chg: [mitre] deprecated entities

2024-11-22 06:47:18 +00:00 · 2024-08-17 12:28:45 +02:00 · 2024-08-17 12:28:45 +02:00 · 552d80dd9e
commit 552d80dd9e
parent 31227403d7
12 changed files with 202 additions and 16987 deletions
--- a/README.md
+++ b/README.md
@ -315,30 +315,6 @@ Category: *data-source* - source: *https://github.com/mitre/cti* - total: *40* e

 [[HTML](https://www.misp-galaxy.org/mitre-data-source)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-data-source.json)]

-## MITRE FiGHT Data Sources
-
-[MITRE FiGHT Data Sources](https://www.misp-galaxy.org/mitre-fight-datasources) - MITRE Five-G Hierarchy of Threats (FiGHT™) is a globally accessible knowledge base of adversary tactics and techniques that are used or could be used against 5G networks.
-
-Category: *data-source* - source: *https://fight.mitre.org/* - total: *63* elements
-
-[[HTML](https://www.misp-galaxy.org/mitre-fight-datasources)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-fight-datasources.json)]
-
-## MITRE FiGHT Mitigations
-
-[MITRE FiGHT Mitigations](https://www.misp-galaxy.org/mitre-fight-mitigations) - MITRE Five-G Hierarchy of Threats (FiGHT™) is a globally accessible knowledge base of adversary tactics and techniques that are used or could be used against 5G networks.
-
-Category: *mitigation* - source: *https://fight.mitre.org/* - total: *88* elements
-
-[[HTML](https://www.misp-galaxy.org/mitre-fight-mitigations)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-fight-mitigations.json)]
-
-## MITRE FiGHT Techniques
-
-[MITRE FiGHT Techniques](https://www.misp-galaxy.org/mitre-fight-techniques) - MITRE Five-G Hierarchy of Threats (FiGHT™) is a globally accessible knowledge base of adversary tactics and techniques that are used or could be used against 5G networks.
-
-Category: *attack-pattern* - source: *https://fight.mitre.org/* - total: *136* elements
-
-[[HTML](https://www.misp-galaxy.org/mitre-fight-techniques)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-fight-techniques.json)]
-
 ## Assets

