mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-22 23:07:19 +00:00
chg: [mapping] Generated automatic mapping between clusters
This commit is contained in:
parent
5478f0aa45
commit
88162aa44e
20 changed files with 7484 additions and 19 deletions
|
@ -84,6 +84,15 @@
|
||||||
"Invisble Man"
|
"Invisble Man"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "a33df440-f112-4a5e-a290-3c65dae6091d",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "426ead34-b3e6-45c7-ba22-5b8f3b8214bd",
|
"uuid": "426ead34-b3e6-45c7-ba22-5b8f3b8214bd",
|
||||||
"value": "Svpeng"
|
"value": "Svpeng"
|
||||||
},
|
},
|
||||||
|
@ -127,6 +136,15 @@
|
||||||
"http://blog.checkpoint.com/wp-content/uploads/2016/07/HummingBad-Research-report_FINAL-62916.pdf"
|
"http://blog.checkpoint.com/wp-content/uploads/2016/07/HummingBad-Research-report_FINAL-62916.pdf"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "c8770c81-c29f-40d2-a140-38544206b2b4",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "f5cacc72-f02a-42d1-a020-7a59650086bb",
|
"uuid": "f5cacc72-f02a-42d1-a020-7a59650086bb",
|
||||||
"value": "HummingBad"
|
"value": "HummingBad"
|
||||||
},
|
},
|
||||||
|
@ -227,6 +245,22 @@
|
||||||
"Bankosy"
|
"Bankosy"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "f8047de2-fefc-4ee0-825b-f1fae4b20c09",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "620981e8-49c8-486a-b30c-359702c8ffbc",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "3d3aa832-8847-47c5-9e31-ef13ab7ab6fb",
|
"uuid": "3d3aa832-8847-47c5-9e31-ef13ab7ab6fb",
|
||||||
"value": "GM Bot"
|
"value": "GM Bot"
|
||||||
},
|
},
|
||||||
|
@ -256,6 +290,29 @@
|
||||||
"Backdoor:Java/Adwind"
|
"Backdoor:Java/Adwind"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "b76d9845-815c-4e77-9538-6b737269da2f",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "ab4694d6-7043-41f2-b328-d93bec9c1b22",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "dadccdda-a4c2-4021-90b9-61a394e602be",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "ce1a9641-5bb8-4a61-990a-870e9ef36ac1",
|
"uuid": "ce1a9641-5bb8-4a61-990a-870e9ef36ac1",
|
||||||
"value": "Adwind"
|
"value": "Adwind"
|
||||||
},
|
},
|
||||||
|
@ -301,6 +358,15 @@
|
||||||
"https://www.symantec.com/security_response/writeup.jsp?docid=2015-101207-3555-99"
|
"https://www.symantec.com/security_response/writeup.jsp?docid=2015-101207-3555-99"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "c80a6bef-b3ce-44d0-b113-946e93124898",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "0c769e82-df28-4f65-97f5-7f3d88488f2e",
|
"uuid": "0c769e82-df28-4f65-97f5-7f3d88488f2e",
|
||||||
"value": "Kemoge"
|
"value": "Kemoge"
|
||||||
},
|
},
|
||||||
|
@ -682,6 +748,22 @@
|
||||||
"https://www.symantec.com/security_response/writeup.jsp?docid=2014-072316-5249-99"
|
"https://www.symantec.com/security_response/writeup.jsp?docid=2014-072316-5249-99"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "f8047de2-fefc-4ee0-825b-f1fae4b20c09",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "3d3aa832-8847-47c5-9e31-ef13ab7ab6fb",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "620981e8-49c8-486a-b30c-359702c8ffbc",
|
"uuid": "620981e8-49c8-486a-b30c-359702c8ffbc",
|
||||||
"value": "Bankosy"
|
"value": "Bankosy"
|
||||||
},
|
},
|
||||||
|
@ -2138,6 +2220,15 @@
|
||||||
"IcicleGum"
|
"IcicleGum"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "a5be6094-2d17-11e8-a5b1-ff153ed7d9c3",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "52c5f9b3-e9ed-4c86-b4a8-d4ebc68a4d7b",
|
"uuid": "52c5f9b3-e9ed-4c86-b4a8-d4ebc68a4d7b",
|
||||||
"value": "Igexin"
|
"value": "Igexin"
|
||||||
},
|
},
|
||||||
|
@ -3548,6 +3639,29 @@
|
||||||
"https://www.symantec.com/security_response/writeup.jsp?docid=2015-110509-4646-99"
|
"https://www.symantec.com/security_response/writeup.jsp?docid=2015-110509-4646-99"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "b76d9845-815c-4e77-9538-6b737269da2f",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "ab4694d6-7043-41f2-b328-d93bec9c1b22",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "ce1a9641-5bb8-4a61-990a-870e9ef36ac1",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "dadccdda-a4c2-4021-90b9-61a394e602be",
|
"uuid": "dadccdda-a4c2-4021-90b9-61a394e602be",
|
||||||
"value": "Sockrat"
|
"value": "Sockrat"
|
||||||
},
|
},
|
||||||
|
@ -3558,6 +3672,50 @@
|
||||||
"https://www.symantec.com/security_response/writeup.jsp?docid=2017-010508-5201-99"
|
"https://www.symantec.com/security_response/writeup.jsp?docid=2017-010508-5201-99"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "60c18d06-7b91-4742-bae3-647845cd9d81",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "1de47f51-1f20-403b-a2e1-5eaabe275faa",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "3948ce95-468e-4ce1-82b1-57439c6d6afd",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "8ae43c46-57ef-47d5-a77a-eebb35628db2",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729",
|
"uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729",
|
||||||
"value": "Sofacy"
|
"value": "Sofacy"
|
||||||
},
|
},
|
||||||
|
@ -4214,6 +4372,15 @@
|
||||||
"https://source.android.com/security/reports/Google_Android_Security_2017_Report_Final.pdf"
|
"https://source.android.com/security/reports/Google_Android_Security_2017_Report_Final.pdf"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "52c5f9b3-e9ed-4c86-b4a8-d4ebc68a4d7b",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "a5be6094-2d17-11e8-a5b1-ff153ed7d9c3",
|
"uuid": "a5be6094-2d17-11e8-a5b1-ff153ed7d9c3",
|
||||||
"value": "IcicleGum"
|
"value": "IcicleGum"
|
||||||
},
|
},
|
||||||
|
@ -4320,5 +4487,5 @@
|
||||||
"value": "Skygofree"
|
"value": "Skygofree"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 10
|
"version": 11
|
||||||
}
|
}
|
||||||
|
|
|
@ -20,6 +20,22 @@
|
||||||
"Zbot"
|
"Zbot"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "0ce448de-c2bb-4c6e-9ad7-c4030f02b4d7",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "e878d24d-f122-48c4-930c-f6b6d5f0ee28",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "f0ec2df5-2e38-4df3-970d-525352006f2e",
|
"uuid": "f0ec2df5-2e38-4df3-970d-525352006f2e",
|
||||||
"value": "Zeus"
|
"value": "Zeus"
|
||||||
},
|
},
|
||||||
|
@ -37,6 +53,15 @@
|
||||||
"Neverquest"
|
"Neverquest"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "e95dd1ba-7485-4c02-bf2e-14beedbcf053",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "f3813bbd-682c-400d-8165-778be6d3f91f",
|
"uuid": "f3813bbd-682c-400d-8165-778be6d3f91f",
|
||||||
"value": "Vawtrak"
|
"value": "Vawtrak"
|
||||||
},
|
},
|
||||||
|
@ -52,6 +77,22 @@
|
||||||
"Feodo Version D"
|
"Feodo Version D"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "276c2c2e-09da-44cf-a3f7-806b3feb41da",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "7ca93488-c357-44c3-b246-3f88391aca5a",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "44754726-e1d5-4e5f-a113-234c4a8ca65e",
|
"uuid": "44754726-e1d5-4e5f-a113-234c4a8ca65e",
|
||||||
"value": "Dridex"
|
"value": "Dridex"
|
||||||
},
|
},
|
||||||
|
@ -71,6 +112,15 @@
|
||||||
"Papras"
|
"Papras"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "75b01a1e-3269-4f4c-bdba-37af4e9c3f54",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "b9448d2a-a23c-4bf2-92a1-d860716ba2f3",
|
"uuid": "b9448d2a-a23c-4bf2-92a1-d860716ba2f3",
|
||||||
"value": "Gozi"
|
"value": "Gozi"
|
||||||
},
|
},
|
||||||
|
@ -259,6 +309,15 @@
|
||||||
"Dyreza"
|
"Dyreza"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "63c2a130-8a5b-452f-ad96-07cf0af12ffe",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "15e969e6-f031-4441-a49b-f401332e4b00",
|
"uuid": "15e969e6-f031-4441-a49b-f401332e4b00",
|
||||||
"value": "Dyre"
|
"value": "Dyre"
|
||||||
},
|
},
|
||||||
|
@ -278,6 +337,22 @@
|
||||||
"illi"
|
"illi"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "96b2b31e-b191-43c4-9929-48ba1cbee62c",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "75f53ead-1aee-4f91-8cb9-b4170d747cfc",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "5594b171-32ec-4145-b712-e7701effffdd",
|
"uuid": "5594b171-32ec-4145-b712-e7701effffdd",
|
||||||
"value": "Tinba"
|
"value": "Tinba"
|
||||||
},
|
},
|
||||||
|
@ -294,6 +369,15 @@
|
||||||
"Emotet"
|
"Emotet"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "3f7616bd-f1de-46ee-87c2-43c0c2edaa28",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "8e002f78-7fb8-4e70-afd7-0b4ac655be26",
|
"uuid": "8e002f78-7fb8-4e70-afd7-0b4ac655be26",
|
||||||
"value": "Geodo"
|
"value": "Geodo"
|
||||||
},
|
},
|
||||||
|
@ -311,6 +395,22 @@
|
||||||
"Cridex"
|
"Cridex"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "276c2c2e-09da-44cf-a3f7-806b3feb41da",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "44754726-e1d5-4e5f-a113-234c4a8ca65e",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "7ca93488-c357-44c3-b246-3f88391aca5a",
|
"uuid": "7ca93488-c357-44c3-b246-3f88391aca5a",
|
||||||
"value": "Feodo"
|
"value": "Feodo"
|
||||||
},
|
},
|
||||||
|
@ -325,6 +425,15 @@
|
||||||
"Nimnul"
|
"Nimnul"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "8ed81090-f098-4878-b87e-2d801b170759",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "7e2288ec-e7d4-4833-9245-a2bc5ae40ee2",
|
"uuid": "7e2288ec-e7d4-4833-9245-a2bc5ae40ee2",
|
||||||
"value": "Ramnit"
|
"value": "Ramnit"
|
||||||
},
|
},
|
||||||
|
@ -342,6 +451,22 @@
|
||||||
"Pinkslipbot"
|
"Pinkslipbot"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "ac2ff27d-a7cb-46fe-ae32-cfe571dc614d",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "6e1168e6-7768-4fa2-951f-6d6934531633",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "b2ec1f16-2a76-4910-adc5-ecb3570e7c1a",
|
"uuid": "b2ec1f16-2a76-4910-adc5-ecb3570e7c1a",
|
||||||
"value": "Qakbot"
|
"value": "Qakbot"
|
||||||
},
|
},
|
||||||
|
@ -376,6 +501,15 @@
|
||||||
"Xbot"
|
"Xbot"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "da21929e-40c0-443d-bdf4-6b60d15448b4",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "e683cd91-40b4-4e1c-be25-34a27610a22e",
|
"uuid": "e683cd91-40b4-4e1c-be25-34a27610a22e",
|
||||||
"value": "TinyNuke"
|
"value": "TinyNuke"
|
||||||
},
|
},
|
||||||
|
@ -542,6 +676,15 @@
|
||||||
"https://community.rsa.com/community/products/netwitness/blog/2017/12/08/gratefulpos-credit-card-stealing-malware-just-in-time-for-the-shopping-season"
|
"https://community.rsa.com/community/products/netwitness/blog/2017/12/08/gratefulpos-credit-card-stealing-malware-just-in-time-for-the-shopping-season"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "4cfe3f22-96b8-4d3d-a6cc-85835d9471e2",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "7d9362e5-e3cf-4640-88a2-3faf31952963",
|
"uuid": "7d9362e5-e3cf-4640-88a2-3faf31952963",
|
||||||
"value": "GratefulPOS"
|
"value": "GratefulPOS"
|
||||||
},
|
},
|
||||||
|
@ -687,5 +830,5 @@
|
||||||
"value": "Kronos"
|
"value": "Kronos"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 11
|
"version": 12
|
||||||
}
|
}
|
||||||
|
|
|
@ -48,6 +48,15 @@
|
||||||
"Kraken"
|
"Kraken"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "e721809b-2785-4ce3-b95a-7fde2762f736",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "7296f769-9bb7-474d-bbc7-5839f71d052a",
|
"uuid": "7296f769-9bb7-474d-bbc7-5839f71d052a",
|
||||||
"value": "Marina Botnet"
|
"value": "Marina Botnet"
|
||||||
},
|
},
|
||||||
|
@ -134,6 +143,22 @@
|
||||||
"https://en.wikipedia.org/wiki/Akbot"
|
"https://en.wikipedia.org/wiki/Akbot"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "ac2ff27d-a7cb-46fe-ae32-cfe571dc614d",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "b2ec1f16-2a76-4910-adc5-ecb3570e7c1a",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "6e1168e6-7768-4fa2-951f-6d6934531633",
|
"uuid": "6e1168e6-7768-4fa2-951f-6d6934531633",
|
||||||
"value": "Akbot"
|
"value": "Akbot"
|
||||||
},
|
},
|
||||||
|
@ -344,6 +369,15 @@
|
||||||
"Oficla"
|
"Oficla"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "b3ea33fd-eaa0-4bab-9bd0-12534c9aa987",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "65a30580-d542-4113-b00f-7fab98bd046c",
|
"uuid": "65a30580-d542-4113-b00f-7fab98bd046c",
|
||||||
"value": "BredoLab"
|
"value": "BredoLab"
|
||||||
},
|
},
|
||||||
|
@ -385,6 +419,15 @@
|
||||||
"Kracken"
|
"Kracken"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "7296f769-9bb7-474d-bbc7-5839f71d052a",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "e721809b-2785-4ce3-b95a-7fde2762f736",
|
"uuid": "e721809b-2785-4ce3-b95a-7fde2762f736",
|
||||||
"value": "Kraken"
|
"value": "Kraken"
|
||||||
},
|
},
|
||||||
|
@ -455,6 +498,22 @@
|
||||||
"Kneber"
|
"Kneber"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "0ce448de-c2bb-4c6e-9ad7-c4030f02b4d7",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "f0ec2df5-2e38-4df3-970d-525352006f2e",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "e878d24d-f122-48c4-930c-f6b6d5f0ee28",
|
"uuid": "e878d24d-f122-48c4-930c-f6b6d5f0ee28",
|
||||||
"value": "Zeus"
|
"value": "Zeus"
|
||||||
},
|
},
|
||||||
|
@ -480,6 +539,15 @@
|
||||||
"https://en.wikipedia.org/wiki/Botnet"
|
"https://en.wikipedia.org/wiki/Botnet"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "7e2288ec-e7d4-4833-9245-a2bc5ae40ee2",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "8ed81090-f098-4878-b87e-2d801b170759",
|
"uuid": "8ed81090-f098-4878-b87e-2d801b170759",
|
||||||
"value": "Ramnit"
|
"value": "Ramnit"
|
||||||
},
|
},
|
||||||
|
@ -514,6 +582,15 @@
|
||||||
"https://en.wikipedia.org/wiki/Mirai_(malware)"
|
"https://en.wikipedia.org/wiki/Mirai_(malware)"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "dcbf1aaa-1fdd-4bfc-a35e-145ffdfb5ac5",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "fcdfd4af-da35-49a8-9610-19be8a487185",
|
"uuid": "fcdfd4af-da35-49a8-9610-19be8a487185",
|
||||||
"value": "Mirai"
|
"value": "Mirai"
|
||||||
},
|
},
|
||||||
|
@ -538,6 +615,15 @@
|
||||||
"Okiru"
|
"Okiru"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "1ad4697b-3388-48ed-8621-85abebf5dbbf",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "e77cf495-632a-4459-aad1-cdf29d73683f",
|
"uuid": "e77cf495-632a-4459-aad1-cdf29d73683f",
|
||||||
"value": "Satori"
|
"value": "Satori"
|
||||||
},
|
},
|
||||||
|
@ -653,6 +739,15 @@
|
||||||
"Mad Max"
|
"Mad Max"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "d3d56dd0-3409-470a-958b-a865fdd158f9",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "7a6fcec7-3408-4371-907b-cbf8fc931b66",
|
"uuid": "7a6fcec7-3408-4371-907b-cbf8fc931b66",
|
||||||
"value": "Madmax"
|
"value": "Madmax"
|
||||||
},
|
},
|
||||||
|
@ -707,5 +802,5 @@
|
||||||
"value": "Bamital"
|
"value": "Bamital"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 8
|
"version": 9
|
||||||
}
|
}
|
||||||
|
|
|
@ -233,6 +233,22 @@
|
||||||
"3ROS Exploit Kit"
|
"3ROS Exploit Kit"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "75f53ead-1aee-4f91-8cb9-b4170d747cfc",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "5594b171-32ec-4145-b712-e7701effffdd",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "96b2b31e-b191-43c4-9929-48ba1cbee62c",
|
"uuid": "96b2b31e-b191-43c4-9929-48ba1cbee62c",
|
||||||
"value": "Hunter"
|
"value": "Hunter"
|
||||||
},
|
},
|
||||||
|
@ -291,6 +307,15 @@
|
||||||
"BHEK"
|
"BHEK"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "2ea1f494-cf18-49fb-a043-36555131dd7c",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "e6201dc3-01a7-40c5-ba72-02fa470ada53",
|
"uuid": "e6201dc3-01a7-40c5-ba72-02fa470ada53",
|
||||||
"value": "BlackHole"
|
"value": "BlackHole"
|
||||||
},
|
},
|
||||||
|
@ -354,6 +379,15 @@
|
||||||
"RIG-E"
|
"RIG-E"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "525ce93a-76a1-441a-9c45-0eac64d0ed12",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "6eb15569-4ddd-4820-9a44-7bca5b303b86",
|
"uuid": "6eb15569-4ddd-4820-9a44-7bca5b303b86",
|
||||||
"value": "Empire"
|
"value": "Empire"
|
||||||
},
|
},
|
||||||
|
@ -671,5 +705,5 @@
|
||||||
"value": "Unknown"
|
"value": "Unknown"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 7
|
"version": 8
|
||||||
}
|
}
|
||||||
|
|
|
@ -15,6 +15,22 @@
|
||||||
"https://blogs.technet.microsoft.com/mmpc/2016/12/14/twin-zero-day-attacks-promethium-and-neodymium-target-individuals-in-europe/"
|
"https://blogs.technet.microsoft.com/mmpc/2016/12/14/twin-zero-day-attacks-promethium-and-neodymium-target-individuals-in-europe/"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "efed95ba-d7e8-47ff-8c53-99c42426ee7c",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "43894e2a-174e-4931-94a8-2296afe8f650",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "5744f91a-d2d8-4f92-920f-943dd80c578f",
|
"uuid": "5744f91a-d2d8-4f92-920f-943dd80c578f",
|
||||||
"value": "PROMETHIUM"
|
"value": "PROMETHIUM"
|
||||||
},
|
},
|
||||||
|
@ -25,6 +41,22 @@
|
||||||
"https://blogs.technet.microsoft.com/mmpc/2016/12/14/twin-zero-day-attacks-promethium-and-neodymium-target-individuals-in-europe/"
|
"https://blogs.technet.microsoft.com/mmpc/2016/12/14/twin-zero-day-attacks-promethium-and-neodymium-target-individuals-in-europe/"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "025bdaa9-897d-4bad-afa6-013ba5734653",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "ada08ea8-4517-4eea-aff1-3ad69e5466bb",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "47b5007a-3fb1-466a-9578-629e6e735493",
|
"uuid": "47b5007a-3fb1-466a-9578-629e6e735493",
|
||||||
"value": "NEODYMIUM"
|
"value": "NEODYMIUM"
|
||||||
},
|
},
|
||||||
|
@ -35,6 +67,15 @@
|
||||||
"https://blogs.technet.microsoft.com/mmpc/2016/12/09/windows-10-protection-detection-and-response-against-recent-attacks/"
|
"https://blogs.technet.microsoft.com/mmpc/2016/12/09/windows-10-protection-detection-and-response-against-recent-attacks/"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "46670c51-fea4-45d6-bdd4-62e85a5c7404",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "99784b80-6298-45ba-885c-0ed37bfd8324",
|
"uuid": "99784b80-6298-45ba-885c-0ed37bfd8324",
|
||||||
"value": "TERBIUM"
|
"value": "TERBIUM"
|
||||||
},
|
},
|
||||||
|
@ -60,6 +101,22 @@
|
||||||
"Grey-Cloud"
|
"Grey-Cloud"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "5b4ee3ea-eee3-4c8e-8323-85ae32658754",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "213cdde9-c11a-4ea9-8ce0-c868e9826fec",
|
"uuid": "213cdde9-c11a-4ea9-8ce0-c868e9826fec",
|
||||||
"value": "STRONTIUM"
|
"value": "STRONTIUM"
|
||||||
},
|
},
|
||||||
|
@ -76,6 +133,15 @@
|
||||||
"darkhotel"
|
"darkhotel"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "b8c8b96d-61e6-47b1-8e38-fd8ad5d9854d",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "b56af6ab-69f8-457a-bf50-c3aefa6dc14a",
|
"uuid": "b56af6ab-69f8-457a-bf50-c3aefa6dc14a",
|
||||||
"value": "DUBNIUM"
|
"value": "DUBNIUM"
|
||||||
},
|
},
|
||||||
|
@ -87,6 +153,22 @@
|
||||||
"http://download.microsoft.com/download/2/2/5/225BFE3E-E1DE-4F5B-A77B-71200928D209/Platinum%20feature%20article%20-%20Targeted%20attacks%20in%20South%20and%20Southeast%20Asia%20April%202016.pdf"
|
"http://download.microsoft.com/download/2/2/5/225BFE3E-E1DE-4F5B-A77B-71200928D209/Platinum%20feature%20article%20-%20Targeted%20attacks%20in%20South%20and%20Southeast%20Asia%20April%202016.pdf"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "f9c06633-dcff-48a1-8588-759e7cec5694",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "1fc5671f-5757-43bf-8d6d-a9a93b03713a",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "154e97b5-47ef-415a-99a6-2157f1b50339",
|
"uuid": "154e97b5-47ef-415a-99a6-2157f1b50339",
|
||||||
"value": "PLATINUM"
|
"value": "PLATINUM"
|
||||||
},
|
},
|
||||||
|
@ -121,5 +203,5 @@
|
||||||
"value": "ZIRCONIUM"
|
"value": "ZIRCONIUM"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 3
|
"version": 4
|
||||||
}
|
}
|
||||||
|
|
File diff suppressed because it is too large
Load diff
File diff suppressed because it is too large
Load diff
|
@ -21,6 +21,15 @@
|
||||||
"Winexe"
|
"Winexe"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "811bdec0-e236-48ae-b27c-1a8fe0bfc3a9",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "96fd6cc4-a693-4118-83ec-619e5352d07d",
|
"uuid": "96fd6cc4-a693-4118-83ec-619e5352d07d",
|
||||||
"value": "Winexe - S0191"
|
"value": "Winexe - S0191"
|
||||||
},
|
},
|
||||||
|
@ -176,6 +185,15 @@
|
||||||
"Mimikatz"
|
"Mimikatz"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "7f3a035d-d83a-45b8-8111-412aa8ade802",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60",
|
"uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60",
|
||||||
"value": "Mimikatz - S0002"
|
"value": "Mimikatz - S0002"
|
||||||
},
|
},
|
||||||
|
@ -518,6 +536,15 @@
|
||||||
"PsExec"
|
"PsExec"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "6dd05630-9bd8-11e8-a8b9-47ce338a4367",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db",
|
"uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db",
|
||||||
"value": "PsExec - S0029"
|
"value": "PsExec - S0029"
|
||||||
},
|
},
|
||||||
|
@ -534,6 +561,15 @@
|
||||||
"certutil.exe"
|
"certutil.exe"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "3e205e84-9f90-4b4b-8896-c82189936a15",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "0a68f1f1-da74-4d28-8d9a-696c082706cc",
|
"uuid": "0a68f1f1-da74-4d28-8d9a-696c082706cc",
|
||||||
"value": "certutil - S0160"
|
"value": "certutil - S0160"
|
||||||
},
|
},
|
||||||
|
@ -662,6 +698,15 @@
|
||||||
"Pupy"
|
"Pupy"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "bdb420be-5882-41c8-b439-02bbef69d83f",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "cb69b20d-56d0-41ab-8440-4a4b251614d4",
|
"uuid": "cb69b20d-56d0-41ab-8440-4a4b251614d4",
|
||||||
"value": "Pupy - S0192"
|
"value": "Pupy - S0192"
|
||||||
},
|
},
|
||||||
|
@ -692,6 +737,22 @@
|
||||||
"Cobalt Strike"
|
"Cobalt Strike"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "ca44dd5e-fd9e-48b5-99cb-0b2629b9265f",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "3da22160-12d9-4d27-a99f-338e8de3844a",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "aafea02e-ece5-4bb2-91a6-3bf8c7f38a39",
|
"uuid": "aafea02e-ece5-4bb2-91a6-3bf8c7f38a39",
|
||||||
"value": "Cobalt Strike - S0154"
|
"value": "Cobalt Strike - S0154"
|
||||||
},
|
},
|
||||||
|
@ -711,5 +772,5 @@
|
||||||
"value": "Invoke-PSImage - S0231"
|
"value": "Invoke-PSImage - S0231"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 4
|
"version": 5
|
||||||
}
|
}
|
||||||
|
|
|
@ -20,6 +20,15 @@
|
||||||
],
|
],
|
||||||
"uuid": "7ecc3b4f-5cdb-457e-b55a-df376b359446"
|
"uuid": "7ecc3b4f-5cdb-457e-b55a-df376b359446"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "5fc09923-fcff-4e81-9cae-4518ef31cf4d",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "Poseidon Group"
|
"value": "Poseidon Group"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -49,6 +58,15 @@
|
||||||
],
|
],
|
||||||
"uuid": "fe98767f-9df8-42b9-83c9-004b1dec8647"
|
"uuid": "fe98767f-9df8-42b9-83c9-004b1dec8647"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "4d37813c-b8e9-4e58-a758-03168d8aa189",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "PittyTiger"
|
"value": "PittyTiger"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -63,6 +81,15 @@
|
||||||
],
|
],
|
||||||
"uuid": "16ade1aa-0ea1-4bb7-88cc-9079df2ae756"
|
"uuid": "16ade1aa-0ea1-4bb7-88cc-9079df2ae756"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "ac4bce1f-b3ec-4c44-bd36-b6cc986b319b",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "admin@338"
|
"value": "admin@338"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -116,6 +143,22 @@
|
||||||
],
|
],
|
||||||
"uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c"
|
"uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "213cdde9-c11a-4ea9-8ce0-c868e9826fec",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "5b4ee3ea-eee3-4c8e-8323-85ae32658754",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "APT28"
|
"value": "APT28"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -133,6 +176,22 @@
|
||||||
],
|
],
|
||||||
"uuid": "c5947e1c-1cbc-434c-94b8-27c7e3be0fff"
|
"uuid": "c5947e1c-1cbc-434c-94b8-27c7e3be0fff"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "24110866-cb22-4c85-a7d2-0413e126694b",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "090242d7-73fc-4738-af68-20162f7a5aae",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "Winnti Group"
|
"value": "Winnti Group"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -155,6 +214,22 @@
|
||||||
],
|
],
|
||||||
"uuid": "a653431d-6a5e-4600-8ad3-609b5af57064"
|
"uuid": "a653431d-6a5e-4600-8ad3-609b5af57064"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "066d25c1-71bd-4bd4-8ca7-edbba00063f4",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "0286e80e-b0ed-464f-ad62-beec8536d0cb",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "Deep Panda"
|
"value": "Deep Panda"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -171,6 +246,15 @@
|
||||||
],
|
],
|
||||||
"uuid": "df71bb3b-813c-45eb-a8bc-f2a419837411"
|
"uuid": "df71bb3b-813c-45eb-a8bc-f2a419837411"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "f7c2e501-73b1-400f-a5d9-2e2e07b7dfde",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "Molerats"
|
"value": "Molerats"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -187,6 +271,15 @@
|
||||||
],
|
],
|
||||||
"uuid": "277d2f87-2ae5-4730-a3aa-50c1fdff9656"
|
"uuid": "277d2f87-2ae5-4730-a3aa-50c1fdff9656"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "f3179cfb-9c86-4980-bd6b-e4fa74adaaa7",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "Strider"
|
"value": "Strider"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -203,6 +296,29 @@
|
||||||
],
|
],
|
||||||
"uuid": "381fcf73-60f6-4ab2-9991-6af3cbc35192"
|
"uuid": "381fcf73-60f6-4ab2-9991-6af3cbc35192"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "f512de42-f76b-40d2-9923-59e7dbdfec35",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "b47250ec-2094-4d06-b658-11456e05fe89",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "feac86e4-6bb2-4ba0-ac99-806aeb0a776c",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "Sandworm Team"
|
"value": "Sandworm Team"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -217,6 +333,15 @@
|
||||||
],
|
],
|
||||||
"uuid": "2a7914cf-dff3-428d-ab0f-1014d1c28aeb"
|
"uuid": "2a7914cf-dff3-428d-ab0f-1014d1c28aeb"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "647894f6-1723-4cba-aba4-0ef0966d5302",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "FIN6"
|
"value": "FIN6"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -231,6 +356,15 @@
|
||||||
],
|
],
|
||||||
"uuid": "ae41895a-243f-4a65-b99b-d85022326c31"
|
"uuid": "ae41895a-243f-4a65-b99b-d85022326c31"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "9e71024e-817f-45b0-92a0-d886c30bc929",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "Dust Storm"
|
"value": "Dust Storm"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -248,6 +382,71 @@
|
||||||
],
|
],
|
||||||
"uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063"
|
"uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "11e17436-6ede-4733-8547-4ce0254ea19e",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "86724806-7ec9-4a48-a0a7-ecbde3bf4810",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "42be2a84-5a5c-4c6d-9864-3f09d75bb0ba",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "d56c99fa-4710-472c-81a6-41b7a84ea4be",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "a0082cfa-32e2-42b8-92d8-5c7a7409dcf1",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "ba724df5-9aa0-45ca-8e0e-7101c208ae48",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "f98bac6b-12fd-4cad-be84-c84666932232",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "f873db71-3d53-41d5-b141-530675ade27a",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "Cleaver"
|
"value": "Cleaver"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -266,6 +465,15 @@
|
||||||
],
|
],
|
||||||
"uuid": "c47f937f-1022-4f42-8525-e7a4779a14cb"
|
"uuid": "c47f937f-1022-4f42-8525-e7a4779a14cb"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "48146604-6693-4db1-bd94-159744726514",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "APT12"
|
"value": "APT12"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -280,6 +488,15 @@
|
||||||
],
|
],
|
||||||
"uuid": "2e5d3a83-fe00-41a5-9b60-237efc84832f"
|
"uuid": "2e5d3a83-fe00-41a5-9b60-237efc84832f"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "a9b44750-992c-4743-8922-129880d277ea",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "Moafee"
|
"value": "Moafee"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -298,6 +515,29 @@
|
||||||
],
|
],
|
||||||
"uuid": "fb366179-766c-4a4a-afa1-52bff1fd601c"
|
"uuid": "fb366179-766c-4a4a-afa1-52bff1fd601c"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "834e0acd-d92a-4e38-bb14-dc4159d7cb32",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "f1b9f7d6-6ab1-404b-91a6-a1ed1845c045",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "4af45fea-72d3-11e8-846c-d37699506c8d",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "Threat Group-3390"
|
"value": "Threat Group-3390"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -314,6 +554,15 @@
|
||||||
],
|
],
|
||||||
"uuid": "f3bdec95-3d62-42d9-a840-29630f6cdc1a"
|
"uuid": "f3bdec95-3d62-42d9-a840-29630f6cdc1a"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "a9b44750-992c-4743-8922-129880d277ea",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "DragonOK"
|
"value": "DragonOK"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -331,6 +580,15 @@
|
||||||
],
|
],
|
||||||
"uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662"
|
"uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "1cb7e1cc-d695-42b1-92f4-fd0112a3c9be",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "APT1"
|
"value": "APT1"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -359,6 +617,15 @@
|
||||||
],
|
],
|
||||||
"uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8"
|
"uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "b3714d59-b61e-4713-903a-9b4f04ae7f3d",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "Night Dragon"
|
"value": "Night Dragon"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -375,6 +642,29 @@
|
||||||
],
|
],
|
||||||
"uuid": "2a158b0a-7ef8-43cb-9985-bf34d1e12050"
|
"uuid": "2a158b0a-7ef8-43cb-9985-bf34d1e12050"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "2f1fd017-9df6-4759-91fb-e7039609b5ff",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "5e0a7cf2-6107-4d5f-9dd0-9df38b1fcba8",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "f26144c5-8593-4e78-831a-11f6452d809b",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "Naikon"
|
"value": "Naikon"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -406,6 +696,22 @@
|
||||||
],
|
],
|
||||||
"uuid": "17862c7d-9e60-48a0-b48e-da4dc4c3f6b0"
|
"uuid": "17862c7d-9e60-48a0-b48e-da4dc4c3f6b0"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "9559ecaf-2e75-48a7-aee8-9974020bc772",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "18d473a5-831b-47a5-97a1-a32156299825",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "Patchwork"
|
"value": "Patchwork"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -421,6 +727,29 @@
|
||||||
],
|
],
|
||||||
"uuid": "f047ee18-7985-4946-8bfb-4ed754d3a0dd"
|
"uuid": "f047ee18-7985-4946-8bfb-4ed754d3a0dd"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "2f1fd017-9df6-4759-91fb-e7039609b5ff",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "5e0a7cf2-6107-4d5f-9dd0-9df38b1fcba8",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "f26144c5-8593-4e78-831a-11f6452d809b",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "APT30"
|
"value": "APT30"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -437,6 +766,22 @@
|
||||||
],
|
],
|
||||||
"uuid": "9559ecaf-2e75-48a7-aee8-9974020bc772"
|
"uuid": "9559ecaf-2e75-48a7-aee8-9974020bc772"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "17862c7d-9e60-48a0-b48e-da4dc4c3f6b0",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "18d473a5-831b-47a5-97a1-a32156299825",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "MONSOON"
|
"value": "MONSOON"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -452,6 +797,36 @@
|
||||||
],
|
],
|
||||||
"uuid": "090242d7-73fc-4738-af68-20162f7a5aae"
|
"uuid": "090242d7-73fc-4738-af68-20162f7a5aae"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "c5947e1c-1cbc-434c-94b8-27c7e3be0fff",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "24110866-cb22-4c85-a7d2-0413e126694b",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "99e30d89-9361-4b73-a999-9e5ff9320bcb",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "a0cb9370-e39b-44d5-9f50-ef78e412b973",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "APT17"
|
"value": "APT17"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -467,6 +842,15 @@
|
||||||
],
|
],
|
||||||
"uuid": "3753cc21-2dae-4dfb-8481-d004e74502cc"
|
"uuid": "3753cc21-2dae-4dfb-8481-d004e74502cc"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "00220228-a5a4-4032-a30d-826bb55aa3fb",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "FIN7"
|
"value": "FIN7"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -490,6 +874,15 @@
|
||||||
],
|
],
|
||||||
"uuid": "0bbdf25b-30ff-4894-a1cd-49260d0dd2d9"
|
"uuid": "0bbdf25b-30ff-4894-a1cd-49260d0dd2d9"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "d144c83e-2302-4947-9e24-856fbf7949ae",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "APT3"
|
"value": "APT3"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -504,6 +897,15 @@
|
||||||
],
|
],
|
||||||
"uuid": "0ea72cd5-ca30-46ba-bc04-378f701c658f"
|
"uuid": "0ea72cd5-ca30-46ba-bc04-378f701c658f"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "d93889de-b4bc-4a29-9ce7-d67717c140a0",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "GCMAN"
|
"value": "GCMAN"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -521,6 +923,22 @@
|
||||||
],
|
],
|
||||||
"uuid": "c93fccb1-e8e8-42cf-ae33-2ad1d183913a"
|
"uuid": "c93fccb1-e8e8-42cf-ae33-2ad1d183913a"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "68391641-859f-4a9a-9a1e-3e5cf71ec376",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "027a1428-6e79-4a4b-82b9-e698e8525c2b",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "Lazarus Group"
|
"value": "Lazarus Group"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -537,6 +955,15 @@
|
||||||
],
|
],
|
||||||
"uuid": "88b7dbc2-32d3-4e31-af2f-3fc24e1582d7"
|
"uuid": "88b7dbc2-32d3-4e31-af2f-3fc24e1582d7"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "32fafa69-fe3c-49db-afd4-aac2664bcf0d",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "Lotus Blossom"
|
"value": "Lotus Blossom"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -582,6 +1009,29 @@
|
||||||
],
|
],
|
||||||
"uuid": "b96e02f1-4037-463f-b158-5a964352f8d9"
|
"uuid": "b96e02f1-4037-463f-b158-5a964352f8d9"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "4ca1929c-7d64-4aab-b849-badbfc0c760d",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "42be2a84-5a5c-4c6d-9864-3f09d75bb0ba",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "a0082cfa-32e2-42b8-92d8-5c7a7409dcf1",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "OilRig"
|
"value": "OilRig"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -597,6 +1047,15 @@
|
||||||
],
|
],
|
||||||
"uuid": "1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1"
|
"uuid": "1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "64d6559c-6d5c-4585-bbf9-c17868f763ee",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "Dragonfly"
|
"value": "Dragonfly"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -611,6 +1070,15 @@
|
||||||
],
|
],
|
||||||
"uuid": "5cbe0d3b-6fb1-471f-b591-4b192915116d"
|
"uuid": "5cbe0d3b-6fb1-471f-b591-4b192915116d"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "5abb12e7-5066-4f84-a109-49a037205c76",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "Suckfly"
|
"value": "Suckfly"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -625,6 +1093,15 @@
|
||||||
],
|
],
|
||||||
"uuid": "894aab42-3371-47b1-8859-a4a074c804c8"
|
"uuid": "894aab42-3371-47b1-8859-a4a074c804c8"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "dab75e38-6969-4e78-9304-dc269c3cbcf0",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "Stealth Falcon"
|
"value": "Stealth Falcon"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -639,6 +1116,15 @@
|
||||||
],
|
],
|
||||||
"uuid": "c5574ca0-d5a4-490a-b207-e4658e5fd1d7"
|
"uuid": "c5574ca0-d5a4-490a-b207-e4658e5fd1d7"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "0da10682-85c6-4c0b-bace-ba1f7adfb63e",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "Scarlet Mimic"
|
"value": "Scarlet Mimic"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -669,6 +1155,22 @@
|
||||||
],
|
],
|
||||||
"uuid": "7a19ecb1-3c65-4de3-a230-993516aed6a6"
|
"uuid": "7a19ecb1-3c65-4de3-a230-993516aed6a6"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "fa80877c-f509-4daf-8b62-20aba1635f68",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "c097471c-2405-4393-b6d7-afbcb5f0cd11",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "Turla"
|
"value": "Turla"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -686,6 +1188,15 @@
|
||||||
],
|
],
|
||||||
"uuid": "899ce53f-13a0-479b-a0e4-67d46e241542"
|
"uuid": "899ce53f-13a0-479b-a0e4-67d46e241542"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "b2056ff0-00b9-482e-b11c-c771daa5f28a",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "APT29"
|
"value": "APT29"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -700,6 +1211,15 @@
|
||||||
],
|
],
|
||||||
"uuid": "6c74fda2-bb04-40bd-a166-8c2d4b952d33"
|
"uuid": "6c74fda2-bb04-40bd-a166-8c2d4b952d33"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "fbe9387f-34e6-4828-ac28-3080020c597b",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "FIN10"
|
"value": "FIN10"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -722,6 +1242,15 @@
|
||||||
],
|
],
|
||||||
"uuid": "222fbd21-fc4f-4b7e-9f85-0e6e3a76c33f"
|
"uuid": "222fbd21-fc4f-4b7e-9f85-0e6e3a76c33f"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "56b37b05-72e7-4a89-ba8a-61ce45269a8c",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "menuPass"
|
"value": "menuPass"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -738,6 +1267,15 @@
|
||||||
],
|
],
|
||||||
"uuid": "5ce5392a-3a6c-4e07-9df3-9b6a9159ac45"
|
"uuid": "5ce5392a-3a6c-4e07-9df3-9b6a9159ac45"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "0ca45163-e223-4167-b1af-f088ed14a93d",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "Putter Panda"
|
"value": "Putter Panda"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -756,6 +1294,22 @@
|
||||||
],
|
],
|
||||||
"uuid": "a0cb9370-e39b-44d5-9f50-ef78e412b973"
|
"uuid": "a0cb9370-e39b-44d5-9f50-ef78e412b973"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "24110866-cb22-4c85-a7d2-0413e126694b",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "090242d7-73fc-4738-af68-20162f7a5aae",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "Axiom"
|
"value": "Axiom"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -771,6 +1325,15 @@
|
||||||
],
|
],
|
||||||
"uuid": "55033a4d-3ffe-46b2-99b4-2c1541e9ce1c"
|
"uuid": "55033a4d-3ffe-46b2-99b4-2c1541e9ce1c"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "00220228-a5a4-4032-a30d-826bb55aa3fb",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "Carbanak"
|
"value": "Carbanak"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -788,6 +1351,29 @@
|
||||||
],
|
],
|
||||||
"uuid": "38fd6a28-3353-4f2b-bb2b-459fecd5c648"
|
"uuid": "38fd6a28-3353-4f2b-bb2b-459fecd5c648"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "9a683d9c-8f7d-43df-bba2-ad0ca71e277c",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "2fb07fa4-0d7f-43c7-8ff4-b28404313fe7",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "8e28dbee-4e9e-4491-9a6c-ee9c9ec4b28b",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "APT18"
|
"value": "APT18"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -803,6 +1389,22 @@
|
||||||
],
|
],
|
||||||
"uuid": "7e5a571f-dee2-4cae-a960-f8ab8a8fb1cf"
|
"uuid": "7e5a571f-dee2-4cae-a960-f8ab8a8fb1cf"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "247cb30b-955f-42eb-97a5-a89fef69341e",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "aa29ae56-e54b-47a2-ad16-d3ab0242d5d7",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "APT32"
|
"value": "APT32"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -817,8 +1419,17 @@
|
||||||
],
|
],
|
||||||
"uuid": "2e290bfe-93b5-48ce-97d6-edcd6d32b7cf"
|
"uuid": "2e290bfe-93b5-48ce-97d6-edcd6d32b7cf"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "1a77e156-76bc-43f5-bdd7-bd67f30fbbbb",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "Gamaredon Group"
|
"value": "Gamaredon Group"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 6
|
"version": 7
|
||||||
}
|
}
|
||||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -30,9 +30,53 @@
|
||||||
"TG-4127"
|
"TG-4127"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "8ae43c46-57ef-47d5-a77a-eebb35628db2",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "1de47f51-1f20-403b-a2e1-5eaabe275faa",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "3948ce95-468e-4ce1-82b1-57439c6d6afd",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "60c18d06-7b91-4742-bae3-647845cd9d81",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
|
"uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
|
||||||
"value": "APT28 - G0007"
|
"value": "APT28 - G0007"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 3
|
"version": 4
|
||||||
}
|
}
|
||||||
|
|
|
@ -98,6 +98,15 @@
|
||||||
"Kemoge"
|
"Kemoge"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "0c769e82-df28-4f65-97f5-7f3d88488f2e",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "c80a6bef-b3ce-44d0-b113-946e93124898",
|
"uuid": "c80a6bef-b3ce-44d0-b113-946e93124898",
|
||||||
"value": "Shedun - MOB-S0010"
|
"value": "Shedun - MOB-S0010"
|
||||||
},
|
},
|
||||||
|
@ -145,6 +154,15 @@
|
||||||
"Pegasus"
|
"Pegasus"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "9d7c772b-43f1-49cf-bc70-7a7cd2ed34c8",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "33d9d91d-aad9-49d5-a516-220ce101ac8a",
|
"uuid": "33d9d91d-aad9-49d5-a516-220ce101ac8a",
|
||||||
"value": "Pegasus - MOB-S0005"
|
"value": "Pegasus - MOB-S0005"
|
||||||
},
|
},
|
||||||
|
@ -175,6 +193,15 @@
|
||||||
"HummingBad"
|
"HummingBad"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "f5cacc72-f02a-42d1-a020-7a59650086bb",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "c8770c81-c29f-40d2-a140-38544206b2b4",
|
"uuid": "c8770c81-c29f-40d2-a140-38544206b2b4",
|
||||||
"value": "HummingBad - MOB-S0038"
|
"value": "HummingBad - MOB-S0038"
|
||||||
},
|
},
|
||||||
|
@ -205,6 +232,15 @@
|
||||||
"Dendroid"
|
"Dendroid"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "ea3a8c25-4adb-4538-bf11-55259bdba15f",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "317a2c10-d489-431e-b6b2-f0251fddc88e",
|
"uuid": "317a2c10-d489-431e-b6b2-f0251fddc88e",
|
||||||
"value": "Dendroid - MOB-S0017"
|
"value": "Dendroid - MOB-S0017"
|
||||||
},
|
},
|
||||||
|
@ -356,6 +392,29 @@
|
||||||
"X-Agent"
|
"X-Agent"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "ccd61dfc-b03f-4689-8c18-7c97eab08472",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "0a32ceea-fa66-47ab-8bde-150dbd6d2e40",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "3e2c99f9-66cd-48be-86e9-d7c1c164d87c",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "56660521-6db4-4e5a-a927-464f22954b7c",
|
"uuid": "56660521-6db4-4e5a-a927-464f22954b7c",
|
||||||
"value": "X-Agent - MOB-S0030"
|
"value": "X-Agent - MOB-S0030"
|
||||||
},
|
},
|
||||||
|
@ -522,6 +581,15 @@
|
||||||
"Chrysaor"
|
"Chrysaor"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "9d7c772b-43f1-49cf-bc70-7a7cd2ed34c8",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "93799a9d-3537-43d8-b6f4-17215de1657c",
|
"uuid": "93799a9d-3537-43d8-b6f4-17215de1657c",
|
||||||
"value": "Pegasus for Android - MOB-S0032"
|
"value": "Pegasus for Android - MOB-S0032"
|
||||||
},
|
},
|
||||||
|
@ -542,5 +610,5 @@
|
||||||
"value": "XcodeGhost - MOB-S0013"
|
"value": "XcodeGhost - MOB-S0013"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 3
|
"version": 4
|
||||||
}
|
}
|
||||||
|
|
|
@ -20,9 +20,18 @@
|
||||||
"Xbot"
|
"Xbot"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "e683cd91-40b4-4e1c-be25-34a27610a22e",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "da21929e-40c0-443d-bdf4-6b60d15448b4",
|
"uuid": "da21929e-40c0-443d-bdf4-6b60d15448b4",
|
||||||
"value": "Xbot - MOB-S0014"
|
"value": "Xbot - MOB-S0014"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 3
|
"version": 4
|
||||||
}
|
}
|
||||||
|
|
|
@ -45,6 +45,22 @@
|
||||||
"TG-4127"
|
"TG-4127"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "213cdde9-c11a-4ea9-8ce0-c868e9826fec",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "5b4ee3ea-eee3-4c8e-8323-85ae32658754",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
|
"uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
|
||||||
"value": "APT28 - G0007"
|
"value": "APT28 - G0007"
|
||||||
},
|
},
|
||||||
|
@ -63,6 +79,71 @@
|
||||||
"Threat Group 2889"
|
"Threat Group 2889"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "11e17436-6ede-4733-8547-4ce0254ea19e",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "86724806-7ec9-4a48-a0a7-ecbde3bf4810",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "42be2a84-5a5c-4c6d-9864-3f09d75bb0ba",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "d56c99fa-4710-472c-81a6-41b7a84ea4be",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "a0082cfa-32e2-42b8-92d8-5c7a7409dcf1",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "ba724df5-9aa0-45ca-8e0e-7101c208ae48",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "f98bac6b-12fd-4cad-be84-c84666932232",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "f873db71-3d53-41d5-b141-530675ade27a",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063",
|
"uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063",
|
||||||
"value": "Cleaver - G0003"
|
"value": "Cleaver - G0003"
|
||||||
},
|
},
|
||||||
|
@ -82,6 +163,15 @@
|
||||||
"DNSCALC"
|
"DNSCALC"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "48146604-6693-4db1-bd94-159744726514",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "c47f937f-1022-4f42-8525-e7a4779a14cb",
|
"uuid": "c47f937f-1022-4f42-8525-e7a4779a14cb",
|
||||||
"value": "APT12 - G0005"
|
"value": "APT12 - G0005"
|
||||||
},
|
},
|
||||||
|
@ -100,6 +190,15 @@
|
||||||
"Comment Panda"
|
"Comment Panda"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "1cb7e1cc-d695-42b1-92f4-fd0112a3c9be",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
|
"uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
|
||||||
"value": "APT1 - G0006"
|
"value": "APT1 - G0006"
|
||||||
},
|
},
|
||||||
|
@ -117,6 +216,15 @@
|
||||||
"Musical Chairs"
|
"Musical Chairs"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "b3714d59-b61e-4713-903a-9b4f04ae7f3d",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8",
|
"uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8",
|
||||||
"value": "Night Dragon - G0014"
|
"value": "Night Dragon - G0014"
|
||||||
},
|
},
|
||||||
|
@ -133,9 +241,39 @@
|
||||||
"Deputy Dog"
|
"Deputy Dog"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "c5947e1c-1cbc-434c-94b8-27c7e3be0fff",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "24110866-cb22-4c85-a7d2-0413e126694b",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "99e30d89-9361-4b73-a999-9e5ff9320bcb",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "a0cb9370-e39b-44d5-9f50-ef78e412b973",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "090242d7-73fc-4738-af68-20162f7a5aae",
|
"uuid": "090242d7-73fc-4738-af68-20162f7a5aae",
|
||||||
"value": "APT17 - G0025"
|
"value": "APT17 - G0025"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 3
|
"version": 4
|
||||||
}
|
}
|
||||||
|
|
|
@ -111,6 +111,15 @@
|
||||||
],
|
],
|
||||||
"uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60"
|
"uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "7f3a035d-d83a-45b8-8111-412aa8ade802",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "Mimikatz"
|
"value": "Mimikatz"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -271,6 +280,15 @@
|
||||||
],
|
],
|
||||||
"uuid": "3e205e84-9f90-4b4b-8896-c82189936a15"
|
"uuid": "3e205e84-9f90-4b4b-8896-c82189936a15"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "0a68f1f1-da74-4d28-8d9a-696c082706cc",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "certutil"
|
"value": "certutil"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -366,6 +384,15 @@
|
||||||
],
|
],
|
||||||
"uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db"
|
"uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "6dd05630-9bd8-11e8-a8b9-47ce338a4367",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "PsExec"
|
"value": "PsExec"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -410,6 +437,22 @@
|
||||||
],
|
],
|
||||||
"uuid": "3da22160-12d9-4d27-a99f-338e8de3844a"
|
"uuid": "3da22160-12d9-4d27-a99f-338e8de3844a"
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "ca44dd5e-fd9e-48b5-99cb-0b2629b9265f",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "aafea02e-ece5-4bb2-91a6-3bf8c7f38a39",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"value": "Cobalt Strike"
|
"value": "Cobalt Strike"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -429,5 +472,5 @@
|
||||||
"value": "Reg"
|
"value": "Reg"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 4
|
"version": 5
|
||||||
}
|
}
|
||||||
|
|
|
@ -1771,6 +1771,15 @@
|
||||||
"Purge Ransomware"
|
"Purge Ransomware"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "5541471c-8d15-4aec-9996-e24b59c3e3d6",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "fe16edbe-3050-4276-bac3-c7ff5fd4174a",
|
"uuid": "fe16edbe-3050-4276-bac3-c7ff5fd4174a",
|
||||||
"value": "Globe3 Ransomware"
|
"value": "Globe3 Ransomware"
|
||||||
},
|
},
|
||||||
|
@ -2251,6 +2260,15 @@
|
||||||
"https://id-ransomware.blogspot.co.il/2016/12/roga-ransomware.html"
|
"https://id-ransomware.blogspot.co.il/2016/12/roga-ransomware.html"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "175ebcc0-d74f-49b2-9226-c660ca1fe2e8",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "cd1eb48e-070b-418e-8d83-4644a388f8ae",
|
"uuid": "cd1eb48e-070b-418e-8d83-4644a388f8ae",
|
||||||
"value": "Roga"
|
"value": "Roga"
|
||||||
},
|
},
|
||||||
|
@ -4152,6 +4170,15 @@
|
||||||
"Trojan.Encoder.6491"
|
"Trojan.Encoder.6491"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "f855609e-b7ab-41e8-aafa-62016f8f4e1a",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "a57a8bc3-8c33-43e8-b237-25edcd5f532a",
|
"uuid": "a57a8bc3-8c33-43e8-b237-25edcd5f532a",
|
||||||
"value": "Windows_Security Ransonware"
|
"value": "Windows_Security Ransonware"
|
||||||
},
|
},
|
||||||
|
@ -4282,6 +4309,15 @@
|
||||||
"Purge Ransomware"
|
"Purge Ransomware"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "fe16edbe-3050-4276-bac3-c7ff5fd4174a",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "5541471c-8d15-4aec-9996-e24b59c3e3d6",
|
"uuid": "5541471c-8d15-4aec-9996-e24b59c3e3d6",
|
||||||
"value": "Globe2 Ransomware"
|
"value": "Globe2 Ransomware"
|
||||||
},
|
},
|
||||||
|
@ -4602,6 +4638,15 @@
|
||||||
"Fabiansomeware"
|
"Fabiansomeware"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "d5d3f9de-21b5-482e-b716-5f2f13182990",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "e38b8876-5780-4574-9adf-304e9d659bdb",
|
"uuid": "e38b8876-5780-4574-9adf-304e9d659bdb",
|
||||||
"value": "Apocalypse"
|
"value": "Apocalypse"
|
||||||
},
|
},
|
||||||
|
@ -4700,6 +4745,15 @@
|
||||||
"Rakhni"
|
"Rakhni"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "c85a41a8-a0a1-4963-894f-84bb980e6e86",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "af50d07e-3fc5-4014-9ac5-f5466cf042bc",
|
"uuid": "af50d07e-3fc5-4014-9ac5-f5466cf042bc",
|
||||||
"value": "Bandarchor"
|
"value": "Bandarchor"
|
||||||
},
|
},
|
||||||
|
@ -4796,6 +4850,15 @@
|
||||||
"Salami"
|
"Salami"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "b95aa3fb-9f32-450e-8058-67d94f196913",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "eee75995-321f-477f-8b57-eee4eedf4ba3",
|
"uuid": "eee75995-321f-477f-8b57-eee4eedf4ba3",
|
||||||
"value": "Booyah"
|
"value": "Booyah"
|
||||||
},
|
},
|
||||||
|
@ -4903,6 +4966,15 @@
|
||||||
"http://www.bleepingcomputer.com/forums/t/625820/central-security-treatment-organization-ransomware-help-topic-cry-extension/"
|
"http://www.bleepingcomputer.com/forums/t/625820/central-security-treatment-organization-ransomware-help-topic-cry-extension/"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "629f6986-2c1f-4d0a-b805-e4ef3e2ce634",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "8ff729d9-aee5-4b85-a59d-3f57e105be40",
|
"uuid": "8ff729d9-aee5-4b85-a59d-3f57e105be40",
|
||||||
"value": "Central Security Treatment Organization"
|
"value": "Central Security Treatment Organization"
|
||||||
},
|
},
|
||||||
|
@ -5071,6 +5143,15 @@
|
||||||
"Central Security Treatment Organization"
|
"Central Security Treatment Organization"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "8ff729d9-aee5-4b85-a59d-3f57e105be40",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "629f6986-2c1f-4d0a-b805-e4ef3e2ce634",
|
"uuid": "629f6986-2c1f-4d0a-b805-e4ef3e2ce634",
|
||||||
"value": "CryLocker"
|
"value": "CryLocker"
|
||||||
},
|
},
|
||||||
|
@ -5173,6 +5254,15 @@
|
||||||
"http://news.softpedia.com/news/new-cryptobit-ransomware-could-be-decryptable-503239.shtml"
|
"http://news.softpedia.com/news/new-cryptobit-ransomware-could-be-decryptable-503239.shtml"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "681f212a-af1b-4e40-a718-81b0dc46dc52",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "1903ed75-05f7-4019-b0b7-7a8f23f22194",
|
"uuid": "1903ed75-05f7-4019-b0b7-7a8f23f22194",
|
||||||
"value": "CryptoBit"
|
"value": "CryptoBit"
|
||||||
},
|
},
|
||||||
|
@ -5216,6 +5306,15 @@
|
||||||
"READ IF YOU WANT YOUR FILES BACK.html"
|
"READ IF YOU WANT YOUR FILES BACK.html"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "b817ce63-f1c3-49de-bd8b-fd56c3f956c9",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "26c8b446-305c-4057-83bc-85b09630281e",
|
"uuid": "26c8b446-305c-4057-83bc-85b09630281e",
|
||||||
"value": "CryptoFortress"
|
"value": "CryptoFortress"
|
||||||
},
|
},
|
||||||
|
@ -5522,6 +5621,15 @@
|
||||||
"CryptProjectXXX"
|
"CryptProjectXXX"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "e272d0b5-cdfc-422a-bb78-9214475daec5",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "255aac37-e4d2-4eeb-b8de-143f9c2321bd",
|
"uuid": "255aac37-e4d2-4eeb-b8de-143f9c2321bd",
|
||||||
"value": "CryptXXX"
|
"value": "CryptXXX"
|
||||||
},
|
},
|
||||||
|
@ -5543,6 +5651,15 @@
|
||||||
"CryptProjectXXX"
|
"CryptProjectXXX"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "255aac37-e4d2-4eeb-b8de-143f9c2321bd",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "e272d0b5-cdfc-422a-bb78-9214475daec5",
|
"uuid": "e272d0b5-cdfc-422a-bb78-9214475daec5",
|
||||||
"value": "CryptXXX 2.0"
|
"value": "CryptXXX 2.0"
|
||||||
},
|
},
|
||||||
|
@ -5959,6 +6076,15 @@
|
||||||
"Trojan.Encoder.6491"
|
"Trojan.Encoder.6491"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "a57a8bc3-8c33-43e8-b237-25edcd5f532a",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "f855609e-b7ab-41e8-aafa-62016f8f4e1a",
|
"uuid": "f855609e-b7ab-41e8-aafa-62016f8f4e1a",
|
||||||
"value": "Encoder.xxxx"
|
"value": "Encoder.xxxx"
|
||||||
},
|
},
|
||||||
|
@ -6170,6 +6296,15 @@
|
||||||
"Roga"
|
"Roga"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "cd1eb48e-070b-418e-8d83-4644a388f8ae",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "175ebcc0-d74f-49b2-9226-c660ca1fe2e8",
|
"uuid": "175ebcc0-d74f-49b2-9226-c660ca1fe2e8",
|
||||||
"value": "Free-Freedom"
|
"value": "Free-Freedom"
|
||||||
},
|
},
|
||||||
|
@ -6264,6 +6399,15 @@
|
||||||
"http://www.bleepingcomputer.com/forums/t/611342/gnl-locker-support-and-help-topic-locked-and-unlock-files-instructionshtml/"
|
"http://www.bleepingcomputer.com/forums/t/611342/gnl-locker-support-and-help-topic-locked-and-unlock-files-instructionshtml/"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "78ef77ac-a570-4fb9-af80-d04c09dff9ab",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "390abe30-8b9e-439e-a6d3-2ee978f05fba",
|
"uuid": "390abe30-8b9e-439e-a6d3-2ee978f05fba",
|
||||||
"value": "GNL Locker"
|
"value": "GNL Locker"
|
||||||
},
|
},
|
||||||
|
@ -7128,6 +7272,15 @@
|
||||||
"Booyah"
|
"Booyah"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "eee75995-321f-477f-8b57-eee4eedf4ba3",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "b95aa3fb-9f32-450e-8058-67d94f196913",
|
"uuid": "b95aa3fb-9f32-450e-8058-67d94f196913",
|
||||||
"value": "MM Locker"
|
"value": "MM Locker"
|
||||||
},
|
},
|
||||||
|
@ -7152,6 +7305,15 @@
|
||||||
"CryptoBit"
|
"CryptoBit"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "1903ed75-05f7-4019-b0b7-7a8f23f22194",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "681f212a-af1b-4e40-a718-81b0dc46dc52",
|
"uuid": "681f212a-af1b-4e40-a718-81b0dc46dc52",
|
||||||
"value": "Mobef"
|
"value": "Mobef"
|
||||||
},
|
},
|
||||||
|
@ -7361,6 +7523,15 @@
|
||||||
"Cryakl"
|
"Cryakl"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "4f3e494e-0e37-4894-94b2-741a8100f07a",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "3c51fc0e-42d8-4ff0-b1bd-5c8c20271a39",
|
"uuid": "3c51fc0e-42d8-4ff0-b1bd-5c8c20271a39",
|
||||||
"value": "Offline ransomware"
|
"value": "Offline ransomware"
|
||||||
},
|
},
|
||||||
|
@ -7456,6 +7627,15 @@
|
||||||
"https://www.bleepingcomputer.com/news/security/new-macos-patcher-ransomware-locks-data-for-good-no-way-to-recover-your-files/"
|
"https://www.bleepingcomputer.com/news/security/new-macos-patcher-ransomware-locks-data-for-good-no-way-to-recover-your-files/"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "091c9923-5939-4bde-9db5-56abfb51f1a2",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "e211ea8d-5042-48ae-86c6-15186d1f8dba",
|
"uuid": "e211ea8d-5042-48ae-86c6-15186d1f8dba",
|
||||||
"value": "Patcher"
|
"value": "Patcher"
|
||||||
},
|
},
|
||||||
|
@ -7741,6 +7921,15 @@
|
||||||
"Bandarchor"
|
"Bandarchor"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "af50d07e-3fc5-4014-9ac5-f5466cf042bc",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "c85a41a8-a0a1-4963-894f-84bb980e6e86",
|
"uuid": "c85a41a8-a0a1-4963-894f-84bb980e6e86",
|
||||||
"value": "Rakhni"
|
"value": "Rakhni"
|
||||||
},
|
},
|
||||||
|
@ -8140,6 +8329,15 @@
|
||||||
"Atom"
|
"Atom"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "ff471870-7c9a-4122-ba89-489fc819660b",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "503c9910-902f-4bae-8c33-ea29db8bdd7f",
|
"uuid": "503c9910-902f-4bae-8c33-ea29db8bdd7f",
|
||||||
"value": "Shark"
|
"value": "Shark"
|
||||||
},
|
},
|
||||||
|
@ -8515,6 +8713,15 @@
|
||||||
"Teerac"
|
"Teerac"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "26c8b446-305c-4057-83bc-85b09630281e",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "b817ce63-f1c3-49de-bd8b-fd56c3f956c9",
|
"uuid": "b817ce63-f1c3-49de-bd8b-fd56c3f956c9",
|
||||||
"value": "TorrentLocker"
|
"value": "TorrentLocker"
|
||||||
},
|
},
|
||||||
|
@ -8734,6 +8941,15 @@
|
||||||
"Zlader"
|
"Zlader"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "2195387d-ad9c-47e6-8f14-a49388b26eab",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "63a82b7f-9a71-47a8-9a79-14acc6595da5",
|
"uuid": "63a82b7f-9a71-47a8-9a79-14acc6595da5",
|
||||||
"value": "VaultCrypt"
|
"value": "VaultCrypt"
|
||||||
},
|
},
|
||||||
|
@ -8930,6 +9146,15 @@
|
||||||
"CrypVault"
|
"CrypVault"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "63a82b7f-9a71-47a8-9a79-14acc6595da5",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "2195387d-ad9c-47e6-8f14-a49388b26eab",
|
"uuid": "2195387d-ad9c-47e6-8f14-a49388b26eab",
|
||||||
"value": "Zlader"
|
"value": "Zlader"
|
||||||
},
|
},
|
||||||
|
@ -8959,6 +9184,15 @@
|
||||||
"GNL Locker"
|
"GNL Locker"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "390abe30-8b9e-439e-a6d3-2ee978f05fba",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "78ef77ac-a570-4fb9-af80-d04c09dff9ab",
|
"uuid": "78ef77ac-a570-4fb9-af80-d04c09dff9ab",
|
||||||
"value": "Zyklon"
|
"value": "Zyklon"
|
||||||
},
|
},
|
||||||
|
@ -9283,6 +9517,15 @@
|
||||||
"Patcher"
|
"Patcher"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "e211ea8d-5042-48ae-86c6-15186d1f8dba",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "091c9923-5939-4bde-9db5-56abfb51f1a2",
|
"uuid": "091c9923-5939-4bde-9db5-56abfb51f1a2",
|
||||||
"value": "FileCoder"
|
"value": "FileCoder"
|
||||||
},
|
},
|
||||||
|
@ -9348,6 +9591,15 @@
|
||||||
"http://www.zdnet.com/article/cryakl-ransomware-decryption-keys-now-available-for-free/"
|
"http://www.zdnet.com/article/cryakl-ransomware-decryption-keys-now-available-for-free/"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "3c51fc0e-42d8-4ff0-b1bd-5c8c20271a39",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "4f3e494e-0e37-4894-94b2-741a8100f07a",
|
"uuid": "4f3e494e-0e37-4894-94b2-741a8100f07a",
|
||||||
"value": "Cryakl"
|
"value": "Cryakl"
|
||||||
},
|
},
|
||||||
|
@ -9445,6 +9697,15 @@
|
||||||
"https://www.bleepingcomputer.com/news/security/black-ruby-ransomware-skips-victims-in-iran-and-adds-a-miner-for-good-measure/"
|
"https://www.bleepingcomputer.com/news/security/black-ruby-ransomware-skips-victims-in-iran-and-adds-a-miner-for-good-measure/"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "b4433e66-9bc4-11e8-8f4e-7363f5526636",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "abf3001c-396c-11e8-8da6-ef501eef12e1",
|
"uuid": "abf3001c-396c-11e8-8da6-ef501eef12e1",
|
||||||
"value": "Black Ruby"
|
"value": "Black Ruby"
|
||||||
},
|
},
|
||||||
|
@ -10063,6 +10324,15 @@
|
||||||
"https://www.accenture.com/t20180803T064557Z__w__/us-en/_acnmedia/PDF-83/Accenture-Cyber-Threatscape-Report-2018.pdf"
|
"https://www.accenture.com/t20180803T064557Z__w__/us-en/_acnmedia/PDF-83/Accenture-Cyber-Threatscape-Report-2018.pdf"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "abf3001c-396c-11e8-8da6-ef501eef12e1",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "b4433e66-9bc4-11e8-8f4e-7363f5526636",
|
"uuid": "b4433e66-9bc4-11e8-8f4e-7363f5526636",
|
||||||
"value": "Black Ruby"
|
"value": "Black Ruby"
|
||||||
},
|
},
|
||||||
|
@ -10077,5 +10347,5 @@
|
||||||
"value": "Unnamed Android Ransomware"
|
"value": "Unnamed Android Ransomware"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 27
|
"version": 28
|
||||||
}
|
}
|
||||||
|
|
|
@ -71,6 +71,22 @@
|
||||||
"Gen:Trojan.Heur.PT"
|
"Gen:Trojan.Heur.PT"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "b42378e0-f147-496f-992a-26a49705395b",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "2abe89de-46dd-4dae-ae22-b49a593aff54",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "4e104fef-8a2c-4679-b497-6e86d7d47db0",
|
"uuid": "4e104fef-8a2c-4679-b497-6e86d7d47db0",
|
||||||
"value": "PoisonIvy"
|
"value": "PoisonIvy"
|
||||||
},
|
},
|
||||||
|
@ -120,6 +136,15 @@
|
||||||
"https://krebsonsecurity.com/2014/05/blackshades-trojan-users-had-it-coming/"
|
"https://krebsonsecurity.com/2014/05/blackshades-trojan-users-had-it-coming/"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "8c3202d5-1671-46ec-9d42-cb50dbe2f667",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "3a1fc564-3705-4cc0-8f80-13c58d470d34",
|
"uuid": "3a1fc564-3705-4cc0-8f80-13c58d470d34",
|
||||||
"value": "Blackshades"
|
"value": "Blackshades"
|
||||||
},
|
},
|
||||||
|
@ -135,6 +160,15 @@
|
||||||
"Dark Comet"
|
"Dark Comet"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "9ad11139-e928-45cf-a0b4-937290642e92",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "8a21ae06-d257-48a0-989b-1c9aebedabc2",
|
"uuid": "8a21ae06-d257-48a0-989b-1c9aebedabc2",
|
||||||
"value": "DarkComet"
|
"value": "DarkComet"
|
||||||
},
|
},
|
||||||
|
@ -223,6 +257,29 @@
|
||||||
"JBifrost"
|
"JBifrost"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "ab4694d6-7043-41f2-b328-d93bec9c1b22",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "ce1a9641-5bb8-4a61-990a-870e9ef36ac1",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "dadccdda-a4c2-4021-90b9-61a394e602be",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "b76d9845-815c-4e77-9538-6b737269da2f",
|
"uuid": "b76d9845-815c-4e77-9538-6b737269da2f",
|
||||||
"value": "Adwind RAT"
|
"value": "Adwind RAT"
|
||||||
},
|
},
|
||||||
|
@ -392,6 +449,15 @@
|
||||||
"Njw0rm"
|
"Njw0rm"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "c01ef312-dfd6-403f-a8b5-67fc11a550a7",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "7fb493bb-756b-42a2-8f6d-59e254f4f2cc",
|
"uuid": "7fb493bb-756b-42a2-8f6d-59e254f4f2cc",
|
||||||
"value": "NJRat"
|
"value": "NJRat"
|
||||||
},
|
},
|
||||||
|
@ -570,6 +636,15 @@
|
||||||
"https://github.com/nyx0/Dendroid"
|
"https://github.com/nyx0/Dendroid"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "317a2c10-d489-431e-b6b2-f0251fddc88e",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "ea3a8c25-4adb-4538-bf11-55259bdba15f",
|
"uuid": "ea3a8c25-4adb-4538-bf11-55259bdba15f",
|
||||||
"value": "Dendroid"
|
"value": "Dendroid"
|
||||||
},
|
},
|
||||||
|
@ -871,6 +946,15 @@
|
||||||
"https://leakforums.net/thread-36962"
|
"https://leakforums.net/thread-36962"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "e38b8876-5780-4574-9adf-304e9d659bdb",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "d5d3f9de-21b5-482e-b716-5f2f13182990",
|
"uuid": "d5d3f9de-21b5-482e-b716-5f2f13182990",
|
||||||
"value": "Apocalypse"
|
"value": "Apocalypse"
|
||||||
},
|
},
|
||||||
|
@ -944,6 +1028,15 @@
|
||||||
"Njw0rm"
|
"Njw0rm"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "7fb493bb-756b-42a2-8f6d-59e254f4f2cc",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "c01ef312-dfd6-403f-a8b5-67fc11a550a7",
|
"uuid": "c01ef312-dfd6-403f-a8b5-67fc11a550a7",
|
||||||
"value": "Kiler RAT"
|
"value": "Kiler RAT"
|
||||||
},
|
},
|
||||||
|
@ -1009,6 +1102,15 @@
|
||||||
"https://github.com/n1nj4sec/pupy"
|
"https://github.com/n1nj4sec/pupy"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "cb69b20d-56d0-41ab-8440-4a4b251614d4",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "bdb420be-5882-41c8-b439-02bbef69d83f",
|
"uuid": "bdb420be-5882-41c8-b439-02bbef69d83f",
|
||||||
"value": "Pupy"
|
"value": "Pupy"
|
||||||
},
|
},
|
||||||
|
@ -1074,6 +1176,15 @@
|
||||||
"Shark"
|
"Shark"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "503c9910-902f-4bae-8c33-ea29db8bdd7f",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "ff471870-7c9a-4122-ba89-489fc819660b",
|
"uuid": "ff471870-7c9a-4122-ba89-489fc819660b",
|
||||||
"value": "SharK"
|
"value": "SharK"
|
||||||
},
|
},
|
||||||
|
@ -1369,6 +1480,15 @@
|
||||||
"https://www.symantec.com/security_response/writeup.jsp?docid=2002-021310-3452-99"
|
"https://www.symantec.com/security_response/writeup.jsp?docid=2002-021310-3452-99"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "2be434d3-03df-4236-9e7e-130c2efa8b33",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "281563d8-14f8-43a8-a0cb-2f0198f7146c",
|
"uuid": "281563d8-14f8-43a8-a0cb-2f0198f7146c",
|
||||||
"value": "NetDevil"
|
"value": "NetDevil"
|
||||||
},
|
},
|
||||||
|
@ -1379,6 +1499,15 @@
|
||||||
"https://www.digitrustgroup.com/nanocore-not-your-average-rat/"
|
"https://www.digitrustgroup.com/nanocore-not-your-average-rat/"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "a8111fb7-d4c4-4671-a6f9-f62fea8bad60",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "6c3c111a-93af-428a-bee0-feacbee0237d",
|
"uuid": "6c3c111a-93af-428a-bee0-feacbee0237d",
|
||||||
"value": "NanoCore"
|
"value": "NanoCore"
|
||||||
},
|
},
|
||||||
|
@ -1428,6 +1557,15 @@
|
||||||
"NetDevil"
|
"NetDevil"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "281563d8-14f8-43a8-a0cb-2f0198f7146c",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "2be434d3-03df-4236-9e7e-130c2efa8b33",
|
"uuid": "2be434d3-03df-4236-9e7e-130c2efa8b33",
|
||||||
"value": "Net Devil"
|
"value": "Net Devil"
|
||||||
},
|
},
|
||||||
|
@ -1537,6 +1675,15 @@
|
||||||
"https://attack.mitre.org/wiki/Software/S0126"
|
"https://attack.mitre.org/wiki/Software/S0126"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "da5880b4-f7da-4869-85f2-e0aba84b8565",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "9223bf17-7e32-4833-9574-9ffd8c929765",
|
"uuid": "9223bf17-7e32-4833-9574-9ffd8c929765",
|
||||||
"value": "ComRAT"
|
"value": "ComRAT"
|
||||||
},
|
},
|
||||||
|
@ -1548,6 +1695,15 @@
|
||||||
"https://attack.mitre.org/wiki/Software/S0065"
|
"https://attack.mitre.org/wiki/Software/S0065"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "8e461ca3-0996-4e6e-a0df-e2a5bbc51ebc",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "d8aad68d-a68f-42e1-b755-d5f383b73401",
|
"uuid": "d8aad68d-a68f-42e1-b755-d5f383b73401",
|
||||||
"value": "4H RAT"
|
"value": "4H RAT"
|
||||||
},
|
},
|
||||||
|
@ -1605,6 +1761,22 @@
|
||||||
"Korplug"
|
"Korplug"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "f4b159ea-97e5-483b-854b-c48a78d562aa",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "663f8ef9-4c50-499a-b765-f377d23c1070",
|
"uuid": "663f8ef9-4c50-499a-b765-f377d23c1070",
|
||||||
"value": "PlugX"
|
"value": "PlugX"
|
||||||
},
|
},
|
||||||
|
@ -1728,6 +1900,15 @@
|
||||||
"https://github.com/hussein-aitlahcen/BlackHole"
|
"https://github.com/hussein-aitlahcen/BlackHole"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "e6201dc3-01a7-40c5-ba72-02fa470ada53",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "2ea1f494-cf18-49fb-a043-36555131dd7c",
|
"uuid": "2ea1f494-cf18-49fb-a043-36555131dd7c",
|
||||||
"value": "BlackHole"
|
"value": "BlackHole"
|
||||||
},
|
},
|
||||||
|
@ -1759,6 +1940,15 @@
|
||||||
"https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199_useda.html"
|
"https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199_useda.html"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "dd4358a4-7a43-42f7-8322-0f941ee61e57",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "6ac125c8-6f00-490f-a43b-30b36d715431",
|
"uuid": "6ac125c8-6f00-490f-a43b-30b36d715431",
|
||||||
"value": "FINSPY"
|
"value": "FINSPY"
|
||||||
},
|
},
|
||||||
|
@ -1829,6 +2019,22 @@
|
||||||
"https://www.cobaltstrike.com/"
|
"https://www.cobaltstrike.com/"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "3da22160-12d9-4d27-a99f-338e8de3844a",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "aafea02e-ece5-4bb2-91a6-3bf8c7f38a39",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "ca44dd5e-fd9e-48b5-99cb-0b2629b9265f",
|
"uuid": "ca44dd5e-fd9e-48b5-99cb-0b2629b9265f",
|
||||||
"value": "Cobalt Strike"
|
"value": "Cobalt Strike"
|
||||||
},
|
},
|
||||||
|
@ -1844,6 +2050,22 @@
|
||||||
"VIPER"
|
"VIPER"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "96b08451-b27a-4ff6-893f-790e26393a8e",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "f6c137f0-979c-4ce2-a0e5-2a080a5a1746",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "3eca2d5f-41bf-4ad4-847f-df18befcdc44",
|
"uuid": "3eca2d5f-41bf-4ad4-847f-df18befcdc44",
|
||||||
"value": "Sakula"
|
"value": "Sakula"
|
||||||
},
|
},
|
||||||
|
@ -1855,6 +2077,15 @@
|
||||||
"https://attack.mitre.org/wiki/Software/S0071"
|
"https://attack.mitre.org/wiki/Software/S0071"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "9e2bba94-950b-4fcf-8070-cb3f816c5f4e",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "12bb8f4f-af29-49a0-8c2c-d28468f28fd8",
|
"uuid": "12bb8f4f-af29-49a0-8c2c-d28468f28fd8",
|
||||||
"value": "hcdLoader"
|
"value": "hcdLoader"
|
||||||
},
|
},
|
||||||
|
@ -1865,6 +2096,22 @@
|
||||||
"http://www.connect-trojan.net/2015/01/crimson-rat-3.0.0.html"
|
"http://www.connect-trojan.net/2015/01/crimson-rat-3.0.0.html"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "326af1cd-78e7-45b7-a326-125d2f7ef8f2",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "858edfb8-793a-430b-8acc-4310e7d2f0d3",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "8d8efbc6-d1b7-4ec8-bab3-591edba337d0",
|
"uuid": "8d8efbc6-d1b7-4ec8-bab3-591edba337d0",
|
||||||
"value": "Crimson"
|
"value": "Crimson"
|
||||||
},
|
},
|
||||||
|
@ -1875,6 +2122,15 @@
|
||||||
"http://hack-defender.blogspot.fr/2015/12/kjw0rm-v05x.html"
|
"http://hack-defender.blogspot.fr/2015/12/kjw0rm-v05x.html"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "b3f7a454-3b23-4149-99aa-0132323814d0",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "a7bffc6a-5b47-410b-b039-def16050adcb",
|
"uuid": "a7bffc6a-5b47-410b-b039-def16050adcb",
|
||||||
"value": "KjW0rm"
|
"value": "KjW0rm"
|
||||||
},
|
},
|
||||||
|
@ -1925,6 +2181,15 @@
|
||||||
"https://books.google.fr/books?isbn=2212290136"
|
"https://books.google.fr/books?isbn=2212290136"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "7bec698a-7e20-4fd3-bb6a-12787770fb1a",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "59fb0222-0e7d-4f5f-92ac-e68012fb927d",
|
"uuid": "59fb0222-0e7d-4f5f-92ac-e68012fb927d",
|
||||||
"value": "3PARA RAT"
|
"value": "3PARA RAT"
|
||||||
},
|
},
|
||||||
|
@ -1948,6 +2213,15 @@
|
||||||
"KONNI"
|
"KONNI"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "24ee55e3-697f-482f-8fa8-d05999df40cd",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "5b930a23-7d88-481f-8791-abc7b3dd93d2",
|
"uuid": "5b930a23-7d88-481f-8791-abc7b3dd93d2",
|
||||||
"value": "Konni"
|
"value": "Konni"
|
||||||
},
|
},
|
||||||
|
@ -2013,6 +2287,15 @@
|
||||||
"https://www.fidelissecurity.com/threatgeek/2016/01/introducing-hi-zor-rat"
|
"https://www.fidelissecurity.com/threatgeek/2016/01/introducing-hi-zor-rat"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "5967cc93-57c9-404a-8ffd-097edfa7bdfc",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "d22a3e65-75e5-4970-b424-bdc06ec33dba",
|
"uuid": "d22a3e65-75e5-4970-b424-bdc06ec33dba",
|
||||||
"value": "Hi-Zor"
|
"value": "Hi-Zor"
|
||||||
},
|
},
|
||||||
|
@ -2080,6 +2363,15 @@
|
||||||
"http://securityaffairs.co/wordpress/43889/cyber-crime/new-rat-trochilus.html"
|
"http://securityaffairs.co/wordpress/43889/cyber-crime/new-rat-trochilus.html"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "5e15e4ca-0e04-4af1-ab2a-779dbcad545d",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "8204723f-aefc-4c90-9178-8fe53e8d6f33",
|
"uuid": "8204723f-aefc-4c90-9178-8fe53e8d6f33",
|
||||||
"value": "Trochilus"
|
"value": "Trochilus"
|
||||||
},
|
},
|
||||||
|
@ -2091,6 +2383,15 @@
|
||||||
"https://www.alienvault.com/blogs/security-essentials/matryoshka-malware-from-copykittens-group"
|
"https://www.alienvault.com/blogs/security-essentials/matryoshka-malware-from-copykittens-group"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "cb6c49ab-b9ac-459f-b765-05cbe2e63b0d",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "33b86249-5455-4698-a5e5-0c9591e673b9",
|
"uuid": "33b86249-5455-4698-a5e5-0c9591e673b9",
|
||||||
"value": "Matryoshka"
|
"value": "Matryoshka"
|
||||||
},
|
},
|
||||||
|
@ -2165,6 +2466,15 @@
|
||||||
"qrat"
|
"qrat"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "c3a784ee-cef7-4604-a5ba-ec7b193a5152",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "179288c9-4ff1-4a7e-b728-35dd2e6aac43",
|
"uuid": "179288c9-4ff1-4a7e-b728-35dd2e6aac43",
|
||||||
"value": "Qarallax"
|
"value": "Qarallax"
|
||||||
},
|
},
|
||||||
|
@ -2177,6 +2487,22 @@
|
||||||
"https://attack.mitre.org/wiki/Software/S0149"
|
"https://attack.mitre.org/wiki/Software/S0149"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "9ea525fa-b0a9-4dde-84f2-bcea0137b3c1",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "76ec1827-68a1-488f-9899-2b788ea8db64",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "f266754c-d0aa-4918-95a3-73b28eaa66e3",
|
"uuid": "f266754c-d0aa-4918-95a3-73b28eaa66e3",
|
||||||
"value": "MoonWind"
|
"value": "MoonWind"
|
||||||
},
|
},
|
||||||
|
@ -2221,6 +2547,29 @@
|
||||||
"http://blog.jpcert.or.jp/2017/04/redleaves---malware-based-on-open-source-rat.html"
|
"http://blog.jpcert.or.jp/2017/04/redleaves---malware-based-on-open-source-rat.html"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "17b40f60-729f-4fe8-8aea-cc9ee44a95d5",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "90124cc8-1205-4e63-83ad-5c45a110b1e6",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "3df08e23-1d0b-41ed-b735-c4eca46ce48e",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "ad6a1b4a-6d79-40d4-adb7-1d7ca697347e",
|
"uuid": "ad6a1b4a-6d79-40d4-adb7-1d7ca697347e",
|
||||||
"value": "RedLeaves"
|
"value": "RedLeaves"
|
||||||
},
|
},
|
||||||
|
@ -2317,6 +2666,22 @@
|
||||||
"http://blog.talosintelligence.com/2017/03/dnsmessenger.html"
|
"http://blog.talosintelligence.com/2017/03/dnsmessenger.html"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "4f6aa78c-c3d4-4883-9840-96ca2f5d6d47",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "17e919aa-4a49-445c-b103-dbb8df9e7351",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "ee8ccb36-2596-43a3-a044-b8721dbeb2ab",
|
"uuid": "ee8ccb36-2596-43a3-a044-b8721dbeb2ab",
|
||||||
"value": "DNSMessenger"
|
"value": "DNSMessenger"
|
||||||
},
|
},
|
||||||
|
@ -2380,6 +2745,15 @@
|
||||||
"https://www.us-cert.gov/ncas/alerts/TA17-318A"
|
"https://www.us-cert.gov/ncas/alerts/TA17-318A"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "fece06b7-d4b1-42cf-b81a-5323c917546e",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "e0bea149-2def-484f-b658-f782a4f94815",
|
"uuid": "e0bea149-2def-484f-b658-f782a4f94815",
|
||||||
"value": "FALLCHILL"
|
"value": "FALLCHILL"
|
||||||
},
|
},
|
||||||
|
@ -2539,5 +2913,5 @@
|
||||||
"value": "Hallaj PRO RAT"
|
"value": "Hallaj PRO RAT"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 12
|
"version": 13
|
||||||
}
|
}
|
||||||
|
|
File diff suppressed because it is too large
Load diff
1132
clusters/tool.json
1132
clusters/tool.json
File diff suppressed because it is too large
Load diff
204
tools/gen_mapping.py
Executable file
204
tools/gen_mapping.py
Executable file
|
@ -0,0 +1,204 @@
|
||||||
|
#!/usr/bin/env python3
|
||||||
|
'''
|
||||||
|
Author: Christophe Vandeplas
|
||||||
|
License: AGPL v3
|
||||||
|
|
||||||
|
This builds an automatic mapping between the galaxy clusters of the same type.
|
||||||
|
The mapping is made by using the synonyms documented in each cluster.
|
||||||
|
|
||||||
|
The output is saved in the cluster files themselves, if a change is done the version number is increased.
|
||||||
|
(commented out) The output is saved in a file called "mapping_XXX.json".
|
||||||
|
'''
|
||||||
|
import json
|
||||||
|
import os
|
||||||
|
|
||||||
|
|
||||||
|
# Some galaxy clusters have overlapping synonyms, while not being of the same type.
|
||||||
|
# This type_mapping is there to distinguish galaxies based on their type.
|
||||||
|
# Example: A galaxy of type 'actor' should not map to a galaxy of type 'tool', even if the name/synonym is the same.
|
||||||
|
type_mapping = {
|
||||||
|
'ransomware': 'tool',
|
||||||
|
# 'mitre-pre-attack-relationship': '',
|
||||||
|
# 'mitre-enterprise-attack-course-of-action': '',
|
||||||
|
'mitre-enterprise-attack-intrusion-set': 'actor',
|
||||||
|
'mitre-intrusion-set': 'actor',
|
||||||
|
'rat': 'tool',
|
||||||
|
'stealer': 'tool',
|
||||||
|
'mitre-enterprise-attack-malware': 'tool',
|
||||||
|
# 'mitre-attack-pattern': '',
|
||||||
|
# 'mitre-mobile-attack-relationship': '',
|
||||||
|
# 'mitre-enterprise-attack-attack-pattern': '',
|
||||||
|
'microsoft-activity-group': 'actor',
|
||||||
|
# 'mitre-course-of-action': '',
|
||||||
|
'exploit-kit': 'tool',
|
||||||
|
'mitre-mobile-attack-tool': 'tool',
|
||||||
|
'backdoor': 'tool',
|
||||||
|
# 'mitre-pre-attack-attack-pattern': '',
|
||||||
|
'mitre-mobile-attack-intrusion-set': 'tool',
|
||||||
|
'mitre-tool': 'tool',
|
||||||
|
# 'mitre-mobile-attack-attack-pattern': '',
|
||||||
|
'mitre-mobile-attack-malware': 'tool',
|
||||||
|
'tool': 'tool',
|
||||||
|
# 'preventive-measure': '',
|
||||||
|
# 'sector': '',
|
||||||
|
'mitre-malware': 'tool',
|
||||||
|
'banker': 'tool',
|
||||||
|
# 'branded-vulnerability': '',
|
||||||
|
'botnet': 'tool',
|
||||||
|
# 'cert-eu-govsector': '',
|
||||||
|
'threat-actor': 'actor',
|
||||||
|
'mitre-enterprise-attack-tool': 'tool',
|
||||||
|
'android': 'tool',
|
||||||
|
# 'mitre-mobile-attack-course-of-action': '',
|
||||||
|
'mitre-pre-attack-intrusion-set': 'actor',
|
||||||
|
# 'mitre-enterprise-attack-relationship': '',
|
||||||
|
'tds': 'tool'
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
def loadjsons(path):
|
||||||
|
"""
|
||||||
|
Find all Jsons and load them in a dict
|
||||||
|
"""
|
||||||
|
files = []
|
||||||
|
data = []
|
||||||
|
for name in os.listdir(path):
|
||||||
|
if os.path.isfile(os.path.join(path, name)) and name.endswith('.json'):
|
||||||
|
files.append(name)
|
||||||
|
for jfile in files:
|
||||||
|
data.append(json.load(open("%s/%s" % (path, jfile))))
|
||||||
|
return data
|
||||||
|
|
||||||
|
|
||||||
|
def printjson(s):
|
||||||
|
print(json.dumps(s, sort_keys=True, indent=4, separators=(',', ': ')))
|
||||||
|
|
||||||
|
|
||||||
|
def to_tag(t, v):
|
||||||
|
return 'misp-galaxy:{}="{}"'.format(t, v)
|
||||||
|
|
||||||
|
|
||||||
|
def get_cluster_uuid(cluster):
|
||||||
|
uuid = cluster.get('uuid')
|
||||||
|
if not uuid: # FIXME are these bugs in the format? - mitre-tool.json
|
||||||
|
uuid = cluster['meta'].get('uuid')
|
||||||
|
if not uuid:
|
||||||
|
print(cluster)
|
||||||
|
exit("ERROR: missing UUID in cluster")
|
||||||
|
return uuid
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
path = '../clusters'
|
||||||
|
jsons = loadjsons(path)
|
||||||
|
mappings = {}
|
||||||
|
for k, v in type_mapping.items():
|
||||||
|
if v not in mappings:
|
||||||
|
mappings[v] = []
|
||||||
|
|
||||||
|
for djson in jsons:
|
||||||
|
galaxy = djson['type']
|
||||||
|
|
||||||
|
# ignore the galaxies that are not relevant for us
|
||||||
|
if galaxy not in type_mapping:
|
||||||
|
continue
|
||||||
|
|
||||||
|
# process the entries in each cluster
|
||||||
|
clusters = djson.get('values')
|
||||||
|
for cluster in clusters:
|
||||||
|
names = [cluster['value']]
|
||||||
|
|
||||||
|
if 'meta' in cluster and 'synonyms' in cluster['meta']:
|
||||||
|
names += [s for s in cluster['meta']['synonyms']]
|
||||||
|
|
||||||
|
# check if the entry is already in our mappings dict
|
||||||
|
seen_once = False
|
||||||
|
for mapping in mappings[type_mapping[galaxy]]:
|
||||||
|
seen = False
|
||||||
|
# name is known, add the synonyms and tags
|
||||||
|
for name in names:
|
||||||
|
if name in mapping['names']:
|
||||||
|
seen = True
|
||||||
|
seen_once = True
|
||||||
|
# we have a match in this mapping, add name and synonyms
|
||||||
|
if seen:
|
||||||
|
for name in names:
|
||||||
|
if name not in mapping['names']:
|
||||||
|
mapping['names'].append(name)
|
||||||
|
tag = to_tag(galaxy, cluster['value'])
|
||||||
|
if tag not in mapping['values']:
|
||||||
|
mapping['values'].append(tag)
|
||||||
|
uuid = get_cluster_uuid(cluster)
|
||||||
|
if uuid not in mapping['uuids']:
|
||||||
|
mapping['uuids'].append(uuid)
|
||||||
|
|
||||||
|
# it's not in any mapping, add it
|
||||||
|
if not seen_once:
|
||||||
|
mapping = {}
|
||||||
|
mapping['names'] = names
|
||||||
|
mapping['values'] = [to_tag(galaxy, cluster['value'])]
|
||||||
|
uuid = get_cluster_uuid(cluster)
|
||||||
|
mapping['uuids'] = [uuid]
|
||||||
|
mappings[type_mapping[galaxy]].append(mapping)
|
||||||
|
|
||||||
|
# We have our nice mapping.
|
||||||
|
# Now we only need to add it again in the original files.
|
||||||
|
for name in os.listdir(path):
|
||||||
|
# skip files that are not relevant
|
||||||
|
if not (os.path.isfile(os.path.join(path, name)) and name.endswith('.json')):
|
||||||
|
continue
|
||||||
|
|
||||||
|
# load json
|
||||||
|
with open(os.path.join(path, name), 'r') as f_in:
|
||||||
|
file_json = json.load(f_in)
|
||||||
|
galaxy = file_json['type']
|
||||||
|
|
||||||
|
# ignore the galaxies that are not relevant for us
|
||||||
|
if galaxy not in type_mapping:
|
||||||
|
continue
|
||||||
|
|
||||||
|
changed = False
|
||||||
|
for cluster in file_json['values']:
|
||||||
|
for mapping in mappings[type_mapping[galaxy]]:
|
||||||
|
cluster_uuid = get_cluster_uuid(cluster)
|
||||||
|
if cluster_uuid not in mapping['uuids']:
|
||||||
|
continue
|
||||||
|
# uuid is in the mappings
|
||||||
|
for uuid in mapping['uuids']:
|
||||||
|
# skip self
|
||||||
|
if uuid == cluster_uuid:
|
||||||
|
continue
|
||||||
|
# skip existing entries
|
||||||
|
if 'related' in cluster:
|
||||||
|
if any(v['dest-uuid'] == uuid for v in cluster['related']):
|
||||||
|
continue
|
||||||
|
# initialize array
|
||||||
|
if 'related' not in cluster:
|
||||||
|
cluster['related'] = []
|
||||||
|
# automated things are set to likely
|
||||||
|
# manual validation can upgrade to very-likely or almost-certain
|
||||||
|
cluster['related'].append({"dest-uuid": uuid,
|
||||||
|
"type": "similar",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
]
|
||||||
|
})
|
||||||
|
changed = True
|
||||||
|
if changed:
|
||||||
|
file_json['version'] += 1
|
||||||
|
|
||||||
|
# save result to the original file
|
||||||
|
with open(os.path.join(path, name), 'w') as f_out:
|
||||||
|
json.dump(file_json, f_out, indent=2, sort_keys=True, ensure_ascii=False)
|
||||||
|
|
||||||
|
print("Updated file {}".format(name))
|
||||||
|
print("All done, please don't forget to ./validate_all.sh and ./jq_all_the_things.sh")
|
||||||
|
|
||||||
|
# # simply dump the mapping_json to files. This is not really needed anymore
|
||||||
|
# for galaxy_type, vals in mappings.items():
|
||||||
|
# for mapping in vals:
|
||||||
|
# mapping['names'].sort()
|
||||||
|
# mapping['values'].sort()
|
||||||
|
# with open('mapping_{}.json'.format(galaxy_type), 'w') as f:
|
||||||
|
# json.dump(vals, f, sort_keys=True, indent=4, separators=(',', ': '))
|
||||||
|
# print("File saved as mapping_{}.json".format(galaxy_type))
|
Loading…
Reference in a new issue