mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-22 23:07:19 +00:00
Merge branch 'master' of https://github.com/MISP/misp-galaxy
This commit is contained in:
commit
bd68ee280e
49 changed files with 6016 additions and 21146 deletions
|
@ -2,6 +2,7 @@
|
|||
"authors": [
|
||||
"Unknown"
|
||||
],
|
||||
"category": "tool",
|
||||
"description": "Android malware galaxy based on multiple open sources.",
|
||||
"name": "Android",
|
||||
"source": "Open Sources",
|
||||
|
@ -138,13 +139,6 @@
|
|||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "a6f481fe-b6db-4507-bb3c-28f10d800e2f",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "b8fa5036-813f-4887-b4d4-bb17b4a7eba0",
|
||||
"tags": [
|
||||
|
@ -3802,7 +3796,7 @@
|
|||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "60c18d06-7b91-4742-bae3-647845cd9d81",
|
||||
"dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
|
@ -3821,41 +3815,6 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "8ae43c46-57ef-47d5-a77a-eebb35628db2",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d26b5518-8d7f-41a6-b539-231e4962853e",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "6bd20349-1231-4aaa-ba2a-f4b09d3b344c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729",
|
||||
|
@ -4605,15 +4564,6 @@
|
|||
"https://researchcenter.paloaltonetworks.com/2018/04/unit42-henbox-inside-coop/"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "36ee04f4-a9df-11e8-b92b-d7ddfd3a8896",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "72c37e24-4ead-11e8-8f08-db3ec8f8db86§",
|
||||
"value": "HenBox"
|
||||
},
|
||||
|
@ -4676,5 +4626,5 @@
|
|||
"value": "Triout"
|
||||
}
|
||||
],
|
||||
"version": 15
|
||||
"version": 16
|
||||
}
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
"authors": [
|
||||
"raw-data"
|
||||
],
|
||||
"category": "tool",
|
||||
"description": "A list of backdoor malware.",
|
||||
"name": "Backdoor",
|
||||
"source": "Open Sources",
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
"Unknown",
|
||||
"raw-data"
|
||||
],
|
||||
"category": "tool",
|
||||
"description": "A list of banker malware.",
|
||||
"name": "Banker",
|
||||
"source": "Open Sources",
|
||||
|
@ -99,26 +100,12 @@
|
|||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "7ca93488-c357-44c3-b246-3f88391aca5a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "b4216929-1626-4444-bdd7-bfd4b68a766e",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "66781866-f064-467d-925d-5e5f290352f0",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "44754726-e1d5-4e5f-a113-234c4a8ca65e",
|
||||
|
@ -200,13 +187,6 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "0f96a666-bf26-44e0-8ad6-f2136208c924",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "ffbbbc14-1cdb-4be9-a631-ed53c5407369",
|
||||
|
@ -241,13 +221,6 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "ffbbbc14-1cdb-4be9-a631-ed53c5407369",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "0f96a666-bf26-44e0-8ad6-f2136208c924",
|
||||
|
@ -480,13 +453,6 @@
|
|||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "96b2b31e-b191-43c4-9929-48ba1cbee62c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "75f53ead-1aee-4f91-8cb9-b4170d747cfc",
|
||||
"tags": [
|
||||
|
@ -559,20 +525,6 @@
|
|||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "44754726-e1d5-4e5f-a113-234c4a8ca65e",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "b4216929-1626-4444-bdd7-bfd4b68a766e",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "66781866-f064-467d-925d-5e5f290352f0",
|
||||
"tags": [
|
||||
|
@ -643,13 +595,6 @@
|
|||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "6e1168e6-7768-4fa2-951f-6d6934531633",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "2ccaccd0-8362-4224-8497-2012e7cc7549",
|
||||
"tags": [
|
||||
|
@ -757,13 +702,6 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "e159c4f8-3c22-49f9-a60a-16588a9c22b0",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "87b69cb4-8b65-47ee-91b0-9b1decdd5c5c",
|
||||
|
@ -1000,13 +938,6 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "87b69cb4-8b65-47ee-91b0-9b1decdd5c5c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "e159c4f8-3c22-49f9-a60a-16588a9c22b0",
|
||||
|
@ -1244,5 +1175,5 @@
|
|||
"value": "CamuBot"
|
||||
}
|
||||
],
|
||||
"version": 14
|
||||
"version": 15
|
||||
}
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
"authors": [
|
||||
"Various"
|
||||
],
|
||||
"category": "tool",
|
||||
"description": "botnet galaxy",
|
||||
"name": "Botnet",
|
||||
"source": "MISP Project",
|
||||
|
@ -195,20 +196,6 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "b2ec1f16-2a76-4910-adc5-ecb3570e7c1a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "2ccaccd0-8362-4224-8497-2012e7cc7549",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "6e1168e6-7768-4fa2-951f-6d6934531633",
|
||||
|
@ -721,6 +708,13 @@
|
|||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "17e12216-a303-4a00-8283-d3fe92d0934c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "f24ad5ca-04c5-4cd0-bd72-209ebce4fdbc",
|
||||
"tags": [
|
||||
|
@ -734,13 +728,6 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "variant-of"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "17e12216-a303-4a00-8283-d3fe92d0934c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "fcdfd4af-da35-49a8-9610-19be8a487185",
|
||||
|
@ -877,6 +864,13 @@
|
|||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "ec67f206-6464-48cf-a012-3cdfc1278488",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "fcdfd4af-da35-49a8-9610-19be8a487185",
|
||||
"tags": [
|
||||
|
@ -897,13 +891,6 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "variant-of"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "ec67f206-6464-48cf-a012-3cdfc1278488",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "f24ad5ca-04c5-4cd0-bd72-209ebce4fdbc",
|
||||
|
@ -1151,5 +1138,5 @@
|
|||
"value": "Persirai"
|
||||
}
|
||||
],
|
||||
"version": 16
|
||||
"version": 17
|
||||
}
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
"authors": [
|
||||
"Unknown"
|
||||
],
|
||||
"category": "vulnerability",
|
||||
"description": "List of known vulnerabilities and attacks with a branding",
|
||||
"name": "Branded Vulnerability",
|
||||
"source": "Open Sources",
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
"authors": [
|
||||
"Various"
|
||||
],
|
||||
"category": "sector",
|
||||
"description": "Cert EU GovSector",
|
||||
"name": "Cert EU GovSector",
|
||||
"source": "CERT-EU",
|
||||
|
|
|
@ -4,6 +4,7 @@
|
|||
"Will Metcalf",
|
||||
"KahuSecurity"
|
||||
],
|
||||
"category": "tool",
|
||||
"description": "Exploit-Kit is an enumeration of some exploitation kits used by adversaries. The list includes document, browser and router exploit kits.It's not meant to be totally exhaustive but aim at covering the most seen in the past 5 years",
|
||||
"name": "Exploit-Kit",
|
||||
"source": "MISP Project",
|
||||
|
@ -280,20 +281,6 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "5594b171-32ec-4145-b712-e7701effffdd",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "5eee35b6-bd21-4b67-b198-e9320fcf2c88",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "96b2b31e-b191-43c4-9929-48ba1cbee62c",
|
||||
|
@ -761,5 +748,5 @@
|
|||
"value": "Unknown"
|
||||
}
|
||||
],
|
||||
"version": 11
|
||||
"version": 12
|
||||
}
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
"Andrea Garavaglia",
|
||||
"Davide Arcuri"
|
||||
],
|
||||
"category": "tool",
|
||||
"description": "Malware galaxy cluster based on Malpedia.",
|
||||
"name": "Malpedia",
|
||||
"source": "Malpedia",
|
||||
|
@ -106,7 +107,7 @@
|
|||
"meta": {
|
||||
"refs": [
|
||||
"https://malpedia.caad.fkie.fraunhofer.de/details/apk.catelites",
|
||||
"https://blog.avast.com/new-version-of-mobile-malware-catelites-possibly-linked-to-cron-cyber-gang",
|
||||
"https://blog.avast.com/new-of-mobile-malware-catelites-possibly-linked-to-cron-cyber-gang",
|
||||
"https://www.youtube.com/watch?v=1LOy0ZyjEOk"
|
||||
],
|
||||
"synonyms": [],
|
||||
|
@ -495,13 +496,6 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "fbda9705-677b-4c5b-9b0b-13b52eff587c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "a6f481fe-b6db-4507-bb3c-28f10d800e2f",
|
||||
|
@ -2812,13 +2806,6 @@
|
|||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a",
|
||||
"tags": [
|
||||
|
@ -2840,26 +2827,12 @@
|
|||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "60c18d06-7b91-4742-bae3-647845cd9d81",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "6bd20349-1231-4aaa-ba2a-f4b09d3b344c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "d26b5518-8d7f-41a6-b539-231e4962853e",
|
||||
|
@ -5280,6 +5253,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "276c2c2e-09da-44cf-a3f7-806b3feb41da",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "16794655-c0e2-4510-9169-f862df104045",
|
||||
|
@ -7481,20 +7461,6 @@
|
|||
"type": []
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "276c2c2e-09da-44cf-a3f7-806b3feb41da",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "66781866-f064-467d-925d-5e5f290352f0",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "44754726-e1d5-4e5f-a113-234c4a8ca65e",
|
||||
"tags": [
|
||||
|
@ -7503,7 +7469,7 @@
|
|||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "7ca93488-c357-44c3-b246-3f88391aca5a",
|
||||
"dest-uuid": "276c2c2e-09da-44cf-a3f7-806b3feb41da",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
|
@ -8294,20 +8260,6 @@
|
|||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "b4216929-1626-4444-bdd7-bfd4b68a766e",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "44754726-e1d5-4e5f-a113-234c4a8ca65e",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "7ca93488-c357-44c3-b246-3f88391aca5a",
|
||||
"tags": [
|
||||
|
@ -9558,13 +9510,6 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "cd201689-4bf1-4c5b-ac4d-21c4dcc39e7d",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "4166ab63-24b0-4448-92ea-21c8deef978d",
|
||||
|
@ -9609,13 +9554,6 @@
|
|||
"type": []
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "083bb47b-02c8-4423-81a2-f9ef58572974",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d7183f66-59ec-4803-be20-237b442259fc",
|
||||
"tags": [
|
||||
|
@ -10716,6 +10654,13 @@
|
|||
"type": []
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "2a16a1d4-a098-4f17-80f3-3cfc6c60b539",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "74167065-90b3-4c29-807a-79b6f098e45b",
|
||||
"tags": [
|
||||
|
@ -14000,13 +13945,6 @@
|
|||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "4166ab63-24b0-4448-92ea-21c8deef978d",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "652b5242-b790-4695-ad0e-b79bbf78f351",
|
||||
"tags": [
|
||||
|
@ -14475,13 +14413,6 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "6e1168e6-7768-4fa2-951f-6d6934531633",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "2ccaccd0-8362-4224-8497-2012e7cc7549",
|
||||
|
@ -16075,7 +16006,7 @@
|
|||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
|
||||
"dest-uuid": "d26b5518-8d7f-41a6-b539-231e4962853e",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
|
@ -16101,27 +16032,6 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "60c18d06-7b91-4742-bae3-647845cd9d81",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d26b5518-8d7f-41a6-b539-231e4962853e",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "6bd20349-1231-4aaa-ba2a-f4b09d3b344c",
|
||||
|
@ -16936,7 +16846,7 @@
|
|||
}
|
||||
],
|
||||
"uuid": "39f609e3-e6fe-4c2c-af0e-b28bc81b2ecf",
|
||||
"value": ""
|
||||
"value": "Spy-Net"
|
||||
},
|
||||
{
|
||||
"description": "",
|
||||
|
@ -17669,13 +17579,6 @@
|
|||
"type": []
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "96b2b31e-b191-43c4-9929-48ba1cbee62c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "75f53ead-1aee-4f91-8cb9-b4170d747cfc",
|
||||
"tags": [
|
||||
|
@ -18154,7 +18057,7 @@
|
|||
}
|
||||
],
|
||||
"uuid": "4db80a62-d318-48e7-b70b-759924ff515e",
|
||||
"value": ""
|
||||
"value": "unidentified_005"
|
||||
},
|
||||
{
|
||||
"description": "",
|
||||
|
@ -19976,5 +19879,5 @@
|
|||
"value": "Zyklon"
|
||||
}
|
||||
],
|
||||
"version": 1650
|
||||
"version": 1651
|
||||
}
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
"authors": [
|
||||
"Various"
|
||||
],
|
||||
"category": "actor",
|
||||
"description": "Activity groups as described by Microsoft",
|
||||
"name": "Microsoft Activity Group actor",
|
||||
"source": "MISP Project",
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
"authors": [
|
||||
"MITRE"
|
||||
],
|
||||
"category": "attack-pattern",
|
||||
"description": "ATT&CK tactic",
|
||||
"name": "Attack Pattern",
|
||||
"source": "https://github.com/mitre/cti",
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
"authors": [
|
||||
"MITRE"
|
||||
],
|
||||
"category": "course-of-action",
|
||||
"description": "ATT&CK Mitigation",
|
||||
"name": "Course of Action",
|
||||
"source": "https://github.com/mitre/cti",
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
"authors": [
|
||||
"MITRE"
|
||||
],
|
||||
"category": "attack-pattern",
|
||||
"description": "ATT&CK tactic",
|
||||
"name": "Enterprise Attack - Attack Pattern",
|
||||
"source": "https://github.com/mitre/cti",
|
||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -2,6 +2,7 @@
|
|||
"authors": [
|
||||
"MITRE"
|
||||
],
|
||||
"category": "actor",
|
||||
"description": "Name of ATT&CK Group",
|
||||
"name": "Enterprise Attack -intrusion Set",
|
||||
"source": "https://github.com/mitre/cti",
|
||||
|
@ -27,6 +28,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "7ecc3b4f-5cdb-457e-b55a-df376b359446",
|
||||
|
@ -44,6 +52,15 @@
|
|||
"Group5"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "7331c66a-5601-4d3f-acf6-ad9e3035eb40",
|
||||
"value": "Group5 - G0043"
|
||||
},
|
||||
|
@ -67,6 +84,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "fe98767f-9df8-42b9-83c9-004b1dec8647",
|
||||
|
@ -91,6 +115,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "b42378e0-f147-496f-992a-26a49705395b",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "16ade1aa-0ea1-4bb7-88cc-9079df2ae756",
|
||||
|
@ -108,6 +139,15 @@
|
|||
"RTM"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "92ec0cbd-2c30-44a2-b270-73f4ec949841",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "c416b28c-103b-4df1-909e-78089a7e0e5f",
|
||||
"value": "RTM - G0048"
|
||||
},
|
||||
|
@ -145,6 +185,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "d1acfbb3-647b-4723-9154-800ec119006e",
|
||||
|
@ -216,6 +263,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "f9c06633-dcff-48a1-8588-759e7cec5694",
|
||||
|
@ -237,6 +291,13 @@
|
|||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "99e30d89-9361-4b73-a999-9e5ff9320bcb",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "24110866-cb22-4c85-a7d2-0413e126694b",
|
||||
"tags": [
|
||||
|
@ -244,12 +305,26 @@
|
|||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "a0cb9370-e39b-44d5-9f50-ef78e412b973",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "090242d7-73fc-4738-af68-20162f7a5aae",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "c5947e1c-1cbc-434c-94b8-27c7e3be0fff",
|
||||
|
@ -289,6 +364,20 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "103ebfd8-4280-4027-b61a-69bd9967ad6c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "a653431d-6a5e-4600-8ad3-609b5af57064",
|
||||
|
@ -314,6 +403,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "df71bb3b-813c-45eb-a8bc-f2a419837411",
|
||||
|
@ -340,6 +436,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "69d6f4a9-fcf0-4f51-bca7-597c51ad0bb8",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "277d2f87-2ae5-4730-a3aa-50c1fdff9656",
|
||||
|
@ -379,6 +482,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "381fcf73-60f6-4ab2-9991-6af3cbc35192",
|
||||
|
@ -403,6 +513,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "9422fc14-1c43-410d-ab0f-a709b76c72dc",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "2a7914cf-dff3-428d-ab0f-1014d1c28aeb",
|
||||
|
@ -427,6 +544,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "ae41895a-243f-4a65-b99b-d85022326c31",
|
||||
|
@ -451,6 +575,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "62a64fd3-aaf7-4d09-a375-d6f8bb118481",
|
||||
|
@ -487,6 +618,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "4a2ce82e-1a74-468a-a6fb-bbead541383c",
|
||||
|
@ -543,6 +681,13 @@
|
|||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "b96e02f1-4037-463f-b158-5a964352f8d9",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13",
|
||||
"tags": [
|
||||
|
@ -631,6 +776,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "a8d3d497-2da9-4797-8e0b-ed176be08654",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "025bdaa9-897d-4bad-afa6-013ba5734653",
|
||||
|
@ -655,6 +807,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "68ba94ab-78b8-43e7-83e2-aed3466882c6",
|
||||
|
@ -679,6 +838,20 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "f3bdec95-3d62-42d9-a840-29630f6cdc1a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "519630c5-f03f-4882-825c-3af924935817",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "2e5d3a83-fe00-41a5-9b60-237efc84832f",
|
||||
|
@ -721,6 +894,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "294e2560-bd48-44b2-9da2-833b5588ad11",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "fb366179-766c-4a4a-afa1-52bff1fd601c",
|
||||
|
@ -740,12 +920,26 @@
|
|||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "2e5d3a83-fe00-41a5-9b60-237efc84832f",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "a9b44750-992c-4743-8922-129880d277ea",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "b42378e0-f147-496f-992a-26a49705395b",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "f3bdec95-3d62-42d9-a840-29630f6cdc1a",
|
||||
|
@ -797,6 +991,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "fbe9387f-34e6-4828-ac28-3080020c597b",
|
||||
|
@ -840,6 +1041,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "4ca1929c-7d64-4aab-b849-badbfc0c760d",
|
||||
|
@ -864,6 +1072,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "e48df773-7c95-4a4c-ba70-ea3d15900148",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "7636484c-adc5-45d4-9bfe-c3e062fbc4a0",
|
||||
|
@ -883,6 +1098,15 @@
|
|||
"FIN5"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "0e18b800-906c-4e44-a143-b11c72b3448b",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "85403903-15e0-4f9f-9be4-a259ecad4022",
|
||||
"value": "FIN5 - G0053"
|
||||
},
|
||||
|
@ -900,6 +1124,15 @@
|
|||
"BlackOasis"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "da49b9f1-ca99-443f-9728-0a074db66850",
|
||||
"value": "BlackOasis - G0063"
|
||||
},
|
||||
|
@ -915,6 +1148,15 @@
|
|||
"Taidoor"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "4b74a1d4-b0e9-4ef1-93f1-14ecc6e2f5b5",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "59140a2e-d117-4206-9b2c-2a8662bd9d46",
|
||||
"value": "Taidoor - G0015"
|
||||
},
|
||||
|
@ -979,6 +1221,20 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "f047ee18-7985-4946-8bfb-4ed754d3a0dd",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "5a63f900-5e7e-4928-a746-dd4558e1df71",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "2a158b0a-7ef8-43cb-9985-bf34d1e12050",
|
||||
|
@ -996,6 +1252,15 @@
|
|||
"Ke3chang"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "72b74d71-8169-42aa-92e0-e7b04b9f5a08",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "6713ab67-e25b-49cc-808d-2b36d4fbc35c",
|
||||
"value": "Ke3chang - G0004"
|
||||
},
|
||||
|
@ -1027,6 +1292,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "247cb30b-955f-42eb-97a5-a89fef69341e",
|
||||
|
@ -1052,6 +1324,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "a127c32c-cbb0-4f9d-be07-881a792408ec",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "269e8108-68c6-4f99-b911-14b2e765dec2",
|
||||
|
@ -1088,6 +1367,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "17862c7d-9e60-48a0-b48e-da4dc4c3f6b0",
|
||||
|
@ -1107,6 +1393,13 @@
|
|||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "2a158b0a-7ef8-43cb-9985-bf34d1e12050",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "2f1fd017-9df6-4759-91fb-e7039609b5ff",
|
||||
"tags": [
|
||||
|
@ -1127,6 +1420,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "fb261c56-b80e-43a9-8351-c84081e7213d",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "f047ee18-7985-4946-8bfb-4ed754d3a0dd",
|
||||
|
@ -1224,6 +1524,20 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "55033a4d-3ffe-46b2-99b4-2c1541e9ce1c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "3753cc21-2dae-4dfb-8481-d004e74502cc",
|
||||
|
@ -1258,6 +1572,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "0bbdf25b-30ff-4894-a1cd-49260d0dd2d9",
|
||||
|
@ -1282,6 +1603,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "54a649ff-439a-41a4-9856-8d144a2551ba",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "0ea72cd5-ca30-46ba-bc04-378f701c658f",
|
||||
|
@ -1318,6 +1646,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "ffe742ed-9100-4686-9e00-c331da544787",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "c93fccb1-e8e8-42cf-ae33-2ad1d183913a",
|
||||
|
@ -1343,6 +1678,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "0f862b01-99da-47cc-9bdb-db4a86a95bb1",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "88b7dbc2-32d3-4e31-af2f-3fc24e1582d7",
|
||||
|
@ -1360,6 +1702,15 @@
|
|||
"Equation"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "10d5f3b7-6be6-4da5-9a77-0f1e2bbfcc44",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "96e239be-ad99-49eb-b127-3007b8c1bec9",
|
||||
"value": "Equation - G0020"
|
||||
},
|
||||
|
@ -1375,6 +1726,15 @@
|
|||
"Darkhotel"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "9422fc14-1c43-410d-ab0f-a709b76c72dc",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "9e729a7e-0dd6-4097-95bf-db8d64911383",
|
||||
"value": "Darkhotel - G0012"
|
||||
},
|
||||
|
@ -1398,6 +1758,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "82cb34ba-02b5-432b-b2d2-07f55cbf674d",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1",
|
||||
|
@ -1422,6 +1789,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "1b84d551-6de8-4b96-9930-d177677c3b1d",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "5cbe0d3b-6fb1-471f-b591-4b192915116d",
|
||||
|
@ -1446,6 +1820,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "894aab42-3371-47b1-8859-a4a074c804c8",
|
||||
|
@ -1473,6 +1854,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "9422fc14-1c43-410d-ab0f-a709b76c72dc",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "93f52415-0fe4-4d3d-896c-fc9b8e88ab90",
|
||||
|
@ -1497,6 +1885,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "dfb5fa9b-3051-4b97-8035-08f80aef945b",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "c5574ca0-d5a4-490a-b207-e4658e5fd1d7",
|
||||
|
@ -1515,6 +1910,15 @@
|
|||
"TG-1314"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "92a78814-b191-47ca-909c-1ccfe3777414",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "d519164e-f5fa-4b8c-a1fb-cf0172ad0983",
|
||||
"value": "Threat Group-1314 - G0028"
|
||||
},
|
||||
|
@ -1547,6 +1951,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "6b62e336-176f-417b-856a-8552dd8c44e1",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "7a19ecb1-3c65-4de3-a230-993516aed6a6",
|
||||
|
@ -1576,6 +1987,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "03506554-5f37-4f8f-9ce4-0e9f01a1b484",
|
||||
|
@ -1604,6 +2022,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "ca1a3f50-5ebd-41f8-8320-2c7d6a6e88be",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "899ce53f-13a0-479b-a0e4-67d46e241542",
|
||||
|
@ -1636,6 +2061,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "222fbd21-fc4f-4b7e-9f85-0e6e3a76c33f",
|
||||
|
@ -1662,6 +2094,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "7bec698a-7e20-4fd3-bb6a-12787770fb1a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "5ce5392a-3a6c-4e07-9df3-9b6a9159ac45",
|
||||
|
@ -1684,6 +2123,20 @@
|
|||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "c5947e1c-1cbc-434c-94b8-27c7e3be0fff",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "99e30d89-9361-4b73-a999-9e5ff9320bcb",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "24110866-cb22-4c85-a7d2-0413e126694b",
|
||||
"tags": [
|
||||
|
@ -1697,6 +2150,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "a0cb9370-e39b-44d5-9f50-ef78e412b973",
|
||||
|
@ -1776,6 +2236,20 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "b96e02f1-4037-463f-b158-5a964352f8d9",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13",
|
||||
|
@ -1801,6 +2275,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "ffe742ed-9100-4686-9e00-c331da544787",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "fd19bd82-1b14-49a1-a176-6cdc46b8a826",
|
||||
|
@ -1833,6 +2314,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "691c60e2-273d-4d56-9ce6-b67e0f8719ad",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "efed95ba-d7e8-47ff-8c53-99c42426ee7c",
|
||||
|
@ -1854,12 +2342,26 @@
|
|||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "3753cc21-2dae-4dfb-8481-d004e74502cc",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "00220228-a5a4-4032-a30d-826bb55aa3fb",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "55033a4d-3ffe-46b2-99b4-2c1541e9ce1c",
|
||||
|
@ -1892,6 +2394,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "20138b9d-1aac-4a26-8654-a36b6bbf2bba",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "fbd29c89-18ba-4c2d-b792-51c0adee049f",
|
||||
|
@ -1933,6 +2442,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "56fca983-1cf1-4fd1-bda0-5e170a37ab59",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "38fd6a28-3353-4f2b-bb2b-459fecd5c648",
|
||||
|
@ -1959,6 +2475,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "e906ae4d-1d3a-4675-be23-22f7311c0da4",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "7113eaa5-ba79-4fb3-b68a-398ee9cd698e",
|
||||
|
@ -1985,6 +2508,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "dcd81c6e-ebf7-4a16-93e0-9a97fa49c88a",
|
||||
|
@ -2009,11 +2539,18 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "2e290bfe-93b5-48ce-97d6-edcd6d32b7cf",
|
||||
"value": "Gamaredon Group - G0047"
|
||||
}
|
||||
],
|
||||
"version": 5
|
||||
"version": 7
|
||||
}
|
||||
|
|
File diff suppressed because it is too large
Load diff
File diff suppressed because it is too large
Load diff
|
@ -2,6 +2,7 @@
|
|||
"authors": [
|
||||
"MITRE"
|
||||
],
|
||||
"category": "tool",
|
||||
"description": "Name of ATT&CK software",
|
||||
"name": "Enterprise Attack - Tool",
|
||||
"source": "https://github.com/mitre/cti",
|
||||
|
@ -28,6 +29,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "f44731de-ea9f-406d-9b83-30ecbb9b4392",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "96fd6cc4-a693-4118-83ec-619e5352d07d",
|
||||
|
@ -46,6 +54,15 @@
|
|||
"at.exe"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "0c8465c0-d0b4-4670-992e-4eee8d7ff952",
|
||||
"value": "at - S0110"
|
||||
},
|
||||
|
@ -62,6 +79,15 @@
|
|||
"route.exe"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "c11ac61d-50f4-444f-85d8-6f006067f0de",
|
||||
"value": "route - S0103"
|
||||
},
|
||||
|
@ -77,6 +103,15 @@
|
|||
"Tasklist"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "2e45723a-31da-4a7e-aaa6-e01998a6788f",
|
||||
"value": "Tasklist - S0057"
|
||||
},
|
||||
|
@ -93,6 +128,15 @@
|
|||
"WCE"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "242f3da3-4425-4d11-8f5c-b842886da966",
|
||||
"value": "Windows Credential Editor - S0005"
|
||||
},
|
||||
|
@ -108,6 +152,15 @@
|
|||
"Responder"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "a1dd2dbd-1550-44bf-abcc-1a4c52e97719",
|
||||
"value": "Responder - S0174"
|
||||
},
|
||||
|
@ -124,6 +177,15 @@
|
|||
"schtasks.exe"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "c9703cd3-141c-43a0-a926-380082be5d04",
|
||||
"value": "schtasks - S0111"
|
||||
},
|
||||
|
@ -146,6 +208,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "ca1a3f50-5ebd-41f8-8320-2c7d6a6e88be",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "102c3898-85e0-43ee-ae28-62a0a3ed9507",
|
||||
|
@ -163,6 +232,15 @@
|
|||
"ifconfig"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "362dc67f-4e85-4562-9dac-1b6b7f3ec4b5",
|
||||
"value": "ifconfig - S0101"
|
||||
},
|
||||
|
@ -178,6 +256,15 @@
|
|||
"BITSAdmin"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "64764dc6-a032-495f-8250-1e4c06bdc163",
|
||||
"value": "BITSAdmin - S0190"
|
||||
},
|
||||
|
@ -201,6 +288,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60",
|
||||
|
@ -218,6 +312,15 @@
|
|||
"xCmd"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "f44731de-ea9f-406d-9b83-30ecbb9b4392",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "4fa49fc0-9162-4bdb-a37e-7aa3dcb6d38b",
|
||||
"value": "xCmd - S0123"
|
||||
},
|
||||
|
@ -233,6 +336,15 @@
|
|||
"MimiPenguin"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "5a33468d-844d-4b1f-98c9-0e786c556b27",
|
||||
"value": "MimiPenguin - S0179"
|
||||
},
|
||||
|
@ -248,6 +360,15 @@
|
|||
"SDelete"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "1b84d551-6de8-4b96-9930-d177677c3b1d",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "d8d19e33-94fd-4aa3-b94a-08ee801a2153",
|
||||
"value": "SDelete - S0195"
|
||||
},
|
||||
|
@ -264,6 +385,15 @@
|
|||
"systeminfo.exe"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1",
|
||||
"value": "Systeminfo - S0096"
|
||||
},
|
||||
|
@ -280,6 +410,15 @@
|
|||
"netsh.exe"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "241814ae-de3f-4656-b49e-f9a80764d4b7",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "5a63f900-5e7e-4928-a746-dd4558e1df71",
|
||||
"value": "netsh - S0108"
|
||||
},
|
||||
|
@ -296,6 +435,15 @@
|
|||
"dsquery.exe"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "38952eac-cb1b-4a71-bad2-ee8223a1c8fe",
|
||||
"value": "dsquery - S0105"
|
||||
},
|
||||
|
@ -318,6 +466,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "b07c2c47-fefb-4d7c-a69e-6a3296171f54",
|
||||
|
@ -336,6 +491,15 @@
|
|||
"ping.exe"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "b77b563c-34bb-4fb8-86a3-3694338f7b47",
|
||||
"value": "Ping - S0097"
|
||||
},
|
||||
|
@ -351,6 +515,15 @@
|
|||
"Fgdump"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "4f45dfeb-fe51-4df0-8db3-edf7dd0513fe",
|
||||
"value": "Fgdump - S0120"
|
||||
},
|
||||
|
@ -366,6 +539,15 @@
|
|||
"Lslsass"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "2fab555f-7664-4623-b4e0-1675ae38190b",
|
||||
"value": "Lslsass - S0121"
|
||||
},
|
||||
|
@ -381,6 +563,15 @@
|
|||
"Pass-The-Hash Toolkit"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "c23b740b-a42b-47a1-aec2-9d48ddd547ff",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "a52edc76-328d-4596-85e7-d56ef5a9eb69",
|
||||
"value": "Pass-The-Hash Toolkit - S0122"
|
||||
},
|
||||
|
@ -397,6 +588,15 @@
|
|||
"ftp.exe"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "cf23bf4a-e003-4116-bbae-1ea6c558d565",
|
||||
"value": "FTP - S0095"
|
||||
},
|
||||
|
@ -413,6 +613,15 @@
|
|||
"ipconfig.exe"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "294e2560-bd48-44b2-9da2-833b5588ad11",
|
||||
"value": "ipconfig - S0100"
|
||||
},
|
||||
|
@ -429,6 +638,15 @@
|
|||
"nbtstat.exe"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "b35068ec-107a-4266-bda8-eb7036267aea",
|
||||
"value": "nbtstat - S0102"
|
||||
},
|
||||
|
@ -452,6 +670,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "d5e96a35-7b0b-4c6a-9533-d63ecbda563e",
|
||||
|
@ -469,6 +694,15 @@
|
|||
"Tor"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "7d751199-05fa-4a72-920f-85df4506c76c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68",
|
||||
"value": "Tor - S0183"
|
||||
},
|
||||
|
@ -485,6 +719,15 @@
|
|||
"netstat.exe"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "4664b683-f578-434f-919b-1c1aad2a1111",
|
||||
"value": "netstat - S0104"
|
||||
},
|
||||
|
@ -500,6 +743,15 @@
|
|||
"pwdump"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "9de2308e-7bed-43a3-8e58-f194b3586700",
|
||||
"value": "pwdump - S0006"
|
||||
},
|
||||
|
@ -515,6 +767,15 @@
|
|||
"Cachedump"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "c9cd7ec9-40b7-49db-80be-1399eddd9c52",
|
||||
"value": "Cachedump - S0119"
|
||||
},
|
||||
|
@ -530,6 +791,15 @@
|
|||
"Forfiles"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "90ec2b22-7061-4469-b539-0989ec4f96c2",
|
||||
"value": "Forfiles - S0193"
|
||||
},
|
||||
|
@ -547,6 +817,15 @@
|
|||
"net.exe"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "b6075259-dba3-44e9-87c7-e954f37ec0d5",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "03342581-f790-4f03-ba41-e82e67392e23",
|
||||
"value": "Net - S0039"
|
||||
},
|
||||
|
@ -570,6 +849,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "ffe742ed-9100-4686-9e00-c331da544787",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db",
|
||||
|
@ -595,6 +881,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "0a68f1f1-da74-4d28-8d9a-696c082706cc",
|
||||
|
@ -613,6 +906,15 @@
|
|||
"arp.exe"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "30489451-5886-4c46-90c9-0dff9adc5252",
|
||||
"value": "Arp - S0099"
|
||||
},
|
||||
|
@ -632,6 +934,15 @@
|
|||
"cmd.exe"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "56fca983-1cf1-4fd1-bda0-5e170a37ab59",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "bba595da-b73a-4354-aa6c-224d4de7cb4e",
|
||||
"value": "cmd - S0106"
|
||||
},
|
||||
|
@ -647,6 +958,15 @@
|
|||
"Havij"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "fbd727ea-c0dc-42a9-8448-9e12962d1ab5",
|
||||
"value": "Havij - S0224"
|
||||
},
|
||||
|
@ -664,6 +984,15 @@
|
|||
"PowerSploit"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "13cd9151-83b7-410d-9f98-25d0f0d1d80d",
|
||||
"value": "PowerSploit - S0194"
|
||||
},
|
||||
|
@ -678,6 +1007,15 @@
|
|||
"meek"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "1ce03c65-5946-4ac9-9d4d-66db87e024bd",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "65370d0b-3bd4-4653-8cf9-daf56f6be830",
|
||||
"value": "meek - S0175"
|
||||
},
|
||||
|
@ -695,6 +1033,15 @@
|
|||
"reg.exe"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "2edd9d6a-5674-4326-a600-ba56de467286",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "cde2d700-9ed1-46cf-9bce-07364fe8b24f",
|
||||
"value": "Reg - S0075"
|
||||
},
|
||||
|
@ -710,6 +1057,15 @@
|
|||
"spwebmember"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "33b9e38f-103c-412d-bdcf-904a91fff1e4",
|
||||
"value": "spwebmember - S0227"
|
||||
},
|
||||
|
@ -732,6 +1088,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "cb69b20d-56d0-41ab-8440-4a4b251614d4",
|
||||
|
@ -749,6 +1112,15 @@
|
|||
"sqlmap"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "9a2640c2-9f43-46fe-b13f-bde881e55555",
|
||||
"value": "sqlmap - S0225"
|
||||
},
|
||||
|
@ -785,6 +1157,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "aafea02e-ece5-4bb2-91a6-3bf8c7f38a39",
|
||||
|
@ -802,9 +1181,18 @@
|
|||
"Invoke-PSImage"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "b52d6583-14a2-4ddc-8527-87fd2142558f",
|
||||
"value": "Invoke-PSImage - S0231"
|
||||
}
|
||||
],
|
||||
"version": 6
|
||||
"version": 7
|
||||
}
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
"authors": [
|
||||
"MITRE"
|
||||
],
|
||||
"category": "actor",
|
||||
"description": "Name of ATT&CK Group",
|
||||
"name": "intrusion Set",
|
||||
"source": "https://github.com/mitre/cti",
|
||||
|
@ -177,6 +178,13 @@
|
|||
"uuid": "c5947e1c-1cbc-434c-94b8-27c7e3be0fff"
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "99e30d89-9361-4b73-a999-9e5ff9320bcb",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "24110866-cb22-4c85-a7d2-0413e126694b",
|
||||
"tags": [
|
||||
|
@ -184,6 +192,13 @@
|
|||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "a0cb9370-e39b-44d5-9f50-ef78e412b973",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "090242d7-73fc-4738-af68-20162f7a5aae",
|
||||
"tags": [
|
||||
|
@ -228,6 +243,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "103ebfd8-4280-4027-b61a-69bd9967ad6c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"value": "Deep Panda"
|
||||
|
@ -418,6 +440,13 @@
|
|||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "b96e02f1-4037-463f-b158-5a964352f8d9",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13",
|
||||
"tags": [
|
||||
|
@ -495,6 +524,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "f3bdec95-3d62-42d9-a840-29630f6cdc1a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"value": "Moafee"
|
||||
|
@ -555,6 +591,13 @@
|
|||
"uuid": "f3bdec95-3d62-42d9-a840-29630f6cdc1a"
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "2e5d3a83-fe00-41a5-9b60-237efc84832f",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "a9b44750-992c-4743-8922-129880d277ea",
|
||||
"tags": [
|
||||
|
@ -663,6 +706,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "f047ee18-7985-4946-8bfb-4ed754d3a0dd",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"value": "Naikon"
|
||||
|
@ -728,6 +778,13 @@
|
|||
"uuid": "f047ee18-7985-4946-8bfb-4ed754d3a0dd"
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "2a158b0a-7ef8-43cb-9985-bf34d1e12050",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "2f1fd017-9df6-4759-91fb-e7039609b5ff",
|
||||
"tags": [
|
||||
|
@ -849,6 +906,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "55033a4d-3ffe-46b2-99b4-2c1541e9ce1c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"value": "FIN7"
|
||||
|
@ -1017,6 +1081,27 @@
|
|||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "11e17436-6ede-4733-8547-4ce0254ea19e",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "86724806-7ec9-4a48-a0a7-ecbde3bf4810",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "42be2a84-5a5c-4c6d-9864-3f09d75bb0ba",
|
||||
"tags": [
|
||||
|
@ -1024,12 +1109,54 @@
|
|||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d56c99fa-4710-472c-81a6-41b7a84ea4be",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "a0082cfa-32e2-42b8-92d8-5c7a7409dcf1",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "ba724df5-9aa0-45ca-8e0e-7101c208ae48",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "f98bac6b-12fd-4cad-be84-c84666932232",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "f873db71-3d53-41d5-b141-530675ade27a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "47204403-34c9-4d25-a006-296a0939d1a2",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"value": "OilRig"
|
||||
|
@ -1295,6 +1422,13 @@
|
|||
"uuid": "a0cb9370-e39b-44d5-9f50-ef78e412b973"
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "99e30d89-9361-4b73-a999-9e5ff9320bcb",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "24110866-cb22-4c85-a7d2-0413e126694b",
|
||||
"tags": [
|
||||
|
@ -1302,6 +1436,13 @@
|
|||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "c5947e1c-1cbc-434c-94b8-27c7e3be0fff",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "090242d7-73fc-4738-af68-20162f7a5aae",
|
||||
"tags": [
|
||||
|
@ -1326,6 +1467,13 @@
|
|||
"uuid": "55033a4d-3ffe-46b2-99b4-2c1541e9ce1c"
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "3753cc21-2dae-4dfb-8481-d004e74502cc",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "00220228-a5a4-4032-a30d-826bb55aa3fb",
|
||||
"tags": [
|
||||
|
@ -1431,5 +1579,5 @@
|
|||
"value": "Gamaredon Group"
|
||||
}
|
||||
],
|
||||
"version": 7
|
||||
"version": 8
|
||||
}
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
"authors": [
|
||||
"MITRE"
|
||||
],
|
||||
"category": "tool",
|
||||
"description": "Name of ATT&CK software",
|
||||
"name": "Malware",
|
||||
"source": "https://github.com/mitre/cti",
|
||||
|
@ -263,13 +264,6 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "c04fc02e-f35a-44b6-a9b0-732bf2fc551a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"value": "Backdoor.Oldrea"
|
||||
|
@ -458,6 +452,27 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "1de47f51-1f20-403b-a2e1-5eaabe275faa",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "3948ce95-468e-4ce1-82b1-57439c6d6afd",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"value": "Komplex"
|
||||
|
@ -1025,6 +1040,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "e336aeba-b61a-44e0-a0df-cd52a5839db5",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"value": "PoisonIvy"
|
||||
|
@ -1887,48 +1909,6 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "8ae43c46-57ef-47d5-a77a-eebb35628db2",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d26b5518-8d7f-41a6-b539-231e4962853e",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "6bd20349-1231-4aaa-ba2a-f4b09d3b344c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"value": "CORESHELL"
|
||||
|
@ -2172,6 +2152,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "da079741-05e6-458c-b434-011263dc691c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"value": "ComRAT"
|
||||
|
@ -2781,13 +2768,6 @@
|
|||
"uuid": "8ae43c46-57ef-47d5-a77a-eebb35628db2"
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a",
|
||||
"tags": [
|
||||
|
@ -2809,20 +2789,6 @@
|
|||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "60c18d06-7b91-4742-bae3-647845cd9d81",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d26b5518-8d7f-41a6-b539-231e4962853e",
|
||||
"tags": [
|
||||
|
@ -2852,5 +2818,5 @@
|
|||
"value": "ELMER"
|
||||
}
|
||||
],
|
||||
"version": 6
|
||||
"version": 7
|
||||
}
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
"authors": [
|
||||
"MITRE"
|
||||
],
|
||||
"category": "attack-pattern",
|
||||
"description": "ATT&CK tactic",
|
||||
"name": "Mobile Attack - Attack Pattern",
|
||||
"source": "https://github.com/mitre/cti",
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
"authors": [
|
||||
"MITRE"
|
||||
],
|
||||
"category": "course-of-action",
|
||||
"description": "ATT&CK Mitigation",
|
||||
"name": "Mobile Attack - Course of Action",
|
||||
"source": "https://github.com/mitre/cti",
|
||||
|
@ -13,6 +14,15 @@
|
|||
"meta": {
|
||||
"external_id": "MOB-M1010"
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "9d7c32f4-ab39-49dc-8055-8106bc2294a1",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "cf2cccb1-cab8-431a-8ecf-f7874d05f433",
|
||||
"value": "Deploy Compromised Device Detection Method - MOB-M1010"
|
||||
},
|
||||
|
@ -21,6 +31,15 @@
|
|||
"meta": {
|
||||
"external_id": "MOB-M1014"
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "fb3fa94a-3aee-4ab0-b7e7-abdf0a51286d",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "e829ee51-1caf-4665-ba15-7f8979634124",
|
||||
"value": "Interconnection Filtering - MOB-M1014"
|
||||
},
|
||||
|
@ -29,6 +48,15 @@
|
|||
"meta": {
|
||||
"external_id": "MOB-M1008"
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "702055ac-4e54-4ae9-9527-e23a38e0b160",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "d2a199d2-dfea-4d0c-987d-6195ed17be9c",
|
||||
"value": "Use Device-Provided Credential Storage - MOB-M1008"
|
||||
},
|
||||
|
@ -37,6 +65,15 @@
|
|||
"meta": {
|
||||
"external_id": "MOB-M1006"
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "a0464539-e1b7-4455-a355-12495987c300",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "0beabf44-e8d8-4ae4-9122-ef56369a2564",
|
||||
"value": "Use Recent OS Version - MOB-M1006"
|
||||
},
|
||||
|
@ -45,6 +82,15 @@
|
|||
"meta": {
|
||||
"external_id": "MOB-M1001"
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "f296fc9c-2ff5-43ee-941e-6b49c438270a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
|
||||
"value": "Security Updates - MOB-M1001"
|
||||
},
|
||||
|
@ -53,6 +99,15 @@
|
|||
"meta": {
|
||||
"external_id": "MOB-M1003"
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "46d818a5-67fa-4585-a7fc-ecf15376c8d5",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "8ccd428d-39da-4e8f-a55b-d48ea1d56e58",
|
||||
"value": "Lock Bootloader - MOB-M1003"
|
||||
},
|
||||
|
@ -61,6 +116,15 @@
|
|||
"meta": {
|
||||
"external_id": "MOB-M1004"
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "c5089859-b21f-40a3-8be4-63e381b8b1c0",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "7b1cf46f-784b-405a-a8dd-4624c19d8321",
|
||||
"value": "System Partition Integrity - MOB-M1004"
|
||||
},
|
||||
|
@ -69,6 +133,15 @@
|
|||
"meta": {
|
||||
"external_id": "MOB-M1002"
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "46d818a5-67fa-4585-a7fc-ecf15376c8d5",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "ff4821f6-5afb-481b-8c0f-26c28c0d666c",
|
||||
"value": "Attestation - MOB-M1002"
|
||||
},
|
||||
|
@ -77,6 +150,15 @@
|
|||
"meta": {
|
||||
"external_id": "MOB-M1007"
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "8e27551a-5080-4148-a584-c64348212e4f",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "e944670c-d03a-4e93-a21c-b3d4c53ec4c9",
|
||||
"value": "Caution with Device Administrator Access - MOB-M1007"
|
||||
},
|
||||
|
@ -85,6 +167,15 @@
|
|||
"meta": {
|
||||
"external_id": "MOB-M1013"
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "29e07491-8947-43a3-8d4e-9a787c45f3d3",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "25dc1ce8-eb55-4333-ae30-a7cb4f5894a1",
|
||||
"value": "Application Developer Guidance - MOB-M1013"
|
||||
},
|
||||
|
@ -93,6 +184,15 @@
|
|||
"meta": {
|
||||
"external_id": "MOB-M1005"
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "1553b156-6767-47f7-9eb4-2a692505666d",
|
||||
"value": "Application Vetting - MOB-M1005"
|
||||
},
|
||||
|
@ -101,6 +201,15 @@
|
|||
"meta": {
|
||||
"external_id": "MOB-M1011"
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "a0464539-e1b7-4455-a355-12495987c300",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "653492e3-27be-4a0e-b08c-938dd2b7e0e1",
|
||||
"value": "User Guidance - MOB-M1011"
|
||||
},
|
||||
|
@ -109,6 +218,15 @@
|
|||
"meta": {
|
||||
"external_id": "MOB-M1012"
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "51aedbd6-2837-4d15-aeb0-cb09f2bf22ac",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "649f7268-4c12-483b-ac84-4b7bca9fe2ee",
|
||||
"value": "Enterprise Policy - MOB-M1012"
|
||||
},
|
||||
|
@ -117,9 +235,18 @@
|
|||
"meta": {
|
||||
"external_id": "MOB-M1009"
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "393e8c12-a416-4575-ba90-19cc85656796",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "8220b57e-c400-4525-bf69-f8edc6b389a8",
|
||||
"value": "Encrypt Network Traffic - MOB-M1009"
|
||||
}
|
||||
],
|
||||
"version": 3
|
||||
"version": 4
|
||||
}
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
"authors": [
|
||||
"MITRE"
|
||||
],
|
||||
"category": "actor",
|
||||
"description": "Name of ATT&CK Group",
|
||||
"name": "Mobile Attack - intrusion Set",
|
||||
"source": "https://github.com/mitre/cti",
|
||||
|
@ -32,56 +33,14 @@
|
|||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "8ae43c46-57ef-47d5-a77a-eebb35628db2",
|
||||
"dest-uuid": "5b4ee3ea-eee3-4c8e-8323-85ae32658754",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "1de47f51-1f20-403b-a2e1-5eaabe275faa",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "3948ce95-468e-4ce1-82b1-57439c6d6afd",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "60c18d06-7b91-4742-bae3-647845cd9d81",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d26b5518-8d7f-41a6-b539-231e4962853e",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "6bd20349-1231-4aaa-ba2a-f4b09d3b344c",
|
||||
"dest-uuid": "213cdde9-c11a-4ea9-8ce0-c868e9826fec",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
|
@ -92,5 +51,5 @@
|
|||
"value": "APT28 - G0007"
|
||||
}
|
||||
],
|
||||
"version": 5
|
||||
"version": 6
|
||||
}
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
"authors": [
|
||||
"MITRE"
|
||||
],
|
||||
"category": "tool",
|
||||
"description": "Name of ATT&CK software",
|
||||
"name": "Mobile Attack - Malware",
|
||||
"source": "https://github.com/mitre/cti",
|
||||
|
@ -27,6 +28,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "a3dad2be-ce62-4440-953b-00fbce7aba93",
|
||||
|
@ -44,6 +52,15 @@
|
|||
"Trojan-SMS.AndroidOS.Agent.ao"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "a1867c56-8c86-455a-96ad-b0d5f7e2bc17",
|
||||
"value": "Trojan-SMS.AndroidOS.Agent.ao - MOB-S0023"
|
||||
},
|
||||
|
@ -65,6 +82,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "667e5707-3843-4da8-bd34-88b922526f0d",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "507fe748-5e4a-4b45-9e9f-8b1115f4e878",
|
||||
|
@ -82,6 +106,15 @@
|
|||
"KeyRaider"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "3b0b604f-10db-41a0-b54c-493124d455b9",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "3bc1f0ad-ef11-4afc-83c0-fcffe08d4e50",
|
||||
"value": "KeyRaider - MOB-S0004"
|
||||
},
|
||||
|
@ -98,6 +131,15 @@
|
|||
"BrainTest"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "e13d084c-382f-40fd-aa9a-98d69e20301e",
|
||||
"value": "BrainTest - MOB-S0009"
|
||||
},
|
||||
|
@ -123,6 +165,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "c80a6bef-b3ce-44d0-b113-946e93124898",
|
||||
|
@ -140,6 +189,15 @@
|
|||
"DressCode"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "22379609-a99f-4a01-bd7e-70f3e105859d",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "ff742eeb-1f90-4f5a-8b92-9d40fffd99ca",
|
||||
"value": "DressCode - MOB-S0016"
|
||||
},
|
||||
|
@ -156,6 +214,15 @@
|
|||
"Adups"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "f6ac21b6-2592-400c-8472-10d0e2f1bfaf",
|
||||
"value": "Adups - MOB-S0025"
|
||||
},
|
||||
|
@ -186,6 +253,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "33d9d91d-aad9-49d5-a516-220ce101ac8a",
|
||||
|
@ -203,6 +277,15 @@
|
|||
"RuMMS"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "936be60d-90eb-4c36-9247-4b31128432c4",
|
||||
"value": "RuMMS - MOB-S0029"
|
||||
},
|
||||
|
@ -225,6 +308,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "f981d199-2720-467e-9dc9-eea04dbe05cf",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "c8770c81-c29f-40d2-a140-38544206b2b4",
|
||||
|
@ -242,6 +332,15 @@
|
|||
"Trojan-SMS.AndroidOS.OpFake.a"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "d89c132d-7752-4c7f-9372-954a71522985",
|
||||
"value": "Trojan-SMS.AndroidOS.OpFake.a - MOB-S0024"
|
||||
},
|
||||
|
@ -264,6 +363,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "317a2c10-d489-431e-b6b2-f0251fddc88e",
|
||||
|
@ -281,6 +387,15 @@
|
|||
"MazarBOT"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "5ddf81ea-2c06-497b-8c30-5f1ab89a40f9",
|
||||
"value": "MazarBOT - MOB-S0019"
|
||||
},
|
||||
|
@ -297,6 +412,15 @@
|
|||
"Gooligan"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "702055ac-4e54-4ae9-9527-e23a38e0b160",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "20d56cd6-8dff-4871-9889-d32d254816de",
|
||||
"value": "Gooligan - MOB-S0006"
|
||||
},
|
||||
|
@ -312,6 +436,15 @@
|
|||
"OldBoot"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "46d818a5-67fa-4585-a7fc-ecf15376c8d5",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "2074b2ad-612e-4758-adce-7901c1b49bbc",
|
||||
"value": "OldBoot - MOB-S0001"
|
||||
},
|
||||
|
@ -333,6 +466,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "326eaf7b-5784-4f08-8fc2-61fd5d5bc5fb",
|
||||
|
@ -351,6 +491,15 @@
|
|||
"DroidJack RAT"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1",
|
||||
"value": "DroidJack RAT - MOB-S0036"
|
||||
},
|
||||
|
@ -366,6 +515,15 @@
|
|||
"HummingWhale"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "f981d199-2720-467e-9dc9-eea04dbe05cf",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "6447e3a1-ef4d-44b1-99d5-6b1c4888674f",
|
||||
"value": "HummingWhale - MOB-S0037"
|
||||
},
|
||||
|
@ -381,6 +539,15 @@
|
|||
"ANDROIDOS_ANSERVER.A"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "4bf6ba32-4165-42c1-b911-9c36165891c8",
|
||||
"value": "ANDROIDOS_ANSERVER.A - MOB-S0026"
|
||||
},
|
||||
|
@ -396,6 +563,15 @@
|
|||
"Trojan-SMS.AndroidOS.FakeInst.a"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "28e39395-91e7-4f02-b694-5e079c964da9",
|
||||
"value": "Trojan-SMS.AndroidOS.FakeInst.a - MOB-S0022"
|
||||
},
|
||||
|
@ -411,6 +587,15 @@
|
|||
"NotCompatible"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "22379609-a99f-4a01-bd7e-70f3e105859d",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "23040c15-e7d8-47b5-8c16-8fd3e0e297fe",
|
||||
"value": "NotCompatible - MOB-S0015"
|
||||
},
|
||||
|
@ -454,6 +639,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "56660521-6db4-4e5a-a927-464f22954b7c",
|
||||
|
@ -471,6 +663,15 @@
|
|||
"Twitoor"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "41e3fd01-7b83-471f-835d-d2b1dc9a770c",
|
||||
"value": "Twitoor - MOB-S0018"
|
||||
},
|
||||
|
@ -486,6 +687,15 @@
|
|||
"OBAD"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "ca4f63b9-a358-4214-bb26-8c912318cfde",
|
||||
"value": "OBAD - MOB-S0002"
|
||||
},
|
||||
|
@ -501,6 +711,15 @@
|
|||
"Android/Chuli.A"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "1f96d624-8409-4472-ad8a-30618ee6b2e2",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "d05f7357-4cbe-47ea-bf83-b8604226d533",
|
||||
"value": "Android/Chuli.A - MOB-S0020"
|
||||
},
|
||||
|
@ -516,6 +735,15 @@
|
|||
"PJApps"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "c709da93-20c3-4d17-ab68-48cba76b2137",
|
||||
"value": "PJApps - MOB-S0007"
|
||||
},
|
||||
|
@ -531,6 +759,15 @@
|
|||
"AndroidOverlayMalware"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "3dd58c80-4c2e-458c-9503-1b2cd273c4d2",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "b6d3657a-2d6a-400f-8b7e-4d60391aa1f7",
|
||||
"value": "AndroidOverlayMalware - MOB-S0012"
|
||||
},
|
||||
|
@ -546,6 +783,15 @@
|
|||
"ZergHelper"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "b765efd1-02e6-4e67-aebf-0fef5c37e54b",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "3c3b55a6-c3e9-4043-8aae-283fe96220c0",
|
||||
"value": "ZergHelper - MOB-S0003"
|
||||
},
|
||||
|
@ -561,6 +807,15 @@
|
|||
"SpyNote RAT"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "20dbaf05-59b8-4dc6-8777-0b17f4553a23",
|
||||
"value": "SpyNote RAT - MOB-S0021"
|
||||
},
|
||||
|
@ -576,6 +831,15 @@
|
|||
"RCSAndroid"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
|
||||
"value": "RCSAndroid - MOB-S0011"
|
||||
},
|
||||
|
@ -598,6 +862,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "d1c600f8-0fb6-4367-921b-85b71947d950",
|
||||
|
@ -614,6 +885,15 @@
|
|||
"YiSpecter"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "51aedbd6-2837-4d15-aeb0-cb09f2bf22ac",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "a15c9357-2be0-4836-beec-594f28b9b4a9",
|
||||
"value": "YiSpecter - MOB-S0027"
|
||||
},
|
||||
|
@ -645,6 +925,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "93799a9d-3537-43d8-b6f4-17215de1657c",
|
||||
|
@ -663,9 +950,18 @@
|
|||
"XcodeGhost"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "c4b96c0b-cb58-497a-a1c2-bb447d79d692",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "d9e07aea-baad-4b68-bdca-90c77647d7f9",
|
||||
"value": "XcodeGhost - MOB-S0013"
|
||||
}
|
||||
],
|
||||
"version": 5
|
||||
"version": 6
|
||||
}
|
||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -2,6 +2,7 @@
|
|||
"authors": [
|
||||
"MITRE"
|
||||
],
|
||||
"category": "tool",
|
||||
"description": "Name of ATT&CK software",
|
||||
"name": "Mobile Attack - Tool",
|
||||
"source": "https://github.com/mitre/cti",
|
||||
|
@ -41,11 +42,18 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "da21929e-40c0-443d-bdf4-6b60d15448b4",
|
||||
"value": "Xbot - MOB-S0014"
|
||||
}
|
||||
],
|
||||
"version": 5
|
||||
"version": 6
|
||||
}
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
"authors": [
|
||||
"MITRE"
|
||||
],
|
||||
"category": "attack-pattern",
|
||||
"description": "ATT&CK tactic",
|
||||
"name": "Pre Attack - Attack Pattern",
|
||||
"source": "https://github.com/mitre/cti",
|
||||
|
@ -33,6 +34,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1108"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "e6ca2820-a564-4b74-b42a-b6bdf052e5b6",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "72c8d526-1247-42d4-919c-6d7a31ca8f39",
|
||||
"value": "Obfuscate infrastructure - PRE-T1108"
|
||||
},
|
||||
|
@ -173,6 +183,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1025"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "7718e92f-b011-4f88-b822-ae245a1de407",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "c721b235-679a-4d76-9ae9-e08921fccf84",
|
||||
"value": "Identify job postings and needs/gaps - PRE-T1025"
|
||||
},
|
||||
|
@ -369,6 +388,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1077"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "96eb59d1-6c46-44bb-bfcd-56be02a00d41",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "7baccb84-356c-4e89-8c5d-58e701f033fc",
|
||||
"value": "Analyze organizational skillsets and deficiencies - PRE-T1077"
|
||||
},
|
||||
|
@ -439,6 +467,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1026"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "af358cad-eb71-4e91-a752-236edc237dae",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "74a3288e-eee9-4f8e-973a-fbc128e033f1",
|
||||
"value": "Conduct social engineering - PRE-T1026"
|
||||
},
|
||||
|
@ -453,6 +490,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1106"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "286cc500-4291-45c2-99a1-e760db176402",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "795c1a92-3a26-453e-b99a-6a566aa94dc6",
|
||||
"value": "Acquire and/or use 3rd party infrastructure services - PRE-T1106"
|
||||
},
|
||||
|
@ -481,6 +527,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1074"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "092f05e3-f7c0-4cd2-91be-3a8d6ed3cadc",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "96eb59d1-6c46-44bb-bfcd-56be02a00d41",
|
||||
"value": "Analyze organizational skillsets and deficiencies - PRE-T1074"
|
||||
},
|
||||
|
@ -509,6 +564,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1109"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "e5164428-03ca-4336-a9a7-4d9ea1417e59",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "03f4a766-7a21-4b5e-9ccf-e0cf422ab983",
|
||||
"value": "Acquire or compromise 3rd party signing certificates - PRE-T1109"
|
||||
},
|
||||
|
@ -593,6 +657,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1023"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "7860e21e-7514-4a3f-8a9d-56405ccfdb0c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "78e41091-d10d-4001-b202-89612892b6ff",
|
||||
"value": "Identify supply chains - PRE-T1023"
|
||||
},
|
||||
|
@ -635,6 +708,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1060"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "5b6ce031-bb86-407a-9984-2b9700ac4549",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "73e7d7d5-1782-4cd0-a4d7-00c7ec051c2a",
|
||||
"value": "Identify business relationships - PRE-T1060"
|
||||
},
|
||||
|
@ -747,6 +829,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1049"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "73e7d7d5-1782-4cd0-a4d7-00c7ec051c2a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "5b6ce031-bb86-407a-9984-2b9700ac4549",
|
||||
"value": "Identify business relationships - PRE-T1049"
|
||||
},
|
||||
|
@ -803,6 +894,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1088"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "54eb2bab-125f-4d1c-b999-0c692860bafe",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "20a66013-8dab-4ca3-a67d-766c842c561c",
|
||||
"value": "Dynamic DNS - PRE-T1088"
|
||||
},
|
||||
|
@ -929,6 +1029,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1037"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "dfa4eaf4-50d9-49de-89e9-d33f579f3e05",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "856a9371-4f0f-4ea9-946e-f3144204240f",
|
||||
"value": "Determine 3rd party infrastructure services - PRE-T1037"
|
||||
},
|
||||
|
@ -957,6 +1066,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1141"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "103d72e6-7e0d-4b3a-9373-c38567305c33",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "eacd1efe-ee30-4b03-b58f-5b3b1adfe45d",
|
||||
"value": "Friend/Follow/Connect to targets of interest - PRE-T1141"
|
||||
},
|
||||
|
@ -1027,6 +1145,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1084"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "795c1a92-3a26-453e-b99a-6a566aa94dc6",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "286cc500-4291-45c2-99a1-e760db176402",
|
||||
"value": "Acquire and/or use 3rd party infrastructure services - PRE-T1084"
|
||||
},
|
||||
|
@ -1265,6 +1392,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1055"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "c721b235-679a-4d76-9ae9-e08921fccf84",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "7718e92f-b011-4f88-b822-ae245a1de407",
|
||||
"value": "Identify job postings and needs/gaps - PRE-T1055"
|
||||
},
|
||||
|
@ -1279,6 +1415,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1056"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "af358cad-eb71-4e91-a752-236edc237dae",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "a757670d-d600-48d9-8ae9-601d42c184a5",
|
||||
"value": "Conduct social engineering - PRE-T1056"
|
||||
},
|
||||
|
@ -1293,6 +1438,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1053"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "59369f72-3005-4e54-9095-3d00efcece73",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "7860e21e-7514-4a3f-8a9d-56405ccfdb0c",
|
||||
"value": "Identify supply chains - PRE-T1053"
|
||||
},
|
||||
|
@ -1321,6 +1475,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1111"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "4900fabf-1142-4c1f-92f5-0b590e049077",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "e51398e6-53dc-4e9f-a323-e54683d8672b",
|
||||
"value": "Compromise 3rd party infrastructure to support delivery - PRE-T1111"
|
||||
},
|
||||
|
@ -1335,6 +1498,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1086"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "72c8d526-1247-42d4-919c-6d7a31ca8f39",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "e6ca2820-a564-4b74-b42a-b6bdf052e5b6",
|
||||
"value": "Obfuscate infrastructure - PRE-T1086"
|
||||
},
|
||||
|
@ -1517,6 +1689,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1121"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "eacd1efe-ee30-4b03-b58f-5b3b1adfe45d",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "103d72e6-7e0d-4b3a-9373-c38567305c33",
|
||||
"value": "Friend/Follow/Connect to targets of interest - PRE-T1121"
|
||||
},
|
||||
|
@ -1559,6 +1740,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1054"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "2b9a666e-bd59-4f67-9031-ed41b428e04a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "028ad431-84c5-4eb7-a364-2b797c234f88",
|
||||
"value": "Acquire OSINT data sets and information - PRE-T1054"
|
||||
},
|
||||
|
@ -1629,6 +1819,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1061"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "856a9371-4f0f-4ea9-946e-f3144204240f",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "dfa4eaf4-50d9-49de-89e9-d33f579f3e05",
|
||||
"value": "Determine 3rd party infrastructure services - PRE-T1061"
|
||||
},
|
||||
|
@ -1657,6 +1856,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1089"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "e51398e6-53dc-4e9f-a323-e54683d8672b",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "4900fabf-1142-4c1f-92f5-0b590e049077",
|
||||
"value": "Compromise 3rd party infrastructure to support delivery - PRE-T1089"
|
||||
},
|
||||
|
@ -1769,6 +1977,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1087"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "03f4a766-7a21-4b5e-9ccf-e0cf422ab983",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "e5164428-03ca-4336-a9a7-4d9ea1417e59",
|
||||
"value": "Acquire or compromise 3rd party signing certificates - PRE-T1087"
|
||||
},
|
||||
|
@ -1881,6 +2098,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1024"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "2b9a666e-bd59-4f67-9031-ed41b428e04a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "784ff1bc-1483-41fe-a172-4cd9ae25c06b",
|
||||
"value": "Acquire OSINT data sets and information - PRE-T1024"
|
||||
},
|
||||
|
@ -1895,6 +2121,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1085"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "488da8ed-2887-4ef6-a39a-5b69bc6682c6",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "1a295f87-af63-4d94-b130-039d6221fb11",
|
||||
"value": "Acquire and/or use 3rd party software services - PRE-T1085"
|
||||
},
|
||||
|
@ -1923,6 +2158,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1044"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "7718e92f-b011-4f88-b822-ae245a1de407",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "0722cd65-0c83-4c89-9502-539198467ab1",
|
||||
"value": "Identify job postings and needs/gaps - PRE-T1044"
|
||||
},
|
||||
|
@ -1951,6 +2195,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1107"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "1a295f87-af63-4d94-b130-039d6221fb11",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "488da8ed-2887-4ef6-a39a-5b69bc6682c6",
|
||||
"value": "Acquire and/or use 3rd party software services - PRE-T1107"
|
||||
},
|
||||
|
@ -1979,6 +2232,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1110"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "20a66013-8dab-4ca3-a67d-766c842c561c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "54eb2bab-125f-4d1c-b999-0c692860bafe",
|
||||
"value": "Dynamic DNS - PRE-T1110"
|
||||
},
|
||||
|
@ -2021,6 +2283,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1043"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "028ad431-84c5-4eb7-a364-2b797c234f88",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "2b9a666e-bd59-4f67-9031-ed41b428e04a",
|
||||
"value": "Acquire OSINT data sets and information - PRE-T1043"
|
||||
},
|
||||
|
@ -2077,6 +2348,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1066"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "96eb59d1-6c46-44bb-bfcd-56be02a00d41",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "092f05e3-f7c0-4cd2-91be-3a8d6ed3cadc",
|
||||
"value": "Analyze organizational skillsets and deficiencies - PRE-T1066"
|
||||
},
|
||||
|
@ -2147,6 +2427,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1042"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "7860e21e-7514-4a3f-8a9d-56405ccfdb0c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "59369f72-3005-4e54-9095-3d00efcece73",
|
||||
"value": "Identify supply chains - PRE-T1042"
|
||||
},
|
||||
|
@ -2357,6 +2646,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1045"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "74a3288e-eee9-4f8e-973a-fbc128e033f1",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "af358cad-eb71-4e91-a752-236edc237dae",
|
||||
"value": "Conduct social engineering - PRE-T1045"
|
||||
},
|
||||
|
@ -2445,5 +2743,5 @@
|
|||
"value": "Data Hiding - PRE-T1097"
|
||||
}
|
||||
],
|
||||
"version": 3
|
||||
"version": 4
|
||||
}
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
"authors": [
|
||||
"MITRE"
|
||||
],
|
||||
"category": "actor",
|
||||
"description": "Name of ATT&CK Group",
|
||||
"name": "Pre Attack - intrusion Set",
|
||||
"source": "https://github.com/mitre/cti",
|
||||
|
@ -20,6 +21,15 @@
|
|||
"APT16"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "3cab1b76-2f40-4cd0-8d2c-7ed16eeb909c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "d6e88e18-81e8-4709-82d8-973095da1e70",
|
||||
"value": "APT16 - G0023"
|
||||
},
|
||||
|
@ -59,6 +69,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "62b8c999-dcc0-4755-bd69-09442d9359f5",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
|
||||
|
@ -115,6 +132,13 @@
|
|||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "b96e02f1-4037-463f-b158-5a964352f8d9",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13",
|
||||
"tags": [
|
||||
|
@ -142,6 +166,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063",
|
||||
|
@ -170,6 +201,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "8beac7c2-48d2-4cd9-9b15-6c452f38ac06",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "c47f937f-1022-4f42-8525-e7a4779a14cb",
|
||||
|
@ -197,6 +235,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "1608f3e1-598a-42f4-a01a-2e252e81728f",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
|
||||
|
@ -223,6 +268,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "88c621a7-aef9-4ae0-94e3-1fc87123eb24",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8",
|
||||
|
@ -269,11 +321,18 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d69c8146-ab35-4d50-8382-6fc80e641d43",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "090242d7-73fc-4738-af68-20162f7a5aae",
|
||||
"value": "APT17 - G0025"
|
||||
}
|
||||
],
|
||||
"version": 4
|
||||
"version": 6
|
||||
}
|
||||
|
|
|
@ -1,925 +0,0 @@
|
|||
{
|
||||
"authors": [
|
||||
"MITRE"
|
||||
],
|
||||
"description": "MITRE Relationship",
|
||||
"name": "Pre Attack - Relationship",
|
||||
"source": "https://github.com/mitre/cti",
|
||||
"type": "mitre-pre-attack-relationship",
|
||||
"uuid": "1ffd3108-1708-11e8-9f98-67b378d9094c",
|
||||
"values": [
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
|
||||
"target-uuid": "58d0b955-ae3d-424a-a537-2804dab38793"
|
||||
},
|
||||
"uuid": "1eed277b-a2a7-43f9-bf12-6e30abf0841a",
|
||||
"value": "APT28 (G0007) uses Unconditional client-side exploitation/Injected Website/Driveby (PRE-T1149)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "eacd1efe-ee30-4b03-b58f-5b3b1adfe45d",
|
||||
"target-uuid": "103d72e6-7e0d-4b3a-9373-c38567305c33"
|
||||
},
|
||||
"uuid": "4a69750c-47d5-40f5-b753-c6bb2a27a359",
|
||||
"value": "Friend/Follow/Connect to targets of interest (PRE-T1141) related-to Friend/Follow/Connect to targets of interest (PRE-T1121)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
|
||||
"target-uuid": "15ef4da5-3b93-4bb1-a39a-5396661956d3"
|
||||
},
|
||||
"uuid": "2b6a71e4-e5d5-41d2-a193-9a95c94dc924",
|
||||
"value": "APT1 (G0006) uses Build and configure delivery systems (PRE-T1124)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8",
|
||||
"target-uuid": "e24a9f99-cb76-42a3-a50b-464668773e97"
|
||||
},
|
||||
"uuid": "57723021-1eb3-4bf2-86eb-fdbf8a1b8125",
|
||||
"value": "Night Dragon (G0014) uses Spear phishing messages with malicious attachments (PRE-T1144)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8",
|
||||
"target-uuid": "9755ecdc-deb0-40e6-af49-713cb0f8ed92"
|
||||
},
|
||||
"uuid": "a34c16e9-bc7e-45f5-a9a2-8b05d868e6a0",
|
||||
"value": "Night Dragon (G0014) uses Remote access tool development (PRE-T1128)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "d6e88e18-81e8-4709-82d8-973095da1e70",
|
||||
"target-uuid": "d69c3e06-8311-4093-8e3e-0a8e06b15d92"
|
||||
},
|
||||
"uuid": "307e24f8-4d7c-49a8-88f6-fb0a99fe8ff4",
|
||||
"value": "APT16 (G0023) uses Assess targeting options (PRE-T1073)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "7baccb84-356c-4e89-8c5d-58e701f033fc",
|
||||
"target-uuid": "092f05e3-f7c0-4cd2-91be-3a8d6ed3cadc"
|
||||
},
|
||||
"uuid": "2dbdcf5e-af75-4f92-b4ad-942a06aab259",
|
||||
"value": "Analyze organizational skillsets and deficiencies (PRE-T1077) related-to Analyze organizational skillsets and deficiencies (PRE-T1066)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
|
||||
"target-uuid": "f4c5d1d9-8f0e-46f1-a9fa-f9a440926046"
|
||||
},
|
||||
"uuid": "9af7194c-1eea-4aef-bab1-49bd29be069c",
|
||||
"value": "APT1 (G0006) uses Confirmation of launched compromise achieved (PRE-T1160)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8",
|
||||
"target-uuid": "89a79d91-53e0-4ef5-ba28-558cb8b01f76"
|
||||
},
|
||||
"uuid": "f6dd74d9-ed02-4fe4-aff6-9ef25906592f",
|
||||
"value": "Night Dragon (G0014) uses Identify groups/roles (PRE-T1047)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "090242d7-73fc-4738-af68-20162f7a5aae",
|
||||
"target-uuid": "271e6d40-e191-421a-8f87-a8102452c201"
|
||||
},
|
||||
"uuid": "614f64d8-c221-4789-b1e1-787e9326a37b",
|
||||
"value": "APT17 (G0025) uses Develop social network persona digital footprint (PRE-T1119)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
|
||||
"target-uuid": "e24a9f99-cb76-42a3-a50b-464668773e97"
|
||||
},
|
||||
"uuid": "84943231-1b44-4029-ae09-0dbf05440bef",
|
||||
"value": "APT1 (G0006) uses Spear phishing messages with malicious attachments (PRE-T1144)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
|
||||
"target-uuid": "d3999268-740f-467e-a075-c82e2d04be62"
|
||||
},
|
||||
"uuid": "51d03816-347c-4716-9524-da99a58f5ea6",
|
||||
"value": "APT1 (G0006) uses Assess leadership areas of interest (PRE-T1001)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "af358cad-eb71-4e91-a752-236edc237dae",
|
||||
"target-uuid": "74a3288e-eee9-4f8e-973a-fbc128e033f1"
|
||||
},
|
||||
"uuid": "ad510f42-e745-42d0-8b54-4bf7a2f3cf34",
|
||||
"value": "Conduct social engineering (PRE-T1045) related-to Conduct social engineering (PRE-T1026)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063",
|
||||
"target-uuid": "9108e212-1c94-4f8d-be76-1aad9b4c86a4"
|
||||
},
|
||||
"uuid": "ab356c7a-6922-4143-90eb-5be632e2f6cd",
|
||||
"value": "Cleaver (G0003) uses Build social network persona (PRE-T1118)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "c721b235-679a-4d76-9ae9-e08921fccf84",
|
||||
"target-uuid": "7718e92f-b011-4f88-b822-ae245a1de407"
|
||||
},
|
||||
"uuid": "ab313887-ff00-4aa9-8edb-ab107c517c19",
|
||||
"value": "Identify job postings and needs/gaps (PRE-T1025) related-to Identify job postings and needs/gaps (PRE-T1055)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "d6e88e18-81e8-4709-82d8-973095da1e70",
|
||||
"target-uuid": "784ff1bc-1483-41fe-a172-4cd9ae25c06b"
|
||||
},
|
||||
"uuid": "edb31962-2310-4618-bd4f-d34f8e7d58e8",
|
||||
"value": "APT16 (G0023) uses Acquire OSINT data sets and information (PRE-T1024)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8",
|
||||
"target-uuid": "286cc500-4291-45c2-99a1-e760db176402"
|
||||
},
|
||||
"uuid": "0adf353d-688b-46ce-88bb-62a008675fe0",
|
||||
"value": "Night Dragon (G0014) uses Acquire and/or use 3rd party infrastructure services (PRE-T1084)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8",
|
||||
"target-uuid": "d778cb83-2292-4995-b006-d38f52bc1e64"
|
||||
},
|
||||
"uuid": "e95ea206-3962-43af-aac1-042ac9928679",
|
||||
"value": "Night Dragon (G0014) uses Identify gap areas (PRE-T1002)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063",
|
||||
"target-uuid": "fddd81e9-dd3d-477e-9773-4fb8ae227234"
|
||||
},
|
||||
"uuid": "b09b41c4-670f-4f00-b8d5-a8c6a2dcfcfb",
|
||||
"value": "Cleaver (G0003) uses Create custom payloads (PRE-T1122)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
|
||||
"target-uuid": "c860af4a-376e-46d7-afbf-262c41012227"
|
||||
},
|
||||
"uuid": "26bf68a4-af3c-4d39-bad3-5f0ce824f4a3",
|
||||
"value": "APT28 (G0007) uses Determine operational element (PRE-T1019)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
|
||||
"target-uuid": "45242287-2964-4a3e-9373-159fad4d8195"
|
||||
},
|
||||
"uuid": "3d65fc7e-87a5-4113-bd9c-09453fba4d1e",
|
||||
"value": "APT28 (G0007) uses Buy domain name (PRE-T1105)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "7718e92f-b011-4f88-b822-ae245a1de407",
|
||||
"target-uuid": "c721b235-679a-4d76-9ae9-e08921fccf84"
|
||||
},
|
||||
"uuid": "22d4f32c-63c1-400f-8e2c-10e4a200d133",
|
||||
"value": "Identify job postings and needs/gaps (PRE-T1055) related-to Identify job postings and needs/gaps (PRE-T1025)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "73e7d7d5-1782-4cd0-a4d7-00c7ec051c2a",
|
||||
"target-uuid": "5b6ce031-bb86-407a-9984-2b9700ac4549"
|
||||
},
|
||||
"uuid": "ac1dfc58-d5a2-4b6f-9bf4-c6c0d2d3ae80",
|
||||
"value": "Identify business relationships (PRE-T1060) related-to Identify business relationships (PRE-T1049)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "5b6ce031-bb86-407a-9984-2b9700ac4549",
|
||||
"target-uuid": "73e7d7d5-1782-4cd0-a4d7-00c7ec051c2a"
|
||||
},
|
||||
"uuid": "9524754d-7743-47b3-8395-3cbfb633c020",
|
||||
"value": "Identify business relationships (PRE-T1049) related-to Identify business relationships (PRE-T1060)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063",
|
||||
"target-uuid": "271e6d40-e191-421a-8f87-a8102452c201"
|
||||
},
|
||||
"uuid": "d26a1746-b577-4a89-be5e-c49611e8c65a",
|
||||
"value": "Cleaver (G0003) uses Develop social network persona digital footprint (PRE-T1119)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063",
|
||||
"target-uuid": "c2ffd229-11bb-4fd8-9208-edbe97b14c93"
|
||||
},
|
||||
"uuid": "f43faad4-a016-4da0-8de6-53103d429268",
|
||||
"value": "Cleaver (G0003) uses Obfuscation or cryptography (PRE-T1090)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
|
||||
"target-uuid": "20a66013-8dab-4ca3-a67d-766c842c561c"
|
||||
},
|
||||
"uuid": "0e7905fd-77c8-43cb-b499-7d6e37fefbeb",
|
||||
"value": "APT1 (G0006) uses Dynamic DNS (PRE-T1088)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063",
|
||||
"target-uuid": "b79a1960-d0be-4b51-bb62-b27e91e1dea0"
|
||||
},
|
||||
"uuid": "3f8694fa-8e16-465b-8357-ec0a85316e9c",
|
||||
"value": "Cleaver (G0003) uses Conduct social engineering or HUMINT operation (PRE-T1153)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "090242d7-73fc-4738-af68-20162f7a5aae",
|
||||
"target-uuid": "72c8d526-1247-42d4-919c-6d7a31ca8f39"
|
||||
},
|
||||
"uuid": "9c87b627-de61-42da-a658-7bdb33358754",
|
||||
"value": "APT17 (G0025) uses Obfuscate infrastructure (PRE-T1108)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
|
||||
"target-uuid": "fddd81e9-dd3d-477e-9773-4fb8ae227234"
|
||||
},
|
||||
"uuid": "6d809b32-a5db-4e1e-bea6-ef29a2c680e5",
|
||||
"value": "APT28 (G0007) uses Create custom payloads (PRE-T1122)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "20a66013-8dab-4ca3-a67d-766c842c561c",
|
||||
"target-uuid": "54eb2bab-125f-4d1c-b999-0c692860bafe"
|
||||
},
|
||||
"uuid": "f24a6bf4-c60f-4fa6-8f6a-f2806ae92cdd",
|
||||
"value": "Dynamic DNS (PRE-T1088) related-to Dynamic DNS (PRE-T1110)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "54eb2bab-125f-4d1c-b999-0c692860bafe",
|
||||
"target-uuid": "20a66013-8dab-4ca3-a67d-766c842c561c"
|
||||
},
|
||||
"uuid": "94daf955-fb3e-4f13-af60-0e3ffa185be0",
|
||||
"value": "Dynamic DNS (PRE-T1110) related-to Dynamic DNS (PRE-T1088)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "090242d7-73fc-4738-af68-20162f7a5aae",
|
||||
"target-uuid": "9108e212-1c94-4f8d-be76-1aad9b4c86a4"
|
||||
},
|
||||
"uuid": "545cd36e-572e-413d-82b9-db65788791f9",
|
||||
"value": "APT17 (G0025) uses Build social network persona (PRE-T1118)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
|
||||
"target-uuid": "e51398e6-53dc-4e9f-a323-e54683d8672b"
|
||||
},
|
||||
"uuid": "8a2c46d3-92f2-4ff7-a912-8d47189a7d79",
|
||||
"value": "APT1 (G0006) uses Compromise 3rd party infrastructure to support delivery (PRE-T1111)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "784ff1bc-1483-41fe-a172-4cd9ae25c06b",
|
||||
"target-uuid": "028ad431-84c5-4eb7-a364-2b797c234f88"
|
||||
},
|
||||
"uuid": "60b6c9a6-7705-4c72-93bb-67de0caf11f4",
|
||||
"value": "Acquire OSINT data sets and information (PRE-T1024) related-to Acquire OSINT data sets and information (PRE-T1054)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "7860e21e-7514-4a3f-8a9d-56405ccfdb0c",
|
||||
"target-uuid": "78e41091-d10d-4001-b202-89612892b6ff"
|
||||
},
|
||||
"uuid": "9c44b2ec-70b0-4f5c-800e-426477330658",
|
||||
"value": "Identify supply chains (PRE-T1053) related-to Identify supply chains (PRE-T1023)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "e51398e6-53dc-4e9f-a323-e54683d8672b",
|
||||
"target-uuid": "4900fabf-1142-4c1f-92f5-0b590e049077"
|
||||
},
|
||||
"uuid": "bc165934-7ef6-4aed-a0d7-81d3372589f4",
|
||||
"value": "Compromise 3rd party infrastructure to support delivery (PRE-T1111) related-to Compromise 3rd party infrastructure to support delivery (PRE-T1089)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
|
||||
"target-uuid": "288b3cc3-f4da-4250-ab8c-d8b5dbed94ca"
|
||||
},
|
||||
"uuid": "643d984b-0c82-4e14-8ba9-1b8dec0c91e2",
|
||||
"value": "APT28 (G0007) uses Identify web defensive services (PRE-T1033)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "7baccb84-356c-4e89-8c5d-58e701f033fc",
|
||||
"target-uuid": "96eb59d1-6c46-44bb-bfcd-56be02a00d41"
|
||||
},
|
||||
"uuid": "715a66b4-7925-40b4-868a-e47aba879f8b",
|
||||
"value": "Analyze organizational skillsets and deficiencies (PRE-T1077) related-to Analyze organizational skillsets and deficiencies (PRE-T1074)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "2b9a666e-bd59-4f67-9031-ed41b428e04a",
|
||||
"target-uuid": "028ad431-84c5-4eb7-a364-2b797c234f88"
|
||||
},
|
||||
"uuid": "28bf7e8b-9948-40a8-945b-6b5f2c78ec53",
|
||||
"value": "Acquire OSINT data sets and information (PRE-T1043) related-to Acquire OSINT data sets and information (PRE-T1054)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
|
||||
"target-uuid": "27f3ddf8-1b77-4cc2-a4c0-e6da3d31a768"
|
||||
},
|
||||
"uuid": "2b0ec032-eaca-4f0c-be55-39471f0f2bf5",
|
||||
"value": "APT1 (G0006) uses Obtain/re-use payloads (PRE-T1123)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "784ff1bc-1483-41fe-a172-4cd9ae25c06b",
|
||||
"target-uuid": "2b9a666e-bd59-4f67-9031-ed41b428e04a"
|
||||
},
|
||||
"uuid": "1143e6a6-deef-4dbd-8c91-7bf537d8f5ce",
|
||||
"value": "Acquire OSINT data sets and information (PRE-T1024) related-to Acquire OSINT data sets and information (PRE-T1043)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "78e41091-d10d-4001-b202-89612892b6ff",
|
||||
"target-uuid": "59369f72-3005-4e54-9095-3d00efcece73"
|
||||
},
|
||||
"uuid": "a29f2adc-c328-4cf3-9984-2c0c72ec7061",
|
||||
"value": "Identify supply chains (PRE-T1023) related-to Identify supply chains (PRE-T1042)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
|
||||
"target-uuid": "abd5bed1-4c12-45de-a623-ab8dc4ff862a"
|
||||
},
|
||||
"uuid": "eab3be4e-4130-4898-a7b6-d9e9eb34f2bd",
|
||||
"value": "APT28 (G0007) uses Research relevant vulnerabilities/CVEs (PRE-T1068)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
|
||||
"target-uuid": "1a295f87-af63-4d94-b130-039d6221fb11"
|
||||
},
|
||||
"uuid": "39db1df8-f786-480c-9faf-5b870de2250b",
|
||||
"value": "APT1 (G0006) uses Acquire and/or use 3rd party software services (PRE-T1085)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "028ad431-84c5-4eb7-a364-2b797c234f88",
|
||||
"target-uuid": "2b9a666e-bd59-4f67-9031-ed41b428e04a"
|
||||
},
|
||||
"uuid": "6ba71250-1dc7-4b8d-88e7-698440ea18a0",
|
||||
"value": "Acquire OSINT data sets and information (PRE-T1054) related-to Acquire OSINT data sets and information (PRE-T1043)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
|
||||
"target-uuid": "e24a9f99-cb76-42a3-a50b-464668773e97"
|
||||
},
|
||||
"uuid": "6238613d-8683-420d-baf7-6050aa27eb9d",
|
||||
"value": "APT28 (G0007) uses Spear phishing messages with malicious attachments (PRE-T1144)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "286cc500-4291-45c2-99a1-e760db176402",
|
||||
"target-uuid": "795c1a92-3a26-453e-b99a-6a566aa94dc6"
|
||||
},
|
||||
"uuid": "5dc0b076-5f25-4bda-83c7-1d8bd214b81a",
|
||||
"value": "Acquire and/or use 3rd party infrastructure services (PRE-T1084) related-to Acquire and/or use 3rd party infrastructure services (PRE-T1106)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "7860e21e-7514-4a3f-8a9d-56405ccfdb0c",
|
||||
"target-uuid": "59369f72-3005-4e54-9095-3d00efcece73"
|
||||
},
|
||||
"uuid": "7aaa32b6-73f3-4b6e-98ae-da16976e6003",
|
||||
"value": "Identify supply chains (PRE-T1053) related-to Identify supply chains (PRE-T1042)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
|
||||
"target-uuid": "4900fabf-1142-4c1f-92f5-0b590e049077"
|
||||
},
|
||||
"uuid": "cc22ab71-f2fc-4885-832b-e75dadeefa2d",
|
||||
"value": "APT1 (G0006) uses Compromise 3rd party infrastructure to support delivery (PRE-T1089)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
|
||||
"target-uuid": "784ff1bc-1483-41fe-a172-4cd9ae25c06b"
|
||||
},
|
||||
"uuid": "60e79ac2-3dc1-4005-a1f8-260d58117dab",
|
||||
"value": "APT28 (G0007) uses Acquire OSINT data sets and information (PRE-T1024)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "c47f937f-1022-4f42-8525-e7a4779a14cb",
|
||||
"target-uuid": "9a8c47f6-ae69-4044-917d-4b1602af64d9"
|
||||
},
|
||||
"uuid": "7da16587-3861-4404-9043-0076e4766ac4",
|
||||
"value": "APT12 (G0005) uses Choose pre-compromised persona and affiliated accounts (PRE-T1120)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
|
||||
"target-uuid": "91a3735f-817a-4450-8ed4-f05a0f5c3877"
|
||||
},
|
||||
"uuid": "6cfc9229-9928-414e-bfaf-f63e815b4c84",
|
||||
"value": "APT28 (G0007) uses Determine strategic target (PRE-T1018)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "dfa4eaf4-50d9-49de-89e9-d33f579f3e05",
|
||||
"target-uuid": "856a9371-4f0f-4ea9-946e-f3144204240f"
|
||||
},
|
||||
"uuid": "a7f177e4-7e7f-4883-af3d-c95db9ea7a53",
|
||||
"value": "Determine 3rd party infrastructure services (PRE-T1061) related-to Determine 3rd party infrastructure services (PRE-T1037)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063",
|
||||
"target-uuid": "27f3ddf8-1b77-4cc2-a4c0-e6da3d31a768"
|
||||
},
|
||||
"uuid": "515e7665-040c-44ac-a379-44d4399d6e2b",
|
||||
"value": "Cleaver (G0003) uses Obtain/re-use payloads (PRE-T1123)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "96eb59d1-6c46-44bb-bfcd-56be02a00d41",
|
||||
"target-uuid": "7baccb84-356c-4e89-8c5d-58e701f033fc"
|
||||
},
|
||||
"uuid": "b180dee5-0d48-448f-94b9-4997f0c584d5",
|
||||
"value": "Analyze organizational skillsets and deficiencies (PRE-T1074) related-to Analyze organizational skillsets and deficiencies (PRE-T1077)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "4900fabf-1142-4c1f-92f5-0b590e049077",
|
||||
"target-uuid": "e51398e6-53dc-4e9f-a323-e54683d8672b"
|
||||
},
|
||||
"uuid": "28815a00-1cf4-4fbc-9039-306a9542c7fd",
|
||||
"value": "Compromise 3rd party infrastructure to support delivery (PRE-T1089) related-to Compromise 3rd party infrastructure to support delivery (PRE-T1111)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "c721b235-679a-4d76-9ae9-e08921fccf84",
|
||||
"target-uuid": "0722cd65-0c83-4c89-9502-539198467ab1"
|
||||
},
|
||||
"uuid": "8bcaccd1-403b-40f1-82d3-ac4d873263f8",
|
||||
"value": "Identify job postings and needs/gaps (PRE-T1025) related-to Identify job postings and needs/gaps (PRE-T1044)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
|
||||
"target-uuid": "ef0f816a-d561-4953-84c6-2a2936c96957"
|
||||
},
|
||||
"uuid": "5aab758c-79d2-4219-9053-f50791d98531",
|
||||
"value": "APT28 (G0007) uses Discover target logon/email address format (PRE-T1032)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "c47f937f-1022-4f42-8525-e7a4779a14cb",
|
||||
"target-uuid": "e6ca2820-a564-4b74-b42a-b6bdf052e5b6"
|
||||
},
|
||||
"uuid": "b55534ba-37ce-47f2-a961-edeaeedcb399",
|
||||
"value": "APT12 (G0005) uses Obfuscate infrastructure (PRE-T1086)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
|
||||
"target-uuid": "27f3ddf8-1b77-4cc2-a4c0-e6da3d31a768"
|
||||
},
|
||||
"uuid": "709bb5af-c484-48f2-bb19-bd7630e42e2d",
|
||||
"value": "APT28 (G0007) uses Obtain/re-use payloads (PRE-T1123)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "c47f937f-1022-4f42-8525-e7a4779a14cb",
|
||||
"target-uuid": "91a3735f-817a-4450-8ed4-f05a0f5c3877"
|
||||
},
|
||||
"uuid": "4e06cf53-00b1-46a6-a6b6-8e33e761b83f",
|
||||
"value": "APT12 (G0005) uses Determine strategic target (PRE-T1018)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "090242d7-73fc-4738-af68-20162f7a5aae",
|
||||
"target-uuid": "91a3735f-817a-4450-8ed4-f05a0f5c3877"
|
||||
},
|
||||
"uuid": "89754a0d-03b1-44e3-94c5-7a892d171a28",
|
||||
"value": "APT17 (G0025) uses Determine strategic target (PRE-T1018)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "af358cad-eb71-4e91-a752-236edc237dae",
|
||||
"target-uuid": "a757670d-d600-48d9-8ae9-601d42c184a5"
|
||||
},
|
||||
"uuid": "984d13eb-ba9c-4e7c-8675-85dde9877a81",
|
||||
"value": "Conduct social engineering (PRE-T1045) related-to Conduct social engineering (PRE-T1056)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
|
||||
"target-uuid": "d3999268-740f-467e-a075-c82e2d04be62"
|
||||
},
|
||||
"uuid": "2daad934-bf08-4a2f-b656-4f7d197eb8fa",
|
||||
"value": "APT28 (G0007) uses Assess leadership areas of interest (PRE-T1001)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "c47f937f-1022-4f42-8525-e7a4779a14cb",
|
||||
"target-uuid": "e24a9f99-cb76-42a3-a50b-464668773e97"
|
||||
},
|
||||
"uuid": "1895866a-4689-4527-8460-95e9cd7dd037",
|
||||
"value": "APT12 (G0005) uses Spear phishing messages with malicious attachments (PRE-T1144)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "a757670d-d600-48d9-8ae9-601d42c184a5",
|
||||
"target-uuid": "74a3288e-eee9-4f8e-973a-fbc128e033f1"
|
||||
},
|
||||
"uuid": "51c20b46-16cc-4b58-80d7-89d48b14b064",
|
||||
"value": "Conduct social engineering (PRE-T1056) related-to Conduct social engineering (PRE-T1026)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "03f4a766-7a21-4b5e-9ccf-e0cf422ab983",
|
||||
"target-uuid": "e5164428-03ca-4336-a9a7-4d9ea1417e59"
|
||||
},
|
||||
"uuid": "fe31fa7c-be01-47ca-90bb-0fb49b49eb03",
|
||||
"value": "Acquire or compromise 3rd party signing certificates (PRE-T1109) related-to Acquire or compromise 3rd party signing certificates (PRE-T1087)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "59369f72-3005-4e54-9095-3d00efcece73",
|
||||
"target-uuid": "78e41091-d10d-4001-b202-89612892b6ff"
|
||||
},
|
||||
"uuid": "432c700b-4bf3-4824-a530-a6e86882c4b7",
|
||||
"value": "Identify supply chains (PRE-T1042) related-to Identify supply chains (PRE-T1023)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "7718e92f-b011-4f88-b822-ae245a1de407",
|
||||
"target-uuid": "0722cd65-0c83-4c89-9502-539198467ab1"
|
||||
},
|
||||
"uuid": "ef32147c-d309-4867-aaba-998088290e32",
|
||||
"value": "Identify job postings and needs/gaps (PRE-T1055) related-to Identify job postings and needs/gaps (PRE-T1044)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "d6e88e18-81e8-4709-82d8-973095da1e70",
|
||||
"target-uuid": "e51398e6-53dc-4e9f-a323-e54683d8672b"
|
||||
},
|
||||
"uuid": "f8559304-7ef6-4c48-8d76-a56ebf37c0be",
|
||||
"value": "APT16 (G0023) uses Compromise 3rd party infrastructure to support delivery (PRE-T1111)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
|
||||
"target-uuid": "2141aea0-cf38-49aa-9e51-ac34092bc30a"
|
||||
},
|
||||
"uuid": "3d3eb711-5054-4b32-8006-15ba67d3bb25",
|
||||
"value": "APT1 (G0006) uses Procure required equipment and software (PRE-T1112)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "0722cd65-0c83-4c89-9502-539198467ab1",
|
||||
"target-uuid": "7718e92f-b011-4f88-b822-ae245a1de407"
|
||||
},
|
||||
"uuid": "689ebb39-52f4-4b2f-8678-72cfed67cb9f",
|
||||
"value": "Identify job postings and needs/gaps (PRE-T1044) related-to Identify job postings and needs/gaps (PRE-T1055)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "96eb59d1-6c46-44bb-bfcd-56be02a00d41",
|
||||
"target-uuid": "092f05e3-f7c0-4cd2-91be-3a8d6ed3cadc"
|
||||
},
|
||||
"uuid": "36990d75-9fbd-43f0-9966-ae58f0388e1d",
|
||||
"value": "Analyze organizational skillsets and deficiencies (PRE-T1074) related-to Analyze organizational skillsets and deficiencies (PRE-T1066)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "795c1a92-3a26-453e-b99a-6a566aa94dc6",
|
||||
"target-uuid": "286cc500-4291-45c2-99a1-e760db176402"
|
||||
},
|
||||
"uuid": "9a1f729c-72a9-4735-9d48-ecb54ea018a9",
|
||||
"value": "Acquire and/or use 3rd party infrastructure services (PRE-T1106) related-to Acquire and/or use 3rd party infrastructure services (PRE-T1084)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
|
||||
"target-uuid": "eb517589-eefc-480e-b8e3-7a8b1066f6f1"
|
||||
},
|
||||
"uuid": "7c68bb22-457e-4942-9e07-36f6cd5ac5ba",
|
||||
"value": "APT1 (G0006) uses Targeted social media phishing (PRE-T1143)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063",
|
||||
"target-uuid": "0440f60f-9056-4791-a740-8eae96eb61fa"
|
||||
},
|
||||
"uuid": "75c781d7-f9ef-42c8-b610-0dc1ecb3b350",
|
||||
"value": "Cleaver (G0003) uses Authorized user performs requested cyber action (PRE-T1163)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "092f05e3-f7c0-4cd2-91be-3a8d6ed3cadc",
|
||||
"target-uuid": "7baccb84-356c-4e89-8c5d-58e701f033fc"
|
||||
},
|
||||
"uuid": "d5bd7a33-a249-46e5-bb19-a498eba42bdb",
|
||||
"value": "Analyze organizational skillsets and deficiencies (PRE-T1066) related-to Analyze organizational skillsets and deficiencies (PRE-T1077)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
|
||||
"target-uuid": "15d5eaa4-597a-47fd-a692-f2bed434d904"
|
||||
},
|
||||
"uuid": "8a2549fa-9e7c-4d47-9678-8ed0bb8fa3aa",
|
||||
"value": "APT1 (G0006) uses Derive intelligence requirements (PRE-T1007)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
|
||||
"target-uuid": "0440f60f-9056-4791-a740-8eae96eb61fa"
|
||||
},
|
||||
"uuid": "0f97c2ae-2b89-4dd5-a270-42b1dcb5d403",
|
||||
"value": "APT1 (G0006) uses Authorized user performs requested cyber action (PRE-T1163)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "d6e88e18-81e8-4709-82d8-973095da1e70",
|
||||
"target-uuid": "e24a9f99-cb76-42a3-a50b-464668773e97"
|
||||
},
|
||||
"uuid": "c90a4d6a-af21-4103-ba57-3ddeb6e973e7",
|
||||
"value": "APT16 (G0023) uses Spear phishing messages with malicious attachments (PRE-T1144)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063",
|
||||
"target-uuid": "c860af4a-376e-46d7-afbf-262c41012227"
|
||||
},
|
||||
"uuid": "eca0f05c-5025-4149-9826-3715cc243180",
|
||||
"value": "Cleaver (G0003) uses Determine operational element (PRE-T1019)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "c47f937f-1022-4f42-8525-e7a4779a14cb",
|
||||
"target-uuid": "d778cb83-2292-4995-b006-d38f52bc1e64"
|
||||
},
|
||||
"uuid": "683d4e44-f763-492c-b510-fa469a923798",
|
||||
"value": "APT12 (G0005) uses Identify gap areas (PRE-T1002)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "72c8d526-1247-42d4-919c-6d7a31ca8f39",
|
||||
"target-uuid": "e6ca2820-a564-4b74-b42a-b6bdf052e5b6"
|
||||
},
|
||||
"uuid": "db4dfa09-7f19-437a-9d79-15f2dc8ba0da",
|
||||
"value": "Obfuscate infrastructure (PRE-T1108) related-to Obfuscate infrastructure (PRE-T1086)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "0722cd65-0c83-4c89-9502-539198467ab1",
|
||||
"target-uuid": "c721b235-679a-4d76-9ae9-e08921fccf84"
|
||||
},
|
||||
"uuid": "bbb1c074-a93a-4e40-b11e-2151403f7f1d",
|
||||
"value": "Identify job postings and needs/gaps (PRE-T1044) related-to Identify job postings and needs/gaps (PRE-T1025)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "028ad431-84c5-4eb7-a364-2b797c234f88",
|
||||
"target-uuid": "784ff1bc-1483-41fe-a172-4cd9ae25c06b"
|
||||
},
|
||||
"uuid": "0e52753e-0a02-4bec-88f9-f8ee21b46bae",
|
||||
"value": "Acquire OSINT data sets and information (PRE-T1054) related-to Acquire OSINT data sets and information (PRE-T1024)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063",
|
||||
"target-uuid": "91a3735f-817a-4450-8ed4-f05a0f5c3877"
|
||||
},
|
||||
"uuid": "3c7c0851-1cf8-458f-862d-4e4827f8f474",
|
||||
"value": "Cleaver (G0003) uses Determine strategic target (PRE-T1018)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "e5164428-03ca-4336-a9a7-4d9ea1417e59",
|
||||
"target-uuid": "03f4a766-7a21-4b5e-9ccf-e0cf422ab983"
|
||||
},
|
||||
"uuid": "c388ed7c-3820-41a3-98af-a48dd7e4d88b",
|
||||
"value": "Acquire or compromise 3rd party signing certificates (PRE-T1087) related-to Acquire or compromise 3rd party signing certificates (PRE-T1109)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
|
||||
"target-uuid": "9108e212-1c94-4f8d-be76-1aad9b4c86a4"
|
||||
},
|
||||
"uuid": "34ba5998-4e43-4669-9701-1877aa267354",
|
||||
"value": "APT1 (G0006) uses Build social network persona (PRE-T1118)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "74a3288e-eee9-4f8e-973a-fbc128e033f1",
|
||||
"target-uuid": "af358cad-eb71-4e91-a752-236edc237dae"
|
||||
},
|
||||
"uuid": "f8504a07-758c-4c51-ac94-c2e7ba652e29",
|
||||
"value": "Conduct social engineering (PRE-T1026) related-to Conduct social engineering (PRE-T1045)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "78e41091-d10d-4001-b202-89612892b6ff",
|
||||
"target-uuid": "7860e21e-7514-4a3f-8a9d-56405ccfdb0c"
|
||||
},
|
||||
"uuid": "9ad9966d-4a8d-4b15-b503-c5d27104fcdd",
|
||||
"value": "Identify supply chains (PRE-T1023) related-to Identify supply chains (PRE-T1053)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "856a9371-4f0f-4ea9-946e-f3144204240f",
|
||||
"target-uuid": "dfa4eaf4-50d9-49de-89e9-d33f579f3e05"
|
||||
},
|
||||
"uuid": "e4501560-7850-4467-8422-2cf336429e8a",
|
||||
"value": "Determine 3rd party infrastructure services (PRE-T1037) related-to Determine 3rd party infrastructure services (PRE-T1061)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "74a3288e-eee9-4f8e-973a-fbc128e033f1",
|
||||
"target-uuid": "a757670d-d600-48d9-8ae9-601d42c184a5"
|
||||
},
|
||||
"uuid": "66e4da4a-6eb6-46e0-9baf-74059f341b4a",
|
||||
"value": "Conduct social engineering (PRE-T1026) related-to Conduct social engineering (PRE-T1056)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "e6ca2820-a564-4b74-b42a-b6bdf052e5b6",
|
||||
"target-uuid": "72c8d526-1247-42d4-919c-6d7a31ca8f39"
|
||||
},
|
||||
"uuid": "41be9f31-9d2b-44b8-a7dc-31f8c4519751",
|
||||
"value": "Obfuscate infrastructure (PRE-T1086) related-to Obfuscate infrastructure (PRE-T1108)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "2b9a666e-bd59-4f67-9031-ed41b428e04a",
|
||||
"target-uuid": "784ff1bc-1483-41fe-a172-4cd9ae25c06b"
|
||||
},
|
||||
"uuid": "be031f72-737b-4afd-b2c1-c565f5ab7369",
|
||||
"value": "Acquire OSINT data sets and information (PRE-T1043) related-to Acquire OSINT data sets and information (PRE-T1024)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
|
||||
"target-uuid": "df42286d-dfbd-4455-bc9d-aef52ac29aa7"
|
||||
},
|
||||
"uuid": "90d7f0f0-6e41-431a-a024-9375cbc18d2b",
|
||||
"value": "APT1 (G0006) uses Post compromise tool development (PRE-T1130)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "d6e88e18-81e8-4709-82d8-973095da1e70",
|
||||
"target-uuid": "91a3735f-817a-4450-8ed4-f05a0f5c3877"
|
||||
},
|
||||
"uuid": "e60a165e-cfad-43e5-ba83-ea2430a377c5",
|
||||
"value": "APT16 (G0023) uses Determine strategic target (PRE-T1018)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8",
|
||||
"target-uuid": "91a3735f-817a-4450-8ed4-f05a0f5c3877"
|
||||
},
|
||||
"uuid": "a071fc8f-6323-420b-9812-b51f12fc7956",
|
||||
"value": "Night Dragon (G0014) uses Determine strategic target (PRE-T1018)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
|
||||
"target-uuid": "ec739e26-d097-4804-b04a-54dd81ff11e0"
|
||||
},
|
||||
"uuid": "970531a2-4927-41a3-b2cd-09d445322f51",
|
||||
"value": "APT1 (G0006) uses Create strategic plan (PRE-T1008)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8",
|
||||
"target-uuid": "4aeafdb3-eb0b-4e8e-b93f-95cd499088b4"
|
||||
},
|
||||
"uuid": "c2571ca8-98c4-490d-b8f8-f3678b0ce74d",
|
||||
"value": "Night Dragon (G0014) uses Compromise of externally facing system (PRE-T1165)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
|
||||
"target-uuid": "489a7797-01c3-4706-8cd1-ec56a9db3adc"
|
||||
},
|
||||
"uuid": "e78023e7-98de-4973-9331-843bfa28c9f7",
|
||||
"value": "APT1 (G0006) uses Spear phishing messages with malicious links (PRE-T1146)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
|
||||
"target-uuid": "357e137c-7589-4af1-895c-3fbad35ea4d2"
|
||||
},
|
||||
"uuid": "f76d74b6-c797-487c-8388-536367d1b922",
|
||||
"value": "APT1 (G0006) uses Obfuscate or encrypt code (PRE-T1096)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "103d72e6-7e0d-4b3a-9373-c38567305c33",
|
||||
"target-uuid": "eacd1efe-ee30-4b03-b58f-5b3b1adfe45d"
|
||||
},
|
||||
"uuid": "87239038-7693-49b3-b595-b828cc2be1ba",
|
||||
"value": "Friend/Follow/Connect to targets of interest (PRE-T1121) related-to Friend/Follow/Connect to targets of interest (PRE-T1141)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8",
|
||||
"target-uuid": "1a295f87-af63-4d94-b130-039d6221fb11"
|
||||
},
|
||||
"uuid": "c6e43693-2a6d-4ba8-8fa7-ec1ab5239528",
|
||||
"value": "Night Dragon (G0014) uses Acquire and/or use 3rd party software services (PRE-T1085)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
|
||||
"target-uuid": "91a3735f-817a-4450-8ed4-f05a0f5c3877"
|
||||
},
|
||||
"uuid": "5ed44a06-bcb4-4293-8bf4-aaebefddc09c",
|
||||
"value": "APT1 (G0006) uses Determine strategic target (PRE-T1018)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
|
||||
"target-uuid": "aadaee0d-794c-4642-8293-7ec22a99fb1a"
|
||||
},
|
||||
"uuid": "db10491f-a854-4404-9271-600349484bc3",
|
||||
"value": "APT1 (G0006) uses Domain registration hijacking (PRE-T1103)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "d6e88e18-81e8-4709-82d8-973095da1e70",
|
||||
"target-uuid": "5b6ce031-bb86-407a-9984-2b9700ac4549"
|
||||
},
|
||||
"uuid": "4eb0e01c-85ae-466a-a8ff-0cf7891c5ab2",
|
||||
"value": "APT16 (G0023) uses Identify business relationships (PRE-T1049)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "092f05e3-f7c0-4cd2-91be-3a8d6ed3cadc",
|
||||
"target-uuid": "96eb59d1-6c46-44bb-bfcd-56be02a00d41"
|
||||
},
|
||||
"uuid": "7bd3d2ba-f114-4835-97b6-1c3e2208d3f3",
|
||||
"value": "Analyze organizational skillsets and deficiencies (PRE-T1066) related-to Analyze organizational skillsets and deficiencies (PRE-T1074)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "488da8ed-2887-4ef6-a39a-5b69bc6682c6",
|
||||
"target-uuid": "1a295f87-af63-4d94-b130-039d6221fb11"
|
||||
},
|
||||
"uuid": "2bf984b5-1a48-4d9a-a4f2-e97801254b84",
|
||||
"value": "Acquire and/or use 3rd party software services (PRE-T1107) related-to Acquire and/or use 3rd party software services (PRE-T1085)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "59369f72-3005-4e54-9095-3d00efcece73",
|
||||
"target-uuid": "7860e21e-7514-4a3f-8a9d-56405ccfdb0c"
|
||||
},
|
||||
"uuid": "c124f0ba-f4bc-430a-b40c-eebe0577f812",
|
||||
"value": "Identify supply chains (PRE-T1042) related-to Identify supply chains (PRE-T1053)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "1a295f87-af63-4d94-b130-039d6221fb11",
|
||||
"target-uuid": "488da8ed-2887-4ef6-a39a-5b69bc6682c6"
|
||||
},
|
||||
"uuid": "3d781e9a-d3f8-4e9f-bb23-ba6c2ff22267",
|
||||
"value": "Acquire and/or use 3rd party software services (PRE-T1085) related-to Acquire and/or use 3rd party software services (PRE-T1107)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "d6e88e18-81e8-4709-82d8-973095da1e70",
|
||||
"target-uuid": "ef0f816a-d561-4953-84c6-2a2936c96957"
|
||||
},
|
||||
"uuid": "597be8e7-58a4-4aff-a803-48a7a08164a2",
|
||||
"value": "APT16 (G0023) uses Discover target logon/email address format (PRE-T1032)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "c47f937f-1022-4f42-8525-e7a4779a14cb",
|
||||
"target-uuid": "df42286d-dfbd-4455-bc9d-aef52ac29aa7"
|
||||
},
|
||||
"uuid": "7a254f4d-c7cf-4b98-94e9-3937785b7d68",
|
||||
"value": "APT12 (G0005) uses Post compromise tool development (PRE-T1130)"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"source-uuid": "a757670d-d600-48d9-8ae9-601d42c184a5",
|
||||
"target-uuid": "af358cad-eb71-4e91-a752-236edc237dae"
|
||||
},
|
||||
"uuid": "46f1e7d4-4d73-4e33-b88b-b3bcde5d81fb",
|
||||
"value": "Conduct social engineering (PRE-T1056) related-to Conduct social engineering (PRE-T1045)"
|
||||
}
|
||||
],
|
||||
"version": 2
|
||||
}
|
|
@ -2,6 +2,7 @@
|
|||
"authors": [
|
||||
"MITRE"
|
||||
],
|
||||
"category": "tool",
|
||||
"description": "Name of ATT&CK software",
|
||||
"name": "Tool",
|
||||
"source": "https://github.com/mitre/cti",
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
"authors": [
|
||||
"Various"
|
||||
],
|
||||
"category": "measure",
|
||||
"description": "Preventive measures based on the ransomware document overview as published in https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml# . The preventive measures are quite generic and can fit any standard Windows infrastructure and their security measures.",
|
||||
"name": "Preventive Measure",
|
||||
"source": "MISP Project",
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
"https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml",
|
||||
"http://pastebin.com/raw/GHgpWjar"
|
||||
],
|
||||
"category": "tool",
|
||||
"description": "Ransomware galaxy based on https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml and http://pastebin.com/raw/GHgpWjar",
|
||||
"name": "Ransomware",
|
||||
"source": "Various",
|
||||
|
@ -3290,15 +3291,6 @@
|
|||
"https://www.bleepingcomputer.com/news/security/new-bip-dharma-ransomware-variant-released/"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "15a30d84-4f5f-4b75-a162-e36107d30215",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "2b365b2c-4a9a-4b66-804d-3b2d2814fe7b",
|
||||
"value": "Dharma Ransomware"
|
||||
},
|
||||
|
@ -9483,15 +9475,6 @@
|
|||
"CrySiS"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "2b365b2c-4a9a-4b66-804d-3b2d2814fe7b",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "15a30d84-4f5f-4b75-a162-e36107d30215",
|
||||
"value": "Virus-Encoder"
|
||||
},
|
||||
|
@ -9891,6 +9874,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "00c31914-bc0e-11e8-8241-3ff3b5e4671d",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "e8af6388-6575-4812-94a8-9df1567294c5",
|
||||
|
@ -11119,5 +11109,5 @@
|
|||
"value": "SAVEfiles"
|
||||
}
|
||||
],
|
||||
"version": 38
|
||||
"version": 39
|
||||
}
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
"Various",
|
||||
"raw-data"
|
||||
],
|
||||
"category": "tool",
|
||||
"description": "remote administration tool or remote access tool (RAT), also called sometimes remote access trojan, is a piece of software or programming that allows a remote \"operator\" to control a system as if they have physical access to that system.",
|
||||
"name": "RAT",
|
||||
"source": "MISP Project",
|
||||
|
@ -105,6 +106,13 @@
|
|||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "e336aeba-b61a-44e0-a0df-cd52a5839db5",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "7789fc1b-3cbc-4a1c-8ef0-8b06760f93e7",
|
||||
"tags": [
|
||||
|
@ -1827,6 +1835,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "da079741-05e6-458c-b434-011263dc691c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "9223bf17-7e32-4833-9574-9ffd8c929765",
|
||||
|
@ -3035,6 +3050,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "0a52e73b-d7e9-45ae-9bda-46568f753931",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "e0bea149-2def-484f-b658-f782a4f94815",
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
"authors": [
|
||||
"Various"
|
||||
],
|
||||
"category": "sector",
|
||||
"description": "Activity sectors",
|
||||
"name": "Sector",
|
||||
"source": "CERT-EU",
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
"authors": [
|
||||
"raw-data"
|
||||
],
|
||||
"category": "tool",
|
||||
"description": "A list of malware stealer.",
|
||||
"name": "Stealer",
|
||||
"source": "Open Sources",
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
"authors": [
|
||||
"Kafeine"
|
||||
],
|
||||
"category": "tool",
|
||||
"description": "TDS is a list of Traffic Direction System used by adversaries",
|
||||
"name": "TDS",
|
||||
"source": "MISP Project",
|
||||
|
|
|
@ -6,6 +6,7 @@
|
|||
"Timo Steffens",
|
||||
"Various"
|
||||
],
|
||||
"category": "actor",
|
||||
"description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.",
|
||||
"name": "Threat actor",
|
||||
"source": "MISP Project",
|
||||
|
@ -127,6 +128,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "a653431d-6a5e-4600-8ad3-609b5af57064",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "103ebfd8-4280-4027-b61a-69bd9967ad6c",
|
||||
|
@ -476,7 +484,14 @@
|
|||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "9cebfaa8-a797-11e8-99e0-3ffa312b9a10",
|
||||
"dest-uuid": "c5947e1c-1cbc-434c-94b8-27c7e3be0fff",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "a0cb9370-e39b-44d5-9f50-ef78e412b973",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
|
@ -628,13 +643,6 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "9cebfaa8-a797-11e8-99e0-3ffa312b9a10",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "24110866-cb22-4c85-a7d2-0413e126694b",
|
||||
|
@ -1111,15 +1119,6 @@
|
|||
"Royal APT"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "9cebfaa8-a797-11e8-99e0-3ffa312b9a10",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "3501fbf2-098f-47e7-be6a-6b0ff5742ce8",
|
||||
"value": "Mirage"
|
||||
},
|
||||
|
@ -1542,6 +1541,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "b96e02f1-4037-463f-b158-5a964352f8d9",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "ba724df5-9aa0-45ca-8e0e-7101c208ae48",
|
||||
|
@ -1613,6 +1619,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "b96e02f1-4037-463f-b158-5a964352f8d9",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "11e17436-6ede-4733-8547-4ce0254ea19e",
|
||||
|
@ -1718,6 +1731,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "b96e02f1-4037-463f-b158-5a964352f8d9",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "f98bac6b-12fd-4cad-be84-c84666932232",
|
||||
|
@ -1867,6 +1887,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "b96e02f1-4037-463f-b158-5a964352f8d9",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "f873db71-3d53-41d5-b141-530675ade27a",
|
||||
|
@ -1955,6 +1982,13 @@
|
|||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "b96e02f1-4037-463f-b158-5a964352f8d9",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13",
|
||||
"tags": [
|
||||
|
@ -3641,6 +3675,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "b96e02f1-4037-463f-b158-5a964352f8d9",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "47204403-34c9-4d25-a006-296a0939d1a2",
|
||||
|
@ -4587,6 +4628,13 @@
|
|||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "b96e02f1-4037-463f-b158-5a964352f8d9",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13",
|
||||
"tags": [
|
||||
|
@ -5616,29 +5664,6 @@
|
|||
"https://www.cfr.org/interactive/cyber-operations/winnti-umbrella"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "24110866-cb22-4c85-a7d2-0413e126694b",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "99e30d89-9361-4b73-a999-9e5ff9320bcb",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "3501fbf2-098f-47e7-be6a-6b0ff5742ce8",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "9cebfaa8-a797-11e8-99e0-3ffa312b9a10",
|
||||
"value": "Winnti Umbrella"
|
||||
},
|
||||
|
@ -5658,15 +5683,6 @@
|
|||
"https://www.cfr.org/interactive/cyber-operations/henbox"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "72c37e24-4ead-11e8-8f08-db3ec8f8db86§",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "36ee04f4-a9df-11e8-b92b-d7ddfd3a8896",
|
||||
"value": "HenBox"
|
||||
},
|
||||
|
@ -5825,15 +5841,6 @@
|
|||
"the Rocra"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "1572f618-bcb3-11e8-841b-1fd7f9cfe126",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "same-as"
|
||||
}
|
||||
],
|
||||
"uuid": "358b8982-bcaa-11e8-8a5b-4b618197c5b0",
|
||||
"value": "Red October"
|
||||
},
|
||||
|
@ -5857,15 +5864,6 @@
|
|||
"https://www.cfr.org/interactive/cyber-operations/cloud-atlas"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "358b8982-bcaa-11e8-8a5b-4b618197c5b0",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "same-as"
|
||||
}
|
||||
],
|
||||
"uuid": "1572f618-bcb3-11e8-841b-1fd7f9cfe126",
|
||||
"value": "Cloud Atlas"
|
||||
},
|
||||
|
@ -5930,15 +5928,6 @@
|
|||
},
|
||||
{
|
||||
"description": "Treasury has identified a sophisticated cyber-enabled ATM cash out campaign we are calling FASTCash. FASTCash has been active since late 2016 targeting banks in Africa and Asia to remotely compromise payment switch application servers within banks to facilitate fraudulent transactions, primarily involving ATMs, to steal cash equivalent to tens of millions of dollars. FBI has attributed malware used in this campaign to the North Korean government. We expect FASTCash to continue targeting retail payment systems vulnerable to remote exploitation.",
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "e306fe62-c708-11e8-89f2-073e396e5403",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "e38d32a2-c708-11e8-8785-472c4cfccd85",
|
||||
"value": "FASTCash"
|
||||
},
|
||||
|
|
|
@ -7,6 +7,7 @@
|
|||
"Dennis Rand",
|
||||
"raw-data"
|
||||
],
|
||||
"category": "tool",
|
||||
"description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
|
||||
"name": "Tool",
|
||||
"source": "MISP Project",
|
||||
|
@ -160,6 +161,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "e336aeba-b61a-44e0-a0df-cd52a5839db5",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "2abe89de-46dd-4dae-ae22-b49a593aff54",
|
||||
|
@ -833,6 +841,20 @@
|
|||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "9223bf17-7e32-4833-9574-9ffd8c929765",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "da5880b4-f7da-4869-85f2-e0aba84b8565",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d9cc15f7-0880-4ae4-8df4-87c58338d6b8",
|
||||
"tags": [
|
||||
|
@ -1167,7 +1189,7 @@
|
|||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
|
||||
"dest-uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
|
@ -1188,14 +1210,14 @@
|
|||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "60c18d06-7b91-4742-bae3-647845cd9d81",
|
||||
"dest-uuid": "75c79f95-4c84-4650-9158-510f0ce4831d",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729",
|
||||
"dest-uuid": "f108215f-3487-489d-be8b-80e346d32518",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
|
@ -1259,14 +1281,21 @@
|
|||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
|
||||
"dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a",
|
||||
"dest-uuid": "75c79f95-4c84-4650-9158-510f0ce4831d",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "f108215f-3487-489d-be8b-80e346d32518",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
|
@ -1358,14 +1387,21 @@
|
|||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
|
||||
"dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a",
|
||||
"dest-uuid": "75c79f95-4c84-4650-9158-510f0ce4831d",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "f108215f-3487-489d-be8b-80e346d32518",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
|
@ -2231,6 +2267,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "652b5242-b790-4695-ad0e-b79bbf78f351",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "ff0404a1-465f-4dd5-8b66-ee773628ca64",
|
||||
|
@ -2659,6 +2702,13 @@
|
|||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "b4216929-1626-4444-bdd7-bfd4b68a766e",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "7ca93488-c357-44c3-b246-3f88391aca5a",
|
||||
"tags": [
|
||||
|
@ -2667,7 +2717,7 @@
|
|||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "b4216929-1626-4444-bdd7-bfd4b68a766e",
|
||||
"dest-uuid": "16794655-c0e2-4510-9169-f862df104045",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
|
@ -2692,6 +2742,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "ff0404a1-465f-4dd5-8b66-ee773628ca64",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "652b5242-b790-4695-ad0e-b79bbf78f351",
|
||||
|
@ -2890,6 +2947,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "2a16a1d4-a098-4f17-80f3-3cfc6c60b539",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "74167065-90b3-4c29-807a-79b6f098e45b",
|
||||
|
@ -2906,12 +2970,26 @@
|
|||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "28c13455-7f95-40a5-9568-1e8732503507",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "a673b4fb-a864-4a5b-94ab-3fc4f5606cc8",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "74167065-90b3-4c29-807a-79b6f098e45b",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "2a16a1d4-a098-4f17-80f3-3cfc6c60b539",
|
||||
|
@ -2940,6 +3018,13 @@
|
|||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "17e12216-a303-4a00-8283-d3fe92d0934c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "f24ad5ca-04c5-4cd0-bd72-209ebce4fdbc",
|
||||
"tags": [
|
||||
|
@ -2953,13 +3038,6 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "variant-of"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "17e12216-a303-4a00-8283-d3fe92d0934c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "dcbf1aaa-1fdd-4bfc-a35e-145ffdfb5ac5",
|
||||
|
@ -3108,14 +3186,14 @@
|
|||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "e6085ce0-af6d-41f7-8bcb-7f2eed246941",
|
||||
"dest-uuid": "6e668c0c-7085-4951-87d4-0334b6a5cdb3",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "6e668c0c-7085-4951-87d4-0334b6a5cdb3",
|
||||
"dest-uuid": "e6085ce0-af6d-41f7-8bcb-7f2eed246941",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
|
@ -3530,12 +3608,33 @@
|
|||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "4e104fef-8a2c-4679-b497-6e86d7d47db0",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "b42378e0-f147-496f-992a-26a49705395b",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "7789fc1b-3cbc-4a1c-8ef0-8b06760f93e7",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "2abe89de-46dd-4dae-ae22-b49a593aff54",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "e336aeba-b61a-44e0-a0df-cd52a5839db5",
|
||||
|
@ -5311,6 +5410,20 @@
|
|||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "e0bea149-2def-484f-b658-f782a4f94815",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "fece06b7-d4b1-42cf-b81a-5323c917546e",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f",
|
||||
"tags": [
|
||||
|
@ -5841,6 +5954,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d1482c9e-6af3-11e8-aa8e-279274bd10c7",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "a71ed71f-b8f4-416d-9c57-910a42e59430",
|
||||
|
@ -6583,6 +6703,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "a71ed71f-b8f4-416d-9c57-910a42e59430",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "d1482c9e-6af3-11e8-aa8e-279274bd10c7",
|
||||
|
@ -7059,6 +7186,13 @@
|
|||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "e8af6388-6575-4812-94a8-9df1567294c5",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "6f736038-4f74-435b-8904-6870ee0e23ba",
|
||||
"tags": [
|
||||
|
@ -7112,15 +7246,6 @@
|
|||
},
|
||||
{
|
||||
"description": "Treasury has identified a sophisticated cyber-enabled ATM cash out campaign we are calling FASTCash. FASTCash has been active since late 2016 targeting banks in Africa and Asia to remotely compromise payment switch application servers within banks to facilitate fraudulent transactions, primarily involving ATMs, to steal cash equivalent to tens of millions of dollars. FBI has attributed malware used in this campaign to the North Korean government. We expect FASTCash to continue targeting retail payment systems vulnerable to remote exploitation.",
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "e38d32a2-c708-11e8-8785-472c4cfccd85",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "e306fe62-c708-11e8-89f2-073e396e5403",
|
||||
"value": "FASTCash"
|
||||
},
|
||||
|
|
|
@ -1,9 +0,0 @@
|
|||
{
|
||||
"description": "Mitre Relationship",
|
||||
"icon": "link",
|
||||
"name": "Enterprise Attack - Relationship",
|
||||
"namespace": "mitre-attack",
|
||||
"type": "mitre-enterprise-attack-relationship",
|
||||
"uuid": "fc404638-1707-11e8-a5cf-b78b9b562766",
|
||||
"version": 4
|
||||
}
|
|
@ -1,9 +0,0 @@
|
|||
{
|
||||
"description": "Mitre Relationship",
|
||||
"icon": "link",
|
||||
"name": "Mobile Attack - Relationship",
|
||||
"namespace": "mitre-attack",
|
||||
"type": "mitre-mobile-attack-relationship",
|
||||
"uuid": "fc8471aa-1707-11e8-b306-33cbe96a1ede",
|
||||
"version": 4
|
||||
}
|
|
@ -1,9 +0,0 @@
|
|||
{
|
||||
"description": "Mitre Relationship",
|
||||
"icon": "link",
|
||||
"name": "Pre Attack - Relationship",
|
||||
"namespace": "mitre-attack",
|
||||
"type": "mitre-pre-attack-relationship",
|
||||
"uuid": "1f8e3bae-1708-11e8-8e97-4bd2150e5aae",
|
||||
"version": 5
|
||||
}
|
|
@ -23,6 +23,9 @@
|
|||
"source": {
|
||||
"type": "string"
|
||||
},
|
||||
"category": {
|
||||
"type": "string"
|
||||
},
|
||||
"values": {
|
||||
"type": "array",
|
||||
"uniqueItems": true,
|
||||
|
@ -154,6 +157,7 @@
|
|||
"uuid",
|
||||
"values",
|
||||
"authors",
|
||||
"source"
|
||||
"source",
|
||||
"category"
|
||||
]
|
||||
}
|
||||
|
|
105
tools/adoc_galaxy.py
Normal file → Executable file
105
tools/adoc_galaxy.py
Normal file → Executable file
|
@ -1,4 +1,4 @@
|
|||
#!/usr/bin/env python
|
||||
#!/usr/bin/env python3
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
#
|
||||
|
@ -35,41 +35,50 @@ for f in os.listdir(pathClusters):
|
|||
|
||||
clusters.sort()
|
||||
|
||||
# build a mapping between uuids and Clusters
|
||||
cluster_uuids = {}
|
||||
for cluster in clusters:
|
||||
fullPathClusters = os.path.join(pathClusters, cluster)
|
||||
with open(fullPathClusters) as fp:
|
||||
c = json.load(fp)
|
||||
for v in c['values']:
|
||||
if 'uuid' not in v:
|
||||
continue
|
||||
cluster_uuids[v['uuid']] = 'misp-galaxy:{}="{}"'.format(c['type'], v['value'])
|
||||
|
||||
|
||||
argParser = argparse.ArgumentParser(description='Generate documentation from MISP galaxy clusters', epilog='Available galaxy clusters are {0}'.format(clusters))
|
||||
argParser.add_argument('-v', action='store_true', help='Verbose mode')
|
||||
args = argParser.parse_args()
|
||||
|
||||
def header(adoc=False):
|
||||
if adoc is False:
|
||||
return False
|
||||
|
||||
def header():
|
||||
doc = []
|
||||
dedication = "\n[dedication]\n== Funding and Support\nThe MISP project is financially and resource supported by https://www.circl.lu/[CIRCL Computer Incident Response Center Luxembourg ].\n\nimage:{images-misp}logo.png[CIRCL logo]\n\nA CEF (Connecting Europe Facility) funding under CEF-TC-2016-3 - Cyber Security has been granted from 1st September 2017 until 31th August 2019 as ***Improving MISP as building blocks for next-generation information sharing***.\n\nimage:{images-misp}en_cef.png[CEF funding]\n\nIf you are interested to co-fund projects around MISP, feel free to get in touch with us.\n\n"
|
||||
doc = adoc
|
||||
doc = doc + ":toc: right\n"
|
||||
doc = doc + ":toclevels: 1\n"
|
||||
doc = doc + ":toc-title: MISP Galaxy Cluster\n"
|
||||
doc = doc + ":icons: font\n"
|
||||
doc = doc + ":sectanchors:\n"
|
||||
doc = doc + ":sectlinks:\n"
|
||||
doc = doc + ":images-cdn: https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/logos/\n"
|
||||
doc = doc + ":images-misp: https://www.misp-project.org/assets/images/\n"
|
||||
doc = doc + "\n= MISP Galaxy Clusters\n\n"
|
||||
doc = doc + "= Introduction\n"
|
||||
doc = doc + "\nimage::{images-cdn}misp-logo.png[MISP logo]\n\n"
|
||||
doc = doc + "The MISP threat sharing platform is a free and open source software helping information sharing of threat intelligence including cyber security indicators, financial fraud or counter-terrorism information. The MISP project includes multiple sub-projects to support the operational requirements of analysts and improve the overall quality of information shared.\n\n"
|
||||
doc = doc + ""
|
||||
doc = "{}{}".format(doc, "\nMISP galaxy is a simple method to express a large object called cluster that can be attached to MISP events or attributes. A cluster can be composed of one or more elements. Elements are expressed as key-values. There are default vocabularies available in MISP galaxy but those can be overwritten, replaced or updated as you wish. Existing clusters and vocabularies can be used as-is or as a template. MISP distribution can be applied to each cluster to permit a limited or broader distribution scheme.\n")
|
||||
doc = doc + "The following document is generated from the machine-readable JSON describing the https://github.com/MISP/misp-galaxy[MISP galaxy]."
|
||||
doc = doc + "\n\n"
|
||||
doc = doc + "<<<\n"
|
||||
doc = doc + dedication
|
||||
doc = doc + "<<<\n"
|
||||
doc = doc + "= MISP galaxy\n"
|
||||
doc += ":toc: right\n"
|
||||
doc += ":toclevels: 1\n"
|
||||
doc += ":toc-title: MISP Galaxy Cluster\n"
|
||||
doc += ":icons: font\n"
|
||||
doc += ":sectanchors:\n"
|
||||
doc += ":sectlinks:\n"
|
||||
doc += ":images-cdn: https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/logos/\n"
|
||||
doc += ":images-misp: https://www.misp-project.org/assets/images/\n"
|
||||
doc += "\n= MISP Galaxy Clusters\n\n"
|
||||
doc += "= Introduction\n"
|
||||
doc += "\nimage::{images-cdn}misp-logo.png[MISP logo]\n\n"
|
||||
doc += "The MISP threat sharing platform is a free and open source software helping information sharing of threat intelligence including cyber security indicators, financial fraud or counter-terrorism information. The MISP project includes multiple sub-projects to support the operational requirements of analysts and improve the overall quality of information shared.\n\n"
|
||||
doc += ""
|
||||
doc += "\nMISP galaxy is a simple method to express a large object called cluster that can be attached to MISP events or attributes. A cluster can be composed of one or more elements. Elements are expressed as key-values. There are default vocabularies available in MISP galaxy but those can be overwritten, replaced or updated as you wish. Existing clusters and vocabularies can be used as-is or as a template. MISP distribution can be applied to each cluster to permit a limited or broader distribution scheme.\n"
|
||||
doc += "The following document is generated from the machine-readable JSON describing the https://github.com/MISP/misp-galaxy[MISP galaxy]."
|
||||
doc += "\n\n"
|
||||
doc += "<<<\n"
|
||||
doc += dedication
|
||||
doc += "<<<\n"
|
||||
doc += "= MISP galaxy\n"
|
||||
return doc
|
||||
|
||||
def asciidoc(content=False, adoc=None, t='title',title='', typename=''):
|
||||
|
||||
adoc = adoc + "\n"
|
||||
def asciidoc(content=False, t='title',title='', typename=''):
|
||||
adoc = []
|
||||
adoc += "\n"
|
||||
output = ""
|
||||
if t == 'title':
|
||||
output = '== ' + content
|
||||
|
@ -81,21 +90,31 @@ def asciidoc(content=False, adoc=None, t='title',title='', typename=''):
|
|||
output = '=== ' + content
|
||||
elif t == 'description':
|
||||
output = '\n{}\n'.format(content)
|
||||
elif t == 'meta':
|
||||
elif t == 'meta-synonyms':
|
||||
if 'synonyms' in content:
|
||||
for s in content['synonyms']:
|
||||
output = "{}\n* {}\n".format(output,s)
|
||||
output = '{} is also known as:\n{}\n'.format(title,output)
|
||||
elif t == 'meta-refs':
|
||||
if 'refs' in content:
|
||||
output = '{}{}'.format(output,'\n.Table References\n|===\n|Links\n')
|
||||
for r in content['refs']:
|
||||
output = '{}|{}[{}]\n'.format(output, r, r)
|
||||
output = '{}{}'.format(output,'|===\n')
|
||||
adoc = adoc + output
|
||||
elif t == 'related':
|
||||
for r in content:
|
||||
try:
|
||||
output = "{}\n* {}: {} with {}\n".format(output, r['type'], cluster_uuids[r['dest-uuid']], ', '.join(r['tags']))
|
||||
except Exception:
|
||||
pass # ignore lookup errors
|
||||
if output:
|
||||
output = '{} has relationships with:\n{}\n'.format(title,output)
|
||||
adoc += output
|
||||
return adoc
|
||||
|
||||
adoc = ""
|
||||
print (header(adoc=adoc))
|
||||
|
||||
adoc = []
|
||||
adoc += header()
|
||||
|
||||
for cluster in clusters:
|
||||
fullPathClusters = os.path.join(pathClusters, cluster)
|
||||
|
@ -103,16 +122,18 @@ for cluster in clusters:
|
|||
c = json.load(fp)
|
||||
title = c['name']
|
||||
typename = c['type']
|
||||
adoc = asciidoc(content=title, adoc=adoc, t='title')
|
||||
adoc = asciidoc(content=c['description'], adoc=adoc, t='info', title=title, typename = typename)
|
||||
adoc += asciidoc(content=title, t='title')
|
||||
adoc += asciidoc(content=c['description'], t='info', title=title, typename = typename)
|
||||
if 'authors' in c:
|
||||
adoc = asciidoc(content=c['authors'], adoc=adoc, t='author', title=title)
|
||||
adoc += asciidoc(content=c['authors'], t='author', title=title)
|
||||
for v in c['values']:
|
||||
adoc = asciidoc(content=v['value'], adoc=adoc, t='value', title=title)
|
||||
adoc += asciidoc(content=v['value'], t='value', title=title)
|
||||
if 'description' in v:
|
||||
adoc = asciidoc(content=v['description'], adoc=adoc, t='description')
|
||||
adoc += asciidoc(content=v['description'], t='description')
|
||||
if 'meta' in v:
|
||||
adoc = asciidoc(content=v['meta'], adoc=adoc, t='meta', title=v['value'])
|
||||
|
||||
|
||||
print (adoc)
|
||||
adoc += asciidoc(content=v['meta'], t='meta-synonyms', title=v['value'])
|
||||
if 'related' in v:
|
||||
adoc += asciidoc(content=v['related'], t='related', title=v['value'])
|
||||
if 'meta' in v:
|
||||
adoc += asciidoc(content=v['meta'], t='meta-refs', title=v['value'])
|
||||
print (''.join(adoc))
|
||||
|
|
0
tools/gen.sh → tools/gen_adoc_galaxy.sh
Normal file → Executable file
0
tools/gen.sh → tools/gen_adoc_galaxy.sh
Normal file → Executable file
|
@ -36,7 +36,7 @@ type_mapping = {
|
|||
'mitre-mobile-attack-tool': 'tool',
|
||||
'backdoor': 'tool',
|
||||
# 'mitre-pre-attack-attack-pattern': '',
|
||||
'mitre-mobile-attack-intrusion-set': 'tool',
|
||||
'mitre-mobile-attack-intrusion-set': 'actor',
|
||||
'mitre-tool': 'tool',
|
||||
# 'mitre-mobile-attack-attack-pattern': '',
|
||||
'mitre-mobile-attack-malware': 'tool',
|
||||
|
|
195
tools/graph.py
Executable file
195
tools/graph.py
Executable file
|
@ -0,0 +1,195 @@
|
|||
#!/usr/bin/env python3
|
||||
# TODO
|
||||
# - define strength between relations based on 'type' - similar should be closer than the others
|
||||
# - use different colors / shapes
|
||||
|
||||
import json
|
||||
import os
|
||||
import argparse
|
||||
from graphviz import Digraph
|
||||
|
||||
|
||||
parser = argparse.ArgumentParser(description='Generate a DOT file to graph a Galaxy cluster and its relations.')
|
||||
parser.add_argument("-u", "--uuid", help="Start UUID of a cluster.")
|
||||
parser.add_argument("-a", "--all", action='store_true', help='generate all graphs as PNGs')
|
||||
args = parser.parse_args()
|
||||
|
||||
|
||||
def gen_galaxy_tag(galaxy_name, cluster_name):
|
||||
# return 'misp-galaxy:{}="{}"'.format(galaxy_name, cluster_name)
|
||||
return '{}={}'.format(galaxy_name, cluster_name)
|
||||
|
||||
files_to_ignore = ['mitre-attack-pattern.json', 'mitre-course-of-action.json', 'mitre-intrusion-set.json',
|
||||
'mitre-malware.json', 'mitre-tool.json']
|
||||
|
||||
galaxies_fnames = []
|
||||
pathClusters = '../clusters'
|
||||
for f in os.listdir(pathClusters):
|
||||
if '.json' in f and f not in files_to_ignore:
|
||||
galaxies_fnames.append(f)
|
||||
galaxies_fnames.sort()
|
||||
|
||||
cluster_uuids = {}
|
||||
galaxies = []
|
||||
for galaxy_fname in galaxies_fnames:
|
||||
fullPathClusters = os.path.join(pathClusters, galaxy_fname)
|
||||
with open(fullPathClusters) as fp:
|
||||
json_data = json.load(fp)
|
||||
galaxies.append(json_data)
|
||||
for cluster in json_data['values']:
|
||||
if 'uuid' not in cluster:
|
||||
continue
|
||||
cluster_uuids[cluster['uuid']] = {
|
||||
'tag': gen_galaxy_tag(json_data['type'], cluster['value']),
|
||||
'galaxy': json_data['type'],
|
||||
'value': cluster['value'],
|
||||
'synonyms': cluster.get('synonyms')
|
||||
}
|
||||
|
||||
|
||||
|
||||
# for k, v in cluster_uuids.items():
|
||||
# print("{}\t{}".format(k, v))
|
||||
|
||||
|
||||
type_mapping = {
|
||||
'ransomware': 'tool',
|
||||
# 'mitre-pre-attack-relationship': '',
|
||||
# 'mitre-enterprise-attack-course-of-action': '',
|
||||
'mitre-enterprise-attack-intrusion-set': 'actor',
|
||||
'mitre-intrusion-set': 'actor',
|
||||
'rat': 'tool',
|
||||
'stealer': 'tool',
|
||||
'mitre-enterprise-attack-malware': 'tool',
|
||||
# 'mitre-attack-pattern': '',
|
||||
# 'mitre-mobile-attack-relationship': '',
|
||||
# 'mitre-enterprise-attack-attack-pattern': '',
|
||||
'microsoft-activity-group': 'actor',
|
||||
# 'mitre-course-of-action': '',
|
||||
'exploit-kit': 'tool',
|
||||
'mitre-mobile-attack-tool': 'tool',
|
||||
'backdoor': 'tool',
|
||||
# 'mitre-pre-attack-attack-pattern': '',
|
||||
'mitre-mobile-attack-intrusion-set': 'actor',
|
||||
'mitre-tool': 'tool',
|
||||
# 'mitre-mobile-attack-attack-pattern': '',
|
||||
'mitre-mobile-attack-malware': 'tool',
|
||||
'tool': 'tool',
|
||||
# 'preventive-measure': '',
|
||||
# 'sector': '',
|
||||
'mitre-malware': 'tool',
|
||||
'banker': 'tool',
|
||||
# 'branded-vulnerability': '',
|
||||
'botnet': 'tool',
|
||||
# 'cert-eu-govsector': '',
|
||||
'threat-actor': 'actor',
|
||||
'mitre-enterprise-attack-tool': 'tool',
|
||||
'android': 'tool',
|
||||
# 'mitre-mobile-attack-course-of-action': '',
|
||||
'mitre-pre-attack-intrusion-set': 'actor',
|
||||
# 'mitre-enterprise-attack-relationship': '',
|
||||
'tds': 'tool',
|
||||
'malpedia': 'tool'
|
||||
}
|
||||
|
||||
|
||||
def gen_dot(uuid):
|
||||
things_to_keep = [uuid] # '5b4ee3ea-eee3-4c8e-8323-85ae32658754' = threat-actor=Sofacy
|
||||
# ' 5e0a7cf2-6107-4d5f-9dd0-9df38b1fcba8' = APT30
|
||||
things_seen = things_to_keep.copy()
|
||||
|
||||
dot = []
|
||||
while len(things_to_keep) > 0:
|
||||
new_things_to_keep = []
|
||||
for galaxy in galaxies:
|
||||
for cluster in galaxy['values']:
|
||||
if 'related' not in cluster:
|
||||
continue
|
||||
src_tag = gen_galaxy_tag(galaxy['type'], cluster['value'])
|
||||
if cluster['uuid'] not in things_to_keep:
|
||||
continue
|
||||
node_params = []
|
||||
node_params.append('label="{}\n{}"'.format(galaxy['type'], cluster['value']))
|
||||
if type_mapping.get(galaxy['type']) == 'actor':
|
||||
node_params.append('shape=octagon')
|
||||
node_params.append('style=filled,color=indianred1')
|
||||
elif type_mapping.get(galaxy['type']) == 'tool':
|
||||
node_params.append('shape=box')
|
||||
node_params.append('style=filled,color=deepskyblue')
|
||||
else:
|
||||
node_params.append('shape=ellipse')
|
||||
dot.append('"{src}" [{params}];'.format(
|
||||
src=src_tag,
|
||||
params=','.join(node_params)
|
||||
))
|
||||
for relation in cluster['related']:
|
||||
try:
|
||||
dest_tag = cluster_uuids[relation['dest-uuid']]['tag']
|
||||
extra = []
|
||||
if relation['type'] == 'similar':
|
||||
# make arrow bidirectional
|
||||
extra.append('dir="both"')
|
||||
# prevent double links for 'similar' types
|
||||
if relation['dest-uuid'] in things_seen:
|
||||
continue
|
||||
dot.append('"{src}" -> "{dst}" [label="{lbl}",{extra}];'.format(
|
||||
# dot.append('"{src}" -> "{dst}" [{extra}];'.format(
|
||||
src=src_tag,
|
||||
dst=dest_tag,
|
||||
lbl=relation['type'],
|
||||
extra=','.join(extra)
|
||||
))
|
||||
# FIXME - add a separate node with the color, type, format of the source-node
|
||||
|
||||
# prevent something to be processed twice
|
||||
if relation['dest-uuid'] not in things_seen:
|
||||
new_things_to_keep.append(relation['dest-uuid'])
|
||||
things_seen.append(relation['dest-uuid'])
|
||||
except KeyError:
|
||||
# skip uuids not found
|
||||
pass
|
||||
# print(new_things_to_keep)
|
||||
things_to_keep = new_things_to_keep.copy()
|
||||
|
||||
|
||||
return dot
|
||||
|
||||
if args.uuid:
|
||||
uuid = args.uuid
|
||||
dot = []
|
||||
# dot.append('digraph G {')
|
||||
dot.append('concentrate=true;')
|
||||
dot.append('overlap=scale;')
|
||||
generated_dot = gen_dot(uuid)
|
||||
if len(generated_dot) == 0:
|
||||
print("Empty graph for uuid: {}".format(uuid))
|
||||
exit()
|
||||
print("Generating graph for uuid: {}".format(uuid))
|
||||
dot += generated_dot
|
||||
# dot.append('}')
|
||||
# dg.source = '\n'.join(dot)
|
||||
dg = Digraph(engine='neato', format='png', body=dot)
|
||||
# print(dg.source)
|
||||
dg.render(filename='graphs/{}'.format(uuid), cleanup=False)
|
||||
|
||||
elif args.all:
|
||||
for uuid in cluster_uuids.keys():
|
||||
dot = []
|
||||
# dot.append('digraph G {')
|
||||
dot.append('concentrate=true;')
|
||||
dot.append('overlap=scale;')
|
||||
generated_dot = gen_dot(uuid)
|
||||
if len(generated_dot) == 0:
|
||||
print("Empty graph for uuid: {}".format(uuid))
|
||||
continue
|
||||
|
||||
print("Generating graph for uuid: {}".format(uuid))
|
||||
dot += generated_dot
|
||||
# dot.append('}')
|
||||
# dg.source = '\n'.join(dot)
|
||||
|
||||
dg = Digraph(format='png', body=dot)
|
||||
#print(dg.source)
|
||||
dg.render(filename='graphs/{}'.format(uuid))
|
||||
else:
|
||||
exit("No parameters given, use --help for more info.")
|
|
@ -1,102 +0,0 @@
|
|||
#!/usr/bin/env python
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
import json
|
||||
import re
|
||||
import os
|
||||
import argparse
|
||||
|
||||
parser = argparse.ArgumentParser(description='Create a couple galaxy/cluster with cti\'s relationship\nMust be in the mitre/cti/enterprise-attack/relationship folder')
|
||||
parser.add_argument("-v", "--version", type=int, required=True, help="Version of the galaxy. Please increment the previous one")
|
||||
args = parser.parse_args()
|
||||
|
||||
values = []
|
||||
|
||||
path = "relationship/"
|
||||
for element in os.listdir(path):
|
||||
with open(path+element) as json_data:
|
||||
d = json.load(json_data)
|
||||
json_data.close()
|
||||
|
||||
temp = d['objects'][0]
|
||||
source = temp['source_ref']
|
||||
target = temp['target_ref']
|
||||
relationship = temp['relationship_type']
|
||||
|
||||
if source.startswith('attack-pattern'):
|
||||
paths = "attack-pattern/"
|
||||
elif source.startswith('course-of-action'):
|
||||
paths = "course-of-action/"
|
||||
elif source.startswith('identity'):
|
||||
paths = "identity/"
|
||||
elif source.startswith('intrusion-set'):
|
||||
paths = "intrusion-set/"
|
||||
elif source.startswith('malware'):
|
||||
paths = "malware/"
|
||||
elif source.startswith('marking-definition'):
|
||||
paths = "marking-definition/"
|
||||
elif source.startswith('tool'):
|
||||
paths = "tool/"
|
||||
else:
|
||||
print('Invalid value')
|
||||
continue
|
||||
|
||||
with open(paths+source+'.json') as json_data:
|
||||
s = json.load(json_data)
|
||||
json_data.close()
|
||||
|
||||
if target.startswith('attack-pattern'):
|
||||
patht = "attack-pattern/"
|
||||
elif target.startswith('course-of-action'):
|
||||
patht = "course-of-action/"
|
||||
elif target.startswith('identity'):
|
||||
patht = "identity/"
|
||||
elif target.startswith('intrusion-set'):
|
||||
patht = "intrusion-set/"
|
||||
elif target.startswith('malware'):
|
||||
patht = "malware/"
|
||||
elif target.startswith('marking-definition'):
|
||||
patht = "marking-definition/"
|
||||
elif target.startswith('tool'):
|
||||
patht = "tool/"
|
||||
else:
|
||||
print('Invalid value')
|
||||
continue
|
||||
|
||||
with open(patht+target+'.json') as json_data:
|
||||
t = json.load(json_data)
|
||||
json_data.close()
|
||||
|
||||
value = {}
|
||||
value['meta'] = {}
|
||||
value['uuid'] = re.search('--(.*)$', temp['id']).group(0)[2:]
|
||||
value['meta']['source-uuid'] = re.search('--(.*)$', s['objects'][0]['id']).group(0)[2:]
|
||||
value['meta']['target-uuid'] = re.search('--(.*)$', t['objects'][0]['id']).group(0)[2:]
|
||||
value['value'] = s['objects'][0]['name'] + ' (' + s['objects'][0]['external_references'][0]['external_id'] + ') ' + relationship + ' ' + t['objects'][0]['name'] + ' (' + t['objects'][0]['external_references'][0]['external_id'] + ')'
|
||||
# value['value'] = s['objects'][0]['name'] + ' ' + relationship + ' ' + t['objects'][0]['name']
|
||||
values.append(value)
|
||||
|
||||
galaxy = {}
|
||||
galaxy['name'] = "Enterprise Attack - Relationship"
|
||||
galaxy['type'] = "mitre-enterprise-attack-relationship"
|
||||
galaxy['description'] = "Mitre Relationship"
|
||||
galaxy['uuid' ] = "fc404638-1707-11e8-a5cf-b78b9b562766"
|
||||
galaxy['version'] = args.version
|
||||
galaxy['icon'] = "link"
|
||||
galaxy['namespace'] = "mitre-attack"
|
||||
|
||||
cluster = {}
|
||||
cluster['name'] = "Enterprise Attack - Relationship"
|
||||
cluster['type'] = "mitre-enterprise-attack-relationship"
|
||||
cluster['description'] = "MITRE Relationship"
|
||||
cluster['version'] = args.version
|
||||
cluster['source'] = "https://github.com/mitre/cti"
|
||||
cluster['uuid' ] = "fc605f90-1707-11e8-9d6a-9f165ac2ab5c"
|
||||
cluster['authors'] = ["MITRE"]
|
||||
cluster['values'] = values
|
||||
|
||||
with open('generate/galaxies/mitre-enterprise-attack-relationship.json', 'w') as galaxy_file:
|
||||
json.dump(galaxy, galaxy_file, indent=4)
|
||||
|
||||
with open('generate/clusters/mitre-enterprise-attack-relationship.json', 'w') as cluster_file:
|
||||
json.dump(cluster, cluster_file, indent=4)
|
|
@ -1,101 +0,0 @@
|
|||
#!/usr/bin/env python
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
import json
|
||||
import re
|
||||
import os
|
||||
import argparse
|
||||
|
||||
parser = argparse.ArgumentParser(description='Create a couple galaxy/cluster with cti\'s relationship\nMust be in the mitre/cti/mobile-attack/relationship folder')
|
||||
parser.add_argument("-v", "--version", type=int, required=True, help="Version of the galaxy. Please increment the previous one")
|
||||
args = parser.parse_args()
|
||||
|
||||
values = []
|
||||
|
||||
path = "relationship/"
|
||||
for element in os.listdir(path):
|
||||
with open(path+element) as json_data:
|
||||
d = json.load(json_data)
|
||||
json_data.close()
|
||||
|
||||
temp = d['objects'][0]
|
||||
source = temp['source_ref']
|
||||
target = temp['target_ref']
|
||||
relationship = temp['relationship_type']
|
||||
|
||||
if source.startswith('attack-pattern'):
|
||||
paths = "attack-pattern/"
|
||||
elif source.startswith('course-of-action'):
|
||||
paths = "course-of-action/"
|
||||
elif source.startswith('identity'):
|
||||
paths = "identity/"
|
||||
elif source.startswith('intrusion-set'):
|
||||
paths = "intrusion-set/"
|
||||
elif source.startswith('malware'):
|
||||
paths = "malware/"
|
||||
elif source.startswith('marking-definition'):
|
||||
paths = "marking-definition/"
|
||||
elif source.startswith('tool'):
|
||||
paths = "tool/"
|
||||
else:
|
||||
print('Invalid value')
|
||||
continue
|
||||
|
||||
with open(paths+source+'.json') as json_data:
|
||||
s = json.load(json_data)
|
||||
json_data.close()
|
||||
|
||||
if target.startswith('attack-pattern'):
|
||||
patht = "attack-pattern/"
|
||||
elif target.startswith('course-of-action'):
|
||||
patht = "course-of-action/"
|
||||
elif target.startswith('identity'):
|
||||
patht = "identity/"
|
||||
elif target.startswith('intrusion-set'):
|
||||
patht = "intrusion-set/"
|
||||
elif target.startswith('malware'):
|
||||
patht = "malware/"
|
||||
elif target.startswith('marking-definition'):
|
||||
patht = "marking-definition/"
|
||||
elif target.startswith('tool'):
|
||||
patht = "tool/"
|
||||
else:
|
||||
print('Invalid value')
|
||||
continue
|
||||
|
||||
with open(patht+target+'.json') as json_data:
|
||||
t = json.load(json_data)
|
||||
json_data.close()
|
||||
|
||||
value = {}
|
||||
value['meta'] = {}
|
||||
value['uuid'] = re.search('--(.*)$', temp['id']).group(0)[2:]
|
||||
value['meta']['source-uuid'] = re.search('--(.*)$', s['objects'][0]['id']).group(0)[2:]
|
||||
value['meta']['target-uuid'] = re.search('--(.*)$', t['objects'][0]['id']).group(0)[2:]
|
||||
value['value'] = s['objects'][0]['name'] + ' (' + s['objects'][0]['external_references'][0]['external_id'] + ') ' + relationship + ' ' + t['objects'][0]['name'] + ' (' + t['objects'][0]['external_references'][0]['external_id'] + ')'
|
||||
values.append(value)
|
||||
|
||||
galaxy = {}
|
||||
galaxy['name'] = "Mobile Attack - Relationship"
|
||||
galaxy['type'] = "mitre-mobile-attack-relationship"
|
||||
galaxy['description'] = "Mitre Relationship"
|
||||
galaxy['uuid' ] = "fc8471aa-1707-11e8-b306-33cbe96a1ede"
|
||||
galaxy['version'] = args.version
|
||||
galaxy['icon'] = "link"
|
||||
galaxy['namespace'] = "mitre-attack"
|
||||
|
||||
cluster = {}
|
||||
cluster['name'] = "Mobile Attack - Relationship"
|
||||
cluster['type'] = "mitre-mobile-attack-relationship"
|
||||
cluster['description'] = "MITRE Relationship"
|
||||
cluster['version'] = args.version
|
||||
cluster['source'] = "https://github.com/mitre/cti"
|
||||
cluster['uuid' ] = "02f1fc42-1708-11e8-a4f2-eb70472c5901"
|
||||
cluster['authors'] = ["MITRE"]
|
||||
cluster['values'] = values
|
||||
|
||||
with open('generate/galaxies/mitre-mobile-attack-relationship.json', 'w') as galaxy_file:
|
||||
json.dump(galaxy, galaxy_file, indent=4)
|
||||
|
||||
with open('generate/clusters/mitre-mobile-attack-relationship.json', 'w') as cluster_file:
|
||||
json.dump(cluster, cluster_file, indent=4)
|
|
@ -1,102 +0,0 @@
|
|||
#!/usr/bin/env python
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
import json
|
||||
import re
|
||||
import os
|
||||
import argparse
|
||||
|
||||
parser = argparse.ArgumentParser(description='Create a couple galaxy/cluster with cti\'s relationship\nMust be in the mitre/cti/pre-attack/relationship folder')
|
||||
parser.add_argument("-v", "--version", type=int, required=True, help="Version of the galaxy. Please increment the previous one")
|
||||
args = parser.parse_args()
|
||||
|
||||
values = []
|
||||
|
||||
path = "relationship/"
|
||||
for element in os.listdir(path):
|
||||
with open(path+element) as json_data:
|
||||
d = json.load(json_data)
|
||||
json_data.close()
|
||||
|
||||
temp = d['objects'][0]
|
||||
source = temp['source_ref']
|
||||
target = temp['target_ref']
|
||||
relationship = temp['relationship_type']
|
||||
|
||||
if source.startswith('attack-pattern'):
|
||||
paths = "attack-pattern/"
|
||||
elif source.startswith('course-of-action'):
|
||||
paths = "course-of-action/"
|
||||
elif source.startswith('identity'):
|
||||
paths = "identity/"
|
||||
elif source.startswith('intrusion-set'):
|
||||
paths = "intrusion-set/"
|
||||
elif source.startswith('malware'):
|
||||
paths = "malware/"
|
||||
elif source.startswith('marking-definition'):
|
||||
paths = "marking-definition/"
|
||||
elif source.startswith('tool'):
|
||||
paths = "tool/"
|
||||
else:
|
||||
print('Invalid value')
|
||||
continue
|
||||
|
||||
with open(paths+source+'.json') as json_data:
|
||||
s = json.load(json_data)
|
||||
json_data.close()
|
||||
|
||||
if target.startswith('attack-pattern'):
|
||||
patht = "attack-pattern/"
|
||||
elif target.startswith('course-of-action'):
|
||||
patht = "course-of-action/"
|
||||
elif target.startswith('identity'):
|
||||
patht = "identity/"
|
||||
elif target.startswith('intrusion-set'):
|
||||
patht = "intrusion-set/"
|
||||
elif target.startswith('malware'):
|
||||
patht = "malware/"
|
||||
elif target.startswith('marking-definition'):
|
||||
patht = "marking-definition/"
|
||||
elif target.startswith('tool'):
|
||||
patht = "tool/"
|
||||
else:
|
||||
print('Invalid value')
|
||||
continue
|
||||
|
||||
with open(patht+target+'.json') as json_data:
|
||||
t = json.load(json_data)
|
||||
json_data.close()
|
||||
|
||||
value = {}
|
||||
value['meta'] = {}
|
||||
value['uuid'] = re.search('--(.*)$', temp['id']).group(0)[2:]
|
||||
value['meta']['source-uuid'] = re.search('--(.*)$', s['objects'][0]['id']).group(0)[2:]
|
||||
value['meta']['target-uuid'] = re.search('--(.*)$', t['objects'][0]['id']).group(0)[2:]
|
||||
value['value'] = s['objects'][0]['name'] + ' (' + s['objects'][0]['external_references'][0]['external_id'] + ') ' + relationship + ' ' + t['objects'][0]['name'] + ' (' + t['objects'][0]['external_references'][0]['external_id'] + ')'
|
||||
# value['value'] = s['objects'][0]['name'] + ' ' + relationship + ' ' + t['objects'][0]['name']
|
||||
values.append(value)
|
||||
|
||||
galaxy = {}
|
||||
galaxy['name'] = "Pre Attack - Relationship"
|
||||
galaxy['type'] = "mitre-pre-attack-relationship"
|
||||
galaxy['description'] = "Mitre Relationship"
|
||||
galaxy['uuid' ] = "1f8e3bae-1708-11e8-8e97-4bd2150e5aae"
|
||||
galaxy['version'] = args.version
|
||||
galaxy['icon'] = "link"
|
||||
galaxy['namespace'] = "mitre-attack"
|
||||
|
||||
cluster = {}
|
||||
cluster['name'] = "Pre Attack - Relationship"
|
||||
cluster['type'] = "mitre-pre-attack-relationship"
|
||||
cluster['description'] = "MITRE Relationship"
|
||||
cluster['version'] = args.version
|
||||
cluster['source'] = "https://github.com/mitre/cti"
|
||||
cluster['uuid' ] = "1ffd3108-1708-11e8-9f98-67b378d9094c"
|
||||
cluster['authors'] = ["MITRE"]
|
||||
cluster['values'] = values
|
||||
|
||||
with open('generate/galaxies/mitre-pre-attack-relationship.json', 'w') as galaxy_file:
|
||||
json.dump(galaxy, galaxy_file, indent=4)
|
||||
|
||||
with open('generate/clusters/mitre-pre-attack-relationship.json', 'w') as cluster_file:
|
||||
json.dump(cluster, cluster_file, indent=4)
|
97
tools/mitre-cti/v2.0/create_mitre_relationships.py
Executable file
97
tools/mitre-cti/v2.0/create_mitre_relationships.py
Executable file
|
@ -0,0 +1,97 @@
|
|||
#!/usr/bin/env python3
|
||||
|
||||
|
||||
import json
|
||||
import re
|
||||
import os
|
||||
import argparse
|
||||
|
||||
parser = argparse.ArgumentParser(description='Create a couple galaxy/cluster with cti\'s relationship\nMust be in the mitre/cti/enterprise-attack/relationship folder')
|
||||
parser.add_argument("-p", "--path", required=True, help="Path of the mitre/cti folder")
|
||||
args = parser.parse_args()
|
||||
|
||||
|
||||
|
||||
# read out all clusters and map them based on uuid
|
||||
|
||||
|
||||
# build a mapping between uuids and Clusters
|
||||
clusters = []
|
||||
pathClusters = '../../../clusters'
|
||||
for f in os.listdir(pathClusters):
|
||||
if '.json' in f:
|
||||
clusters.append(f)
|
||||
clusters.sort()
|
||||
|
||||
cluster_uuids = {}
|
||||
for cluster in clusters:
|
||||
fullPathClusters = os.path.join(pathClusters, cluster)
|
||||
with open(fullPathClusters) as fp:
|
||||
c = json.load(fp)
|
||||
for v in c['values']:
|
||||
if 'uuid' not in v:
|
||||
continue
|
||||
cluster_uuids[v['uuid']] = cluster
|
||||
|
||||
|
||||
# read out all STIX mappings and store them in a list
|
||||
stix_relations = {}
|
||||
for subfolder in ['mobile-attack', 'pre-attack', 'enterprise-attack']:
|
||||
curr_dir = os.path.join(args.path, subfolder, 'relationship')
|
||||
for stix_fname in os.listdir(curr_dir):
|
||||
with open(os.path.join(curr_dir, stix_fname)) as f:
|
||||
json_data = json.load(f)
|
||||
for o in json_data['objects']:
|
||||
rel_type = o['relationship_type']
|
||||
dest_uuid = re.findall(r'--([0-9a-f-]+)', o['target_ref']).pop()
|
||||
uuid = re.findall(r'--([0-9a-f-]+)', o['source_ref']).pop()
|
||||
tags = []
|
||||
galaxy_fname = cluster_uuids[uuid]
|
||||
# print("{} \t {} \t {} \t {}".format(rel_type, uuid, dest_uuid, galaxy_fname))
|
||||
if not stix_relations.get(galaxy_fname):
|
||||
stix_relations[galaxy_fname] = {}
|
||||
stix_relations[galaxy_fname][uuid] = {
|
||||
"dest-uuid": dest_uuid,
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": rel_type
|
||||
}
|
||||
|
||||
|
||||
# for each correlation per galaxy-file ,
|
||||
# open the file,
|
||||
# add the relationship,
|
||||
# and save the galaxy file
|
||||
for galaxy_fname, relations in stix_relations.items():
|
||||
print("############# {}".format(galaxy_fname))
|
||||
with open(os.path.join(pathClusters, galaxy_fname)) as f_in:
|
||||
file_json = json.load(f_in)
|
||||
|
||||
for k, v in relations.items():
|
||||
# print("{} \t {}".format(k, v))
|
||||
for cluster in file_json['values']:
|
||||
if cluster['uuid'] == k:
|
||||
# skip if mapping already exists
|
||||
skip = False
|
||||
if 'related' in cluster:
|
||||
for r in cluster['related']:
|
||||
if r['dest-uuid'] == v['dest-uuid']:
|
||||
print(" Mapping already exists! skipping... {}".format(v))
|
||||
skip = True
|
||||
break
|
||||
if skip:
|
||||
break
|
||||
if 'related' not in cluster:
|
||||
cluster['related'] = []
|
||||
cluster['related'].append(v)
|
||||
print(" Adding mapping: {}".format(v))
|
||||
break
|
||||
|
||||
# increment version
|
||||
file_json['version'] += 1
|
||||
|
||||
with open(os.path.join(pathClusters, galaxy_fname), 'w') as f_out:
|
||||
json.dump(file_json, f_out, indent=2, sort_keys=True, ensure_ascii=False)
|
||||
|
||||
file_json = None
|
Loading…
Reference in a new issue