diff --git a/clusters/tidal-software.json b/clusters/tidal-software.json
index e68ae49..a5dc88e 100644
--- a/clusters/tidal-software.json
+++ b/clusters/tidal-software.json
@@ -22752,6 +22752,10 @@
{
"dest-uuid": "a4700431-6578-489f-9782-52e394277296",
"type": "similar"
+ },
+ {
+ "dest-uuid": "49d0ae81-d51b-4534-b1e0-08371a47ef79",
+ "type": "similar"
}
],
"uuid": "6812793e-6342-4da6-b77f-ed29fab1fd9a",
@@ -30905,20 +30909,6 @@
"uuid": "2143f749-d7b8-43c0-8041-8aeb486142c2",
"value": "TestWindowRemoteAgent"
},
- {
- "description": "Based on similar descriptions of functionality, it appears S0146, as named by FireEye, is the same as Stage 4 of a backdoor named DNSMessenger by Cisco's Talos Intelligence Group. However, FireEye appears to break DNSMessenger into two parts: S0145 and S0146. [[Cisco DNSMessenger March 2017](https://app.tidalcyber.com/references/49f22ba2-5aca-4204-858e-c2499a7050ae)] [[FireEye FIN7 March 2017](https://app.tidalcyber.com/references/7987bb91-ec41-42f8-bd2d-dabc26509a08)]",
- "meta": {
- "id": "1b0ec06d-0748-42ea-912f-e23f14d94b95"
- },
- "related": [
- {
- "dest-uuid": "49d0ae81-d51b-4534-b1e0-08371a47ef79",
- "type": "similar"
- }
- ],
- "uuid": "6812793e-6342-4da6-b77f-ed29fab1fd9a",
- "value": "DNSMessenger - Associated Software"
- },
{
"description": "[TEXTMATE](https://app.tidalcyber.com/software/49d0ae81-d51b-4534-b1e0-08371a47ef79) is a second-stage PowerShell backdoor that is memory-resident. It was observed being used along with [POWERSOURCE](https://app.tidalcyber.com/software/a4700431-6578-489f-9782-52e394277296) in February 2017. [[FireEye FIN7 March 2017](https://app.tidalcyber.com/references/7987bb91-ec41-42f8-bd2d-dabc26509a08)]",
"meta": {
@@ -30942,10 +30932,6 @@
{
"dest-uuid": "4f6aa78c-c3d4-4883-9840-96ca2f5d6d47",
"type": "similar"
- },
- {
- "dest-uuid": "6812793e-6342-4da6-b77f-ed29fab1fd9a",
- "type": "similar"
}
],
"uuid": "49d0ae81-d51b-4534-b1e0-08371a47ef79",
diff --git a/tools/tidal-api/models/cluster.py b/tools/tidal-api/models/cluster.py
index b793bed..df22826 100644
--- a/tools/tidal-api/models/cluster.py
+++ b/tools/tidal-api/models/cluster.py
@@ -221,6 +221,19 @@ class GroupCluster(Cluster):
)
if self.subs:
for associated_group in entry.get("associated_groups"):
+ found = False
+ for x in self.values:
+ if associated_group.get("associated_group_id") == x.get("uuid"):
+ x["related"].append(
+ {
+ "dest-uuid": entry.get("id"),
+ "type": "similar",
+ }
+ )
+ found = True
+ break
+ if found:
+ continue
associated_meta = AssociatedGroupsMeta(
id=associated_group.get("id"),
owner_id=associated_group.get("owner_id"),
@@ -322,6 +335,19 @@ class SoftwareCluster(Cluster):
)
if self.subs:
for associated_software in entry.get("associated_software"):
+ found = False
+ for x in self.values:
+ if associated_software.get("associated_software_id") == x.get("uuid"):
+ x["related"].append(
+ {
+ "dest-uuid": entry.get("id"),
+ "type": "similar",
+ }
+ )
+ found = True
+ break
+ if found:
+ continue
associated_meta = AssociatedSoftwareMeta(
id=associated_software.get("id"),
owner_id=associated_software.get("owner_id"),