 [Assets](https://www.misp-galaxy.org/mitre-ics-assets) - A list of asset categories that are commonly found in industrial control systems.
--- a/clusters/mitre-attack-pattern.json
+++ b/clusters/mitre-attack-pattern.json
--- a/clusters/mitre-fight-datasources.json
+++ b/clusters/mitre-fight-datasources.json
--- a/clusters/mitre-fight-mitigations.json
+++ b/clusters/mitre-fight-mitigations.json
--- a/clusters/mitre-fight-techniques.json
+++ b/clusters/mitre-fight-techniques.json
--- a/clusters/mitre-intrusion-set.json
+++ b/clusters/mitre-intrusion-set.json
@ -551,6 +551,7 @@
          "type": "revoked-by"
        }
      ],
+      "revoked": true,
      "uuid": "76d59913-1d24-4992-a8ac-05a3eb093f71",
      "value": "Dragonfly 2.0 - G0074"
    },
@ -4045,6 +4046,7 @@
          "type": "revoked-by"
        }
      ],
+      "revoked": true,
      "uuid": "92d5b3fd-3b39-438e-af68-770e447beada",
      "value": "Charming Kitten - G0058"
    },
@ -4515,6 +4517,7 @@
          "type": "revoked-by"
        }
      ],
+      "revoked": true,
      "uuid": "7a0d4c09-dfe7-4fa2-965a-1a0e42fedd70",
      "value": "Stolen Pencil - G0086"
    },
@ -13761,6 +13764,7 @@
          "type": "similar"
        }
      ],
+      "revoked": true,
      "uuid": "9559ecaf-2e75-48a7-aee8-9974020bc772",
      "value": "MONSOON - G0042"
    },
@ -14083,6 +14087,7 @@
          "type": "revoked-by"
        }
      ],
+      "revoked": true,
      "uuid": "68ba94ab-78b8-43e7-83e2-aed3466882c6",
      "value": "APT34 - G0057"
    },
@ -19098,6 +19103,7 @@
          "type": "revoked-by"
        }
      ],
+      "revoked": true,
      "uuid": "dc5e2999-ca1a-47d4-8d12-a6984b138a1b",
      "value": "UNC2452 - G0118"
    },
@ -21731,5 +21737,5 @@
      "value": "TeamTNT - G0139"
    }
  ],
-  "version": 34
+  "version": 35
 }
--- a/clusters/mitre-malware.json
+++ b/clusters/mitre-malware.json
@ -1027,8 +1027,8 @@
          "Windows"
        ],
        "refs": [
-          "http://www.secureworks.com/cyber-threat-intelligence/threats/The_Lifecycle_of_Peer_to_Peer_Gameover_ZeuS/",
-          "https://attack.mitre.org/software/S0016"
+          "https://attack.mitre.org/software/S0016",
+          "https://www.secureworks.com/research/The-Lifecycle-of-Peer-to-Peer-Gameover-ZeuS"
        ],
        "synonyms": [
          "P2P ZeuS",
@ -6661,6 +6661,7 @@
          "type": "revoked-by"
        }
      ],
+      "revoked": true,
      "uuid": "911fe4c3-444d-4e92-83b8-cc761ac5fd3b",
      "value": "Ngrok - S9000"
    },
@ -11971,6 +11972,7 @@
          "type": "revoked-by"
        }
      ],
+      "revoked": true,
      "uuid": "310f437b-29e7-4844-848c-7220868d074a",
      "value": "Darkmoon - S0209"
    },
@ -53303,5 +53305,5 @@
      "value": "Akira - S1129"
    }
  ],
-  "version": 33
+  "version": 34
 }
--- a/galaxies/mitre-fight-datasources.json
+++ b/galaxies/mitre-fight-datasources.json
@ -1,9 +0,0 @@
-{
-  "description": "MITRE Five-G Hierarchy of Threats (FiGHT™) is a globally accessible knowledge base of adversary tactics and techniques that are used or could be used against 5G networks.",
-  "icon": "bell",
-  "name": "MITRE FiGHT Data Sources",
-  "namespace": "mitre",
-  "type": "mitre-fight",
-  "uuid": "4ccc2400-55e4-42c2-bb8d-1d41883cef46",
-  "version": 1
-}
--- a/galaxies/mitre-fight-mitigations.json
+++ b/galaxies/mitre-fight-mitigations.json
@ -1,9 +0,0 @@
-{
-  "description": "MITRE Five-G Hierarchy of Threats (FiGHT™) is a globally accessible knowledge base of adversary tactics and techniques that are used or could be used against 5G networks.",
-  "icon": "shield-alt",
-  "name": "MITRE FiGHT Mitigations",
-  "namespace": "mitre",
-  "type": "mitre-fight",
-  "uuid": "bcd85ca5-5ed7-4536-bca6-d16fb51adf55",
-  "version": 1
-}
--- a/galaxies/mitre-fight-techniques.json
+++ b/galaxies/mitre-fight-techniques.json
@ -1,28 +0,0 @@
-{
-  "description": "MITRE Five-G Hierarchy of Threats (FiGHT™) is a globally accessible knowledge base of adversary tactics and techniques that are used or could be used against 5G networks.",
-  "icon": "map",
-  "kill_chain_order": {
-    "fight": [
-      "Reconnaissance",
-      "Resource-Development",
-      "Initial-Access",
-      "Execution",
-      "Persistence",
-      "Privilege-Escalation",
-      "Defense-Evasion",
-      "Credential-Access",
-      "Discovery",
-      "Lateral-Movement",
-      "Collection",
-      "Command-and-Control",
-      "Exfiltration",
-      "Impact",
-      "Fraud"
-    ]
-  },
-  "name": "MITRE FiGHT Techniques",
-  "namespace": "mitre",
-  "type": "mitre-fight",
-  "uuid": "c22c8c18-0ccd-4033-b2dd-804ad26af4b9",
-  "version": 1
-}
--- a/schema_clusters.json
+++ b/schema_clusters.json
@ -42,6 +42,9 @@
          "uuid": {
            "type": "string"
          },
+          "revoked": {
+            "type": "boolean"
+          },
          "related": {
            "type": "array",
            "additionalProperties": false,
--- a/tools/gen_mitre.py
+++ b/tools/gen_mitre.py
@ -175,8 +175,8 @@ for domain in domains:
            # handle deprecated and/or revoked
            # if 'x_mitre_deprecated' in item and item['x_mitre_deprecated']:
            #     value['deprecated'] = True
-            # if 'revoked' in item and item['revoked']:
-            #     value['revoked'] = True
+            if 'revoked' in item and item['revoked']:
+                value['revoked'] = True

            if 'external_references' in item:
                for reference in item['external_references']: