 +3602,14 @@ "type": "uses" }, { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", + "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", + "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -3665,70 +3623,7 @@ "type": "uses" }, { - "dest-uuid": "677569f9-a8b0-459e-ab24-7f18091fa7bf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "650c784b-7504-4df7-ab2c-4ea882384d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b6075259-dba3-44e9-87c7-e954f37ec0d5", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -3742,42 +3637,28 @@ "type": "uses" }, { - "dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e", + "dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "767dbf9e-df3f-45cb-8998-4903ab5f80c0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", + "dest-uuid": "650c784b-7504-4df7-ab2c-4ea882384d1e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -3790,12 +3671,131 @@ ], "type": "uses" }, + { + "dest-uuid": "677569f9-a8b0-459e-ab24-7f18091fa7bf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "767dbf9e-df3f-45cb-8998-4903ab5f80c0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b6075259-dba3-44e9-87c7-e954f37ec0d5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "4b57c098-f043-4da2-83ef-7588a6d426bc", @@ -3811,8 +3811,8 @@ "refs": [ "https://attack.mitre.org/software/S0552", "https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ ", - "https://www.fireeye.com/blog/threat-research/2019/04/pick-six-intercepting-a-fin6-intrusion.html", - "https://www.fireeye.com/blog/threat-research/2019/01/a-nasty-trick-from-credential-theft-malware-to-business-disruption.html" + "https://www.fireeye.com/blog/threat-research/2019/01/a-nasty-trick-from-credential-theft-malware-to-business-disruption.html", + "https://www.fireeye.com/blog/threat-research/2019/04/pick-six-intercepting-a-fin6-intrusion.html" ], "synonyms": [ "AdFind" @@ -3820,7 +3820,7 @@ }, "related": [ { - "dest-uuid": "767dbf9e-df3f-45cb-8998-4903ab5f80c0", + "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -3833,26 +3833,26 @@ ], "type": "uses" }, - { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "767dbf9e-df3f-45cb-8998-4903ab5f80c0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "f59508a6-3615-47c3-b493-6676e1a39a87", @@ -3875,14 +3875,7 @@ }, "related": [ { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -3896,7 +3889,14 @@ "type": "uses" }, { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -3915,147 +3915,14 @@ ], "refs": [ "https://attack.mitre.org/software/S0692", - "https://securityaffairs.co/wordpress/88021/apt/croatia-government-silenttrinity-malware.html", - "https://github.com/byt3bl33d3r/SILENTTRINITY" + "https://github.com/byt3bl33d3r/SILENTTRINITY", + "https://securityaffairs.co/wordpress/88021/apt/croatia-government-silenttrinity-malware.html" ], "synonyms": [ "SILENTTRINITY" ] }, "related": [ - { - "dest-uuid": "8f504411-cb96-4dac-a537-8d2bb7679c59", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "98034fef-d9fb-4667-8dc4-2eab6231724c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bc0f5e80-91c0-4e04-9fbb-e4e332c85dae", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "86850eff-2729-40c3-b85e-c4af26da4a2d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f2877f7f-9a4c-4251-879f-1224e3006bee", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ @@ -4063,111 +3930,6 @@ ], "type": "uses" }, - { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8d7bd4f5-3a89-4453-9c82-2c8894d5655e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "68a0c5ed-bee2-4513-830d-5b0d650139bd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ @@ -4175,20 +3937,6 @@ ], "type": "uses" }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ @@ -4197,14 +3945,35 @@ "type": "uses" }, { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4217,6 +3986,13 @@ ], "type": "uses" }, + { + "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ @@ -4225,14 +4001,105 @@ "type": "uses" }, { - "dest-uuid": "a2029942-0a85-4947-b23c-ca434698171d", + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d336b553-5da9-46ca-98a8-0b23f49fb447", + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "68a0c5ed-bee2-4513-830d-5b0d650139bd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "86850eff-2729-40c3-b85e-c4af26da4a2d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8d7bd4f5-3a89-4453-9c82-2c8894d5655e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f504411-cb96-4dac-a537-8d2bb7679c59", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4245,12 +4112,145 @@ ], "type": "uses" }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "98034fef-d9fb-4667-8dc4-2eab6231724c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a2029942-0a85-4947-b23c-ca434698171d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bc0f5e80-91c0-4e04-9fbb-e4e332c85dae", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "d336b553-5da9-46ca-98a8-0b23f49fb447", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f2877f7f-9a4c-4251-879f-1224e3006bee", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "1244e058-fa10-48cb-b484-0bcf671107ae", @@ -4264,8 +4264,8 @@ "Android" ], "refs": [ - "https://attack.mitre.org/software/S0298", - "http://researchcenter.paloaltonetworks.com/2016/02/new-android-trojan-xbot-phishes-credit-cards-and-bank-accounts-encrypts-devices-for-ransom/" + "http://researchcenter.paloaltonetworks.com/2016/02/new-android-trojan-xbot-phishes-credit-cards-and-bank-accounts-encrypts-devices-for-ransom/", + "https://attack.mitre.org/software/S0298" ], "synonyms": [ "Xbot" @@ -4273,11 +4273,11 @@ }, "related": [ { - "dest-uuid": "e683cd91-40b4-4e1c-be25-34a27610a22e", + "dest-uuid": "3dd58c80-4c2e-458c-9503-1b2cd273c4d2", "tags": [ - "estimative-language:likelihood-probability=\"likely\"" + "estimative-language:likelihood-probability=\"almost-certain\"" ], - "type": "similar" + "type": "uses" }, { "dest-uuid": "4cfa42a3-71d9-43e2-bf23-daa79f326387", @@ -4293,13 +4293,6 @@ ], "type": "similar" }, - { - "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "9d7c32f4-ab39-49dc-8055-8106bc2294a1", "tags": [ @@ -4308,14 +4301,21 @@ "type": "uses" }, { - "dest-uuid": "3dd58c80-4c2e-458c-9503-1b2cd273c4d2", + "dest-uuid": "d9e88203-2b5d-405f-a406-2933b1e3d7e4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "d9e88203-2b5d-405f-a406-2933b1e3d7e4", + "dest-uuid": "e683cd91-40b4-4e1c-be25-34a27610a22e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4348,7 +4348,7 @@ }, "related": [ { - "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", + "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4362,224 +4362,7 @@ "type": "uses" }, { - "dest-uuid": "767dbf9e-df3f-45cb-8998-4903ab5f80c0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5095a853-299c-4876-abd7-ac0050fb5462", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "58af3705-8740-4c68-9329-ec015a7013c2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0c2d00da-7742-49e7-9928-4514e5075d32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "68a0c5ed-bee2-4513-830d-5b0d650139bd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "768dce68-8d0d-477a-b01d-0eea98b963a1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "5d2be8b9-d24c-4e98-83bf-2f5f79477163", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f5946b5e-9408-485f-a7f7-b5efc88909b6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7610cada-1499-41a4-b3dd-46467b68d177", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf96a5a3-3bce-43b7-8597-88545984c07b", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4593,49 +4376,14 @@ "type": "uses" }, { - "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", + "dest-uuid": "0c2d00da-7742-49e7-9928-4514e5075d32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "1e9eb839-294b-48cc-b0d3-c45555a2a004", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", + "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4649,175 +4397,49 @@ "type": "uses" }, { - "dest-uuid": "5e4a2073-9643-44cb-a0b5-e7f4048446c7", + "dest-uuid": "1e9eb839-294b-48cc-b0d3-c45555a2a004", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", + "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "70e52b04-2a0c-4cea-9d18-7149f1df9dc5", + "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "b7dc639b-24cd-482d-a7f1-8897eda21023", + "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "fc742192-19e3-466c-9eb5-964a97b29490", + "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "86a96bf6-cf8b-411c-aaeb-8959944d64f7", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c92e3d68-2349-49e4-a341-7edca2deff96", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "677569f9-a8b0-459e-ab24-7f18091fa7bf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f2877f7f-9a4c-4251-879f-1224e3006bee", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d273434a-448e-4598-8e14-607f4a0d5e27", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "650c784b-7504-4df7-ab2c-4ea882384d1e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", + "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4830,12 +4452,390 @@ ], "type": "uses" }, + { + "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5095a853-299c-4876-abd7-ac0050fb5462", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "58af3705-8740-4c68-9329-ec015a7013c2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5d2be8b9-d24c-4e98-83bf-2f5f79477163", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5e4a2073-9643-44cb-a0b5-e7f4048446c7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "650c784b-7504-4df7-ab2c-4ea882384d1e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "677569f9-a8b0-459e-ab24-7f18091fa7bf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "68a0c5ed-bee2-4513-830d-5b0d650139bd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "70e52b04-2a0c-4cea-9d18-7149f1df9dc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7610cada-1499-41a4-b3dd-46467b68d177", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "767dbf9e-df3f-45cb-8998-4903ab5f80c0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "768dce68-8d0d-477a-b01d-0eea98b963a1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "86a96bf6-cf8b-411c-aaeb-8959944d64f7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b7dc639b-24cd-482d-a7f1-8897eda21023", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf96a5a3-3bce-43b7-8597-88545984c07b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c92e3d68-2349-49e4-a341-7edca2deff96", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d273434a-448e-4598-8e14-607f4a0d5e27", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f2877f7f-9a4c-4251-879f-1224e3006bee", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f5946b5e-9408-485f-a7f7-b5efc88909b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "fc742192-19e3-466c-9eb5-964a97b29490", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "3433a9e8-1c47-4320-b9bf-ed449061d1c3", @@ -4860,7 +4860,28 @@ }, "related": [ { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4874,7 +4895,49 @@ "type": "uses" }, { - "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -4900,69 +4963,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "11f8d7eb-1927-4806-9267-3a11d4d4d6be", @@ -4977,8 +4977,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0364", - "https://www.itprotoday.com/windows-78/eldos-provides-raw-disk-access-vista-and-xp", - "https://operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Destructive-Malware-Report.pdf" + "https://operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Destructive-Malware-Report.pdf", + "https://www.itprotoday.com/windows-78/eldos-provides-raw-disk-access-vista-and-xp" ], "synonyms": [ "RawDisk" @@ -5036,35 +5036,7 @@ "type": "uses" }, { - "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "6add2ab5-2711-4e9d-87c8-7a0be8531530", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d336b553-5da9-46ca-98a8-0b23f49fb447", + "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5085,7 +5057,28 @@ "type": "uses" }, { - "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", + "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "6add2ab5-2711-4e9d-87c8-7a0be8531530", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5097,6 +5090,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "d336b553-5da9-46ca-98a8-0b23f49fb447", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "b76b2d94-60e4-4107-a903-4a3a7622fb3b", @@ -5121,7 +5121,7 @@ }, "related": [ { - "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5134,6 +5134,13 @@ ], "type": "uses" }, + { + "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529", "tags": [ @@ -5142,7 +5149,7 @@ "type": "uses" }, { - "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", + "dest-uuid": "650c784b-7504-4df7-ab2c-4ea882384d1e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5156,7 +5163,7 @@ "type": "uses" }, { - "dest-uuid": "650c784b-7504-4df7-ab2c-4ea882384d1e", + "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5175,13 +5182,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "26c87906-d750-42c5-946c-d4162c73fc7b", @@ -5197,28 +5197,14 @@ ], "refs": [ "https://attack.mitre.org/software/S0358", - "https://github.com/sensepost/ruler", - "https://github.com/sensepost/notruler" + "https://github.com/sensepost/notruler", + "https://github.com/sensepost/ruler" ], "synonyms": [ "Ruler" ] }, "related": [ - { - "dest-uuid": "a9e2cea0-c805-4bf8-9e31-f5f0513a3634", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "bf147104-abf9-4221-95d1-e81585859441", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "3d1b9d7e-3921-4d25-845a-7d9f15c0da44", "tags": [ @@ -5232,6 +5218,20 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "a9e2cea0-c805-4bf8-9e31-f5f0513a3634", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "bf147104-abf9-4221-95d1-e81585859441", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "90ac9266-68ce-46f2-b24f-5eb3b2a8ea38", @@ -5295,21 +5295,7 @@ }, "related": [ { - "dest-uuid": "f8ef3a62-3f44-40a4-abca-761ab235c436", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7b50a1d3-4ca7-45d1-989d-a6503f04bfe1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f232fa7a-025c-4d43-abc7-318e81a73d65", + "dest-uuid": "0470e792-32f8-46b0-a351-652bc35e9336", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5336,6 +5322,27 @@ ], "type": "uses" }, + { + "dest-uuid": "56e0d8b8-3e25-49dd-9050-3aa252f5aa92", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7b50a1d3-4ca7-45d1-989d-a6503f04bfe1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8565825b-21c8-4518-b75e-cbc4c717a156", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "890c9858-598c-401d-a4d5-c67ebcdd703a", "tags": [ @@ -5343,20 +5350,6 @@ ], "type": "uses" }, - { - "dest-uuid": "0470e792-32f8-46b0-a351-652bc35e9336", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f005e783-57d4-4837-88ad-dbe7faee1c51", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", "tags": [ @@ -5365,14 +5358,21 @@ "type": "uses" }, { - "dest-uuid": "56e0d8b8-3e25-49dd-9050-3aa252f5aa92", + "dest-uuid": "f005e783-57d4-4837-88ad-dbe7faee1c51", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "8565825b-21c8-4518-b75e-cbc4c717a156", + "dest-uuid": "f232fa7a-025c-4d43-abc7-318e81a73d65", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "f8ef3a62-3f44-40a4-abca-761ab235c436", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5398,97 +5398,6 @@ ] }, "related": [ - { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce", "tags": [ @@ -5503,12 +5412,103 @@ ], "type": "uses" }, + { + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "72b74d71-8169-42aa-92e0-e7b04b9f5a08", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "115f88dd-0618-4389-83cb-98d33ae81848", @@ -5531,7 +5531,14 @@ }, "related": [ { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9a60a291-8960-4387-8a4a-2ab5c18bb50b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5545,14 +5552,7 @@ "type": "uses" }, { - "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "9a60a291-8960-4387-8a4a-2ab5c18bb50b", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5625,7 +5625,7 @@ "type": "uses" }, { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5639,7 +5639,14 @@ "type": "uses" }, { - "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", + "dest-uuid": "e24fcba8-2557-4442-a139-1ee2f2e784db", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5651,13 +5658,6 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" - }, - { - "dest-uuid": "e24fcba8-2557-4442-a139-1ee2f2e784db", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" } ], "uuid": "6dbdc657-d8e0-4f2f-909b-7251b3e72c6d", @@ -5680,28 +5680,7 @@ }, "related": [ { - "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f3d95a1f-bba2-44ce-9af7-37866cd63fd0", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c", + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5714,20 +5693,6 @@ ], "type": "uses" }, - { - "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", "tags": [ @@ -5736,7 +5701,7 @@ "type": "uses" }, { - "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5750,28 +5715,7 @@ "type": "uses" }, { - "dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5791,6 +5735,55 @@ ], "type": "uses" }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b6075259-dba3-44e9-87c7-e954f37ec0d5", "tags": [ @@ -5798,6 +5791,20 @@ ], "type": "uses" }, + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", "tags": [ @@ -5806,14 +5813,7 @@ "type": "uses" }, { - "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", + "dest-uuid": "f3d95a1f-bba2-44ce-9af7-37866cd63fd0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5832,9 +5832,9 @@ ], "refs": [ "https://attack.mitre.org/software/S0695", + "https://github.com/TheWover/donut", "https://research.nccgroup.com/2020/06/23/wastedlocker-a-new-ransomware-variant-developed-by-the-evil-corp-group/", - "https://thewover.github.io/Introducing-Donut/", - "https://github.com/TheWover/donut" + "https://thewover.github.io/Introducing-Donut/" ], "synonyms": [ "Donut" @@ -5848,6 +5848,20 @@ ], "type": "uses" }, + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "4933e63b-9b77-476e-ab29-761bc5b7d15a", "tags": [ @@ -5855,6 +5869,41 @@ ], "type": "uses" }, + { + "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ @@ -5869,13 +5918,6 @@ ], "type": "uses" }, - { - "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", "tags": [ @@ -5883,48 +5925,6 @@ ], "type": "uses" }, - { - "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ @@ -5933,14 +5933,14 @@ "type": "uses" }, { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -5961,8 +5961,8 @@ ], "refs": [ "https://attack.mitre.org/software/S0677", - "https://o365blog.com/aadinternals", - "https://github.com/Gerenios/AADInternals" + "https://github.com/Gerenios/AADInternals", + "https://o365blog.com/aadinternals" ], "synonyms": [ "AADInternals" @@ -5970,21 +5970,7 @@ }, "related": [ { - "dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "2d3f5b3c-54ca-4f4d-bb1f-849346d31230", + "dest-uuid": "16e94db9-b5b1-4cd0-b851-f38fbd0a70f2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6005,49 +5991,28 @@ "type": "uses" }, { - "dest-uuid": "ebb42bbe-62d7-47d7-a55f-3b08b61d792d", + "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "dest-uuid": "2d3f5b3c-54ca-4f4d-bb1f-849346d31230", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "a009cb25-4801-4116-9105-80a91cf15c1b", + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { - "dest-uuid": "8f104855-e5b7-4077-b1f5-bc3103b41abe", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "16e94db9-b5b1-4cd0-b851-f38fbd0a70f2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e3b168bd-fcd7-439e-9382-2e6c2f63514d", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "d273434a-448e-4598-8e14-607f4a0d5e27", + "dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6068,14 +6033,7 @@ "type": "uses" }, { - "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "e24fcba8-2557-4442-a139-1ee2f2e784db", + "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6089,7 +6047,49 @@ "type": "uses" }, { - "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", + "dest-uuid": "8f104855-e5b7-4077-b1f5-bc3103b41abe", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "a009cb25-4801-4116-9105-80a91cf15c1b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "d273434a-448e-4598-8e14-607f4a0d5e27", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e24fcba8-2557-4442-a139-1ee2f2e784db", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "e3b168bd-fcd7-439e-9382-2e6c2f63514d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ebb42bbe-62d7-47d7-a55f-3b08b61d792d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6110,10 +6110,10 @@ ], "refs": [ "https://attack.mitre.org/software/S0699", - "https://go.recordedfuture.com/hubfs/reports/cta-2022-0118.pdf", + "https://docs.mythic-c2.net/", "https://github.com/its-a-feature/Mythic", - "https://posts.specterops.io/a-change-of-mythic-proportions-21debeb03617", - "https://docs.mythic-c2.net/" + "https://go.recordedfuture.com/hubfs/reports/cta-2022-0118.pdf", + "https://posts.specterops.io/a-change-of-mythic-proportions-21debeb03617" ], "synonyms": [ "Mythic" @@ -6121,28 +6121,7 @@ }, "related": [ { - "dest-uuid": "c3888c54-775d-4b2f-b759-75a2ececcbfd", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6162,20 +6141,6 @@ ], "type": "uses" }, - { - "dest-uuid": "ca9d3402-ada3-484d-876a-d717bd6e05f2", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, - { - "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "uses" - }, { "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", "tags": [ @@ -6183,6 +6148,13 @@ ], "type": "uses" }, + { + "dest-uuid": "9a60a291-8960-4387-8a4a-2ab5c18bb50b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", "tags": [ @@ -6190,6 +6162,34 @@ ], "type": "uses" }, + { + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "c3888c54-775d-4b2f-b759-75a2ececcbfd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "ca9d3402-ada3-484d-876a-d717bd6e05f2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, + { + "dest-uuid": "cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ @@ -6198,7 +6198,7 @@ "type": "uses" }, { - "dest-uuid": "9a60a291-8960-4387-8a4a-2ab5c18bb50b", + "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], @@ -6216,5 +6216,5 @@ "value": "Mythic - S0699" } ], - "version": 22 + "version": 23 } diff --git a/tools/mitre-cti/v2.0/create_mitre-galaxy.py b/tools/mitre-cti/v2.0/create_mitre-galaxy.py index 404f9ed..2795502 100755 --- a/tools/mitre-cti/v2.0/create_mitre-galaxy.py +++ b/tools/mitre-cti/v2.0/create_mitre-galaxy.py @@ -177,7 +177,16 @@ for t in types: item_2.pop('type', None) file_data['values'].append(item_2) - file_data['values'] = sorted(file_data['values'], key=lambda x: sorted(x['value'])) # FIXME the sort algo needs to be further improved + # FIXME the sort algo needs to be further improved, potentially with a recursive deep sort + file_data['values'] = sorted(file_data['values'], key=lambda x: sorted(x['value'])) + for item in file_data['values']: + if 'related' in item: + item['related'] = sorted(item['related'], key=lambda x: x['dest-uuid']) + if 'meta' in item: + if 'refs' in item['meta']: + item['meta']['refs'] = sorted(item['meta']['refs']) + if 'mitre_data_sources' in item['meta']: + item['meta']['mitre_data_sources'] = sorted(item['meta']['mitre_data_sources']) file_data['version'] += 1 with open(fname, 'w') as f: json.dump(file_data, f, indent=2, sort_keys=True, ensure_ascii=False)