mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-22 14:57:18 +00:00
chg: MITRE relationships included in the respective cluster.
This commit is contained in:
parent
c49b3242a5
commit
c51ba2e868
13 changed files with 5126 additions and 323 deletions
File diff suppressed because it is too large
Load diff
|
@ -27,6 +27,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "7ecc3b4f-5cdb-457e-b55a-df376b359446",
|
||||
|
@ -44,6 +51,15 @@
|
|||
"Group5"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "7331c66a-5601-4d3f-acf6-ad9e3035eb40",
|
||||
"value": "Group5 - G0043"
|
||||
},
|
||||
|
@ -67,6 +83,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "fe98767f-9df8-42b9-83c9-004b1dec8647",
|
||||
|
@ -91,6 +114,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "b42378e0-f147-496f-992a-26a49705395b",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "16ade1aa-0ea1-4bb7-88cc-9079df2ae756",
|
||||
|
@ -108,6 +138,15 @@
|
|||
"RTM"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "92ec0cbd-2c30-44a2-b270-73f4ec949841",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "c416b28c-103b-4df1-909e-78089a7e0e5f",
|
||||
"value": "RTM - G0048"
|
||||
},
|
||||
|
@ -145,6 +184,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "d1acfbb3-647b-4723-9154-800ec119006e",
|
||||
|
@ -216,6 +262,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "f9c06633-dcff-48a1-8588-759e7cec5694",
|
||||
|
@ -250,6 +303,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "c5947e1c-1cbc-434c-94b8-27c7e3be0fff",
|
||||
|
@ -289,6 +349,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "a653431d-6a5e-4600-8ad3-609b5af57064",
|
||||
|
@ -314,6 +381,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "df71bb3b-813c-45eb-a8bc-f2a419837411",
|
||||
|
@ -340,6 +414,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "69d6f4a9-fcf0-4f51-bca7-597c51ad0bb8",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "277d2f87-2ae5-4730-a3aa-50c1fdff9656",
|
||||
|
@ -379,6 +460,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "381fcf73-60f6-4ab2-9991-6af3cbc35192",
|
||||
|
@ -403,6 +491,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "9422fc14-1c43-410d-ab0f-a709b76c72dc",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "2a7914cf-dff3-428d-ab0f-1014d1c28aeb",
|
||||
|
@ -427,6 +522,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "ae41895a-243f-4a65-b99b-d85022326c31",
|
||||
|
@ -451,6 +553,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "62a64fd3-aaf7-4d09-a375-d6f8bb118481",
|
||||
|
@ -487,6 +596,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "4a2ce82e-1a74-468a-a6fb-bbead541383c",
|
||||
|
@ -631,6 +747,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "a8d3d497-2da9-4797-8e0b-ed176be08654",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "025bdaa9-897d-4bad-afa6-013ba5734653",
|
||||
|
@ -655,6 +778,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "68ba94ab-78b8-43e7-83e2-aed3466882c6",
|
||||
|
@ -679,6 +809,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "519630c5-f03f-4882-825c-3af924935817",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "2e5d3a83-fe00-41a5-9b60-237efc84832f",
|
||||
|
@ -721,6 +858,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "294e2560-bd48-44b2-9da2-833b5588ad11",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "fb366179-766c-4a4a-afa1-52bff1fd601c",
|
||||
|
@ -746,6 +890,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "b42378e0-f147-496f-992a-26a49705395b",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "f3bdec95-3d62-42d9-a840-29630f6cdc1a",
|
||||
|
@ -797,6 +948,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "fbe9387f-34e6-4828-ac28-3080020c597b",
|
||||
|
@ -840,6 +998,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "4ca1929c-7d64-4aab-b849-badbfc0c760d",
|
||||
|
@ -864,6 +1029,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "e48df773-7c95-4a4c-ba70-ea3d15900148",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "7636484c-adc5-45d4-9bfe-c3e062fbc4a0",
|
||||
|
@ -883,6 +1055,15 @@
|
|||
"FIN5"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "0e18b800-906c-4e44-a143-b11c72b3448b",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "85403903-15e0-4f9f-9be4-a259ecad4022",
|
||||
"value": "FIN5 - G0053"
|
||||
},
|
||||
|
@ -900,6 +1081,15 @@
|
|||
"BlackOasis"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "da49b9f1-ca99-443f-9728-0a074db66850",
|
||||
"value": "BlackOasis - G0063"
|
||||
},
|
||||
|
@ -915,6 +1105,15 @@
|
|||
"Taidoor"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "4b74a1d4-b0e9-4ef1-93f1-14ecc6e2f5b5",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "59140a2e-d117-4206-9b2c-2a8662bd9d46",
|
||||
"value": "Taidoor - G0015"
|
||||
},
|
||||
|
@ -979,6 +1178,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "5a63f900-5e7e-4928-a746-dd4558e1df71",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "2a158b0a-7ef8-43cb-9985-bf34d1e12050",
|
||||
|
@ -996,6 +1202,15 @@
|
|||
"Ke3chang"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "72b74d71-8169-42aa-92e0-e7b04b9f5a08",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "6713ab67-e25b-49cc-808d-2b36d4fbc35c",
|
||||
"value": "Ke3chang - G0004"
|
||||
},
|
||||
|
@ -1027,6 +1242,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "247cb30b-955f-42eb-97a5-a89fef69341e",
|
||||
|
@ -1052,6 +1274,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "a127c32c-cbb0-4f9d-be07-881a792408ec",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "269e8108-68c6-4f99-b911-14b2e765dec2",
|
||||
|
@ -1088,6 +1317,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "17862c7d-9e60-48a0-b48e-da4dc4c3f6b0",
|
||||
|
@ -1127,6 +1363,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "fb261c56-b80e-43a9-8351-c84081e7213d",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "f047ee18-7985-4946-8bfb-4ed754d3a0dd",
|
||||
|
@ -1224,6 +1467,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "3753cc21-2dae-4dfb-8481-d004e74502cc",
|
||||
|
@ -1258,6 +1508,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "0bbdf25b-30ff-4894-a1cd-49260d0dd2d9",
|
||||
|
@ -1282,6 +1539,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "54a649ff-439a-41a4-9856-8d144a2551ba",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "0ea72cd5-ca30-46ba-bc04-378f701c658f",
|
||||
|
@ -1318,6 +1582,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "ffe742ed-9100-4686-9e00-c331da544787",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "c93fccb1-e8e8-42cf-ae33-2ad1d183913a",
|
||||
|
@ -1343,6 +1614,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "0f862b01-99da-47cc-9bdb-db4a86a95bb1",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "88b7dbc2-32d3-4e31-af2f-3fc24e1582d7",
|
||||
|
@ -1360,6 +1638,15 @@
|
|||
"Equation"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "10d5f3b7-6be6-4da5-9a77-0f1e2bbfcc44",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "96e239be-ad99-49eb-b127-3007b8c1bec9",
|
||||
"value": "Equation - G0020"
|
||||
},
|
||||
|
@ -1375,6 +1662,15 @@
|
|||
"Darkhotel"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "9422fc14-1c43-410d-ab0f-a709b76c72dc",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "9e729a7e-0dd6-4097-95bf-db8d64911383",
|
||||
"value": "Darkhotel - G0012"
|
||||
},
|
||||
|
@ -1398,6 +1694,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "82cb34ba-02b5-432b-b2d2-07f55cbf674d",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1",
|
||||
|
@ -1422,6 +1725,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "1b84d551-6de8-4b96-9930-d177677c3b1d",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "5cbe0d3b-6fb1-471f-b591-4b192915116d",
|
||||
|
@ -1446,6 +1756,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "894aab42-3371-47b1-8859-a4a074c804c8",
|
||||
|
@ -1473,6 +1790,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "9422fc14-1c43-410d-ab0f-a709b76c72dc",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "93f52415-0fe4-4d3d-896c-fc9b8e88ab90",
|
||||
|
@ -1497,6 +1821,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "dfb5fa9b-3051-4b97-8035-08f80aef945b",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "c5574ca0-d5a4-490a-b207-e4658e5fd1d7",
|
||||
|
@ -1515,6 +1846,15 @@
|
|||
"TG-1314"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "92a78814-b191-47ca-909c-1ccfe3777414",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "d519164e-f5fa-4b8c-a1fb-cf0172ad0983",
|
||||
"value": "Threat Group-1314 - G0028"
|
||||
},
|
||||
|
@ -1547,6 +1887,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "6b62e336-176f-417b-856a-8552dd8c44e1",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "7a19ecb1-3c65-4de3-a230-993516aed6a6",
|
||||
|
@ -1576,6 +1923,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "03506554-5f37-4f8f-9ce4-0e9f01a1b484",
|
||||
|
@ -1604,6 +1958,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "ca1a3f50-5ebd-41f8-8320-2c7d6a6e88be",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "899ce53f-13a0-479b-a0e4-67d46e241542",
|
||||
|
@ -1636,6 +1997,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "222fbd21-fc4f-4b7e-9f85-0e6e3a76c33f",
|
||||
|
@ -1662,6 +2030,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "7bec698a-7e20-4fd3-bb6a-12787770fb1a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "5ce5392a-3a6c-4e07-9df3-9b6a9159ac45",
|
||||
|
@ -1697,6 +2072,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "a0cb9370-e39b-44d5-9f50-ef78e412b973",
|
||||
|
@ -1776,6 +2158,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13",
|
||||
|
@ -1801,6 +2190,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "ffe742ed-9100-4686-9e00-c331da544787",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "fd19bd82-1b14-49a1-a176-6cdc46b8a826",
|
||||
|
@ -1833,6 +2229,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "691c60e2-273d-4d56-9ce6-b67e0f8719ad",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "efed95ba-d7e8-47ff-8c53-99c42426ee7c",
|
||||
|
@ -1860,6 +2263,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "55033a4d-3ffe-46b2-99b4-2c1541e9ce1c",
|
||||
|
@ -1892,6 +2302,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "20138b9d-1aac-4a26-8654-a36b6bbf2bba",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "fbd29c89-18ba-4c2d-b792-51c0adee049f",
|
||||
|
@ -1933,6 +2350,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "56fca983-1cf1-4fd1-bda0-5e170a37ab59",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "38fd6a28-3353-4f2b-bb2b-459fecd5c648",
|
||||
|
@ -1959,6 +2383,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "e906ae4d-1d3a-4675-be23-22f7311c0da4",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "7113eaa5-ba79-4fb3-b68a-398ee9cd698e",
|
||||
|
@ -1985,6 +2416,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "dcd81c6e-ebf7-4a16-93e0-9a97fa49c88a",
|
||||
|
@ -2009,11 +2447,18 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "2e290bfe-93b5-48ce-97d6-edcd6d32b7cf",
|
||||
"value": "Gamaredon Group - G0047"
|
||||
}
|
||||
],
|
||||
"version": 5
|
||||
}
|
||||
"version": 6
|
||||
}
|
File diff suppressed because it is too large
Load diff
|
@ -28,6 +28,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "f44731de-ea9f-406d-9b83-30ecbb9b4392",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "96fd6cc4-a693-4118-83ec-619e5352d07d",
|
||||
|
@ -46,6 +53,15 @@
|
|||
"at.exe"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "0c8465c0-d0b4-4670-992e-4eee8d7ff952",
|
||||
"value": "at - S0110"
|
||||
},
|
||||
|
@ -62,6 +78,15 @@
|
|||
"route.exe"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "c11ac61d-50f4-444f-85d8-6f006067f0de",
|
||||
"value": "route - S0103"
|
||||
},
|
||||
|
@ -77,6 +102,15 @@
|
|||
"Tasklist"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "2e45723a-31da-4a7e-aaa6-e01998a6788f",
|
||||
"value": "Tasklist - S0057"
|
||||
},
|
||||
|
@ -93,6 +127,15 @@
|
|||
"WCE"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "242f3da3-4425-4d11-8f5c-b842886da966",
|
||||
"value": "Windows Credential Editor - S0005"
|
||||
},
|
||||
|
@ -108,6 +151,15 @@
|
|||
"Responder"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "a1dd2dbd-1550-44bf-abcc-1a4c52e97719",
|
||||
"value": "Responder - S0174"
|
||||
},
|
||||
|
@ -124,6 +176,15 @@
|
|||
"schtasks.exe"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "c9703cd3-141c-43a0-a926-380082be5d04",
|
||||
"value": "schtasks - S0111"
|
||||
},
|
||||
|
@ -146,6 +207,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "ca1a3f50-5ebd-41f8-8320-2c7d6a6e88be",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "102c3898-85e0-43ee-ae28-62a0a3ed9507",
|
||||
|
@ -163,6 +231,15 @@
|
|||
"ifconfig"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "362dc67f-4e85-4562-9dac-1b6b7f3ec4b5",
|
||||
"value": "ifconfig - S0101"
|
||||
},
|
||||
|
@ -178,6 +255,15 @@
|
|||
"BITSAdmin"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "64764dc6-a032-495f-8250-1e4c06bdc163",
|
||||
"value": "BITSAdmin - S0190"
|
||||
},
|
||||
|
@ -201,6 +287,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60",
|
||||
|
@ -218,6 +311,15 @@
|
|||
"xCmd"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "f44731de-ea9f-406d-9b83-30ecbb9b4392",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "4fa49fc0-9162-4bdb-a37e-7aa3dcb6d38b",
|
||||
"value": "xCmd - S0123"
|
||||
},
|
||||
|
@ -233,6 +335,15 @@
|
|||
"MimiPenguin"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "5a33468d-844d-4b1f-98c9-0e786c556b27",
|
||||
"value": "MimiPenguin - S0179"
|
||||
},
|
||||
|
@ -248,6 +359,15 @@
|
|||
"SDelete"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "1b84d551-6de8-4b96-9930-d177677c3b1d",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "d8d19e33-94fd-4aa3-b94a-08ee801a2153",
|
||||
"value": "SDelete - S0195"
|
||||
},
|
||||
|
@ -264,6 +384,15 @@
|
|||
"systeminfo.exe"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1",
|
||||
"value": "Systeminfo - S0096"
|
||||
},
|
||||
|
@ -280,6 +409,15 @@
|
|||
"netsh.exe"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "241814ae-de3f-4656-b49e-f9a80764d4b7",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "5a63f900-5e7e-4928-a746-dd4558e1df71",
|
||||
"value": "netsh - S0108"
|
||||
},
|
||||
|
@ -296,6 +434,15 @@
|
|||
"dsquery.exe"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "38952eac-cb1b-4a71-bad2-ee8223a1c8fe",
|
||||
"value": "dsquery - S0105"
|
||||
},
|
||||
|
@ -318,6 +465,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "b07c2c47-fefb-4d7c-a69e-6a3296171f54",
|
||||
|
@ -336,6 +490,15 @@
|
|||
"ping.exe"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "b77b563c-34bb-4fb8-86a3-3694338f7b47",
|
||||
"value": "Ping - S0097"
|
||||
},
|
||||
|
@ -351,6 +514,15 @@
|
|||
"Fgdump"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "4f45dfeb-fe51-4df0-8db3-edf7dd0513fe",
|
||||
"value": "Fgdump - S0120"
|
||||
},
|
||||
|
@ -366,6 +538,15 @@
|
|||
"Lslsass"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "2fab555f-7664-4623-b4e0-1675ae38190b",
|
||||
"value": "Lslsass - S0121"
|
||||
},
|
||||
|
@ -381,6 +562,15 @@
|
|||
"Pass-The-Hash Toolkit"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "c23b740b-a42b-47a1-aec2-9d48ddd547ff",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "a52edc76-328d-4596-85e7-d56ef5a9eb69",
|
||||
"value": "Pass-The-Hash Toolkit - S0122"
|
||||
},
|
||||
|
@ -397,6 +587,15 @@
|
|||
"ftp.exe"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "cf23bf4a-e003-4116-bbae-1ea6c558d565",
|
||||
"value": "FTP - S0095"
|
||||
},
|
||||
|
@ -413,6 +612,15 @@
|
|||
"ipconfig.exe"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "294e2560-bd48-44b2-9da2-833b5588ad11",
|
||||
"value": "ipconfig - S0100"
|
||||
},
|
||||
|
@ -429,6 +637,15 @@
|
|||
"nbtstat.exe"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "b35068ec-107a-4266-bda8-eb7036267aea",
|
||||
"value": "nbtstat - S0102"
|
||||
},
|
||||
|
@ -452,6 +669,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "d5e96a35-7b0b-4c6a-9533-d63ecbda563e",
|
||||
|
@ -469,6 +693,15 @@
|
|||
"Tor"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "7d751199-05fa-4a72-920f-85df4506c76c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68",
|
||||
"value": "Tor - S0183"
|
||||
},
|
||||
|
@ -485,6 +718,15 @@
|
|||
"netstat.exe"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "4664b683-f578-434f-919b-1c1aad2a1111",
|
||||
"value": "netstat - S0104"
|
||||
},
|
||||
|
@ -500,6 +742,15 @@
|
|||
"pwdump"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "9de2308e-7bed-43a3-8e58-f194b3586700",
|
||||
"value": "pwdump - S0006"
|
||||
},
|
||||
|
@ -515,6 +766,15 @@
|
|||
"Cachedump"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "c9cd7ec9-40b7-49db-80be-1399eddd9c52",
|
||||
"value": "Cachedump - S0119"
|
||||
},
|
||||
|
@ -530,6 +790,15 @@
|
|||
"Forfiles"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "90ec2b22-7061-4469-b539-0989ec4f96c2",
|
||||
"value": "Forfiles - S0193"
|
||||
},
|
||||
|
@ -547,6 +816,15 @@
|
|||
"net.exe"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "b6075259-dba3-44e9-87c7-e954f37ec0d5",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "03342581-f790-4f03-ba41-e82e67392e23",
|
||||
"value": "Net - S0039"
|
||||
},
|
||||
|
@ -570,6 +848,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "ffe742ed-9100-4686-9e00-c331da544787",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db",
|
||||
|
@ -595,6 +880,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "0a68f1f1-da74-4d28-8d9a-696c082706cc",
|
||||
|
@ -613,6 +905,15 @@
|
|||
"arp.exe"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "30489451-5886-4c46-90c9-0dff9adc5252",
|
||||
"value": "Arp - S0099"
|
||||
},
|
||||
|
@ -632,6 +933,15 @@
|
|||
"cmd.exe"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "56fca983-1cf1-4fd1-bda0-5e170a37ab59",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "bba595da-b73a-4354-aa6c-224d4de7cb4e",
|
||||
"value": "cmd - S0106"
|
||||
},
|
||||
|
@ -647,6 +957,15 @@
|
|||
"Havij"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "fbd727ea-c0dc-42a9-8448-9e12962d1ab5",
|
||||
"value": "Havij - S0224"
|
||||
},
|
||||
|
@ -664,6 +983,15 @@
|
|||
"PowerSploit"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "13cd9151-83b7-410d-9f98-25d0f0d1d80d",
|
||||
"value": "PowerSploit - S0194"
|
||||
},
|
||||
|
@ -678,6 +1006,15 @@
|
|||
"meek"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "1ce03c65-5946-4ac9-9d4d-66db87e024bd",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "65370d0b-3bd4-4653-8cf9-daf56f6be830",
|
||||
"value": "meek - S0175"
|
||||
},
|
||||
|
@ -695,6 +1032,15 @@
|
|||
"reg.exe"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "2edd9d6a-5674-4326-a600-ba56de467286",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "cde2d700-9ed1-46cf-9bce-07364fe8b24f",
|
||||
"value": "Reg - S0075"
|
||||
},
|
||||
|
@ -710,6 +1056,15 @@
|
|||
"spwebmember"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "33b9e38f-103c-412d-bdcf-904a91fff1e4",
|
||||
"value": "spwebmember - S0227"
|
||||
},
|
||||
|
@ -732,6 +1087,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "cb69b20d-56d0-41ab-8440-4a4b251614d4",
|
||||
|
@ -749,6 +1111,15 @@
|
|||
"sqlmap"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "9a2640c2-9f43-46fe-b13f-bde881e55555",
|
||||
"value": "sqlmap - S0225"
|
||||
},
|
||||
|
@ -785,6 +1156,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "aafea02e-ece5-4bb2-91a6-3bf8c7f38a39",
|
||||
|
@ -802,9 +1180,18 @@
|
|||
"Invoke-PSImage"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "b52d6583-14a2-4ddc-8527-87fd2142558f",
|
||||
"value": "Invoke-PSImage - S0231"
|
||||
}
|
||||
],
|
||||
"version": 6
|
||||
}
|
||||
"version": 7
|
||||
}
|
|
@ -13,6 +13,15 @@
|
|||
"meta": {
|
||||
"external_id": "MOB-M1010"
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "9d7c32f4-ab39-49dc-8055-8106bc2294a1",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "cf2cccb1-cab8-431a-8ecf-f7874d05f433",
|
||||
"value": "Deploy Compromised Device Detection Method - MOB-M1010"
|
||||
},
|
||||
|
@ -21,6 +30,15 @@
|
|||
"meta": {
|
||||
"external_id": "MOB-M1014"
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "fb3fa94a-3aee-4ab0-b7e7-abdf0a51286d",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "e829ee51-1caf-4665-ba15-7f8979634124",
|
||||
"value": "Interconnection Filtering - MOB-M1014"
|
||||
},
|
||||
|
@ -29,6 +47,15 @@
|
|||
"meta": {
|
||||
"external_id": "MOB-M1008"
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "702055ac-4e54-4ae9-9527-e23a38e0b160",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "d2a199d2-dfea-4d0c-987d-6195ed17be9c",
|
||||
"value": "Use Device-Provided Credential Storage - MOB-M1008"
|
||||
},
|
||||
|
@ -37,6 +64,15 @@
|
|||
"meta": {
|
||||
"external_id": "MOB-M1006"
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "a0464539-e1b7-4455-a355-12495987c300",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "0beabf44-e8d8-4ae4-9122-ef56369a2564",
|
||||
"value": "Use Recent OS Version - MOB-M1006"
|
||||
},
|
||||
|
@ -45,6 +81,15 @@
|
|||
"meta": {
|
||||
"external_id": "MOB-M1001"
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "f296fc9c-2ff5-43ee-941e-6b49c438270a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
|
||||
"value": "Security Updates - MOB-M1001"
|
||||
},
|
||||
|
@ -53,6 +98,15 @@
|
|||
"meta": {
|
||||
"external_id": "MOB-M1003"
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "46d818a5-67fa-4585-a7fc-ecf15376c8d5",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "8ccd428d-39da-4e8f-a55b-d48ea1d56e58",
|
||||
"value": "Lock Bootloader - MOB-M1003"
|
||||
},
|
||||
|
@ -61,6 +115,15 @@
|
|||
"meta": {
|
||||
"external_id": "MOB-M1004"
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "c5089859-b21f-40a3-8be4-63e381b8b1c0",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "7b1cf46f-784b-405a-a8dd-4624c19d8321",
|
||||
"value": "System Partition Integrity - MOB-M1004"
|
||||
},
|
||||
|
@ -69,6 +132,15 @@
|
|||
"meta": {
|
||||
"external_id": "MOB-M1002"
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "46d818a5-67fa-4585-a7fc-ecf15376c8d5",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "ff4821f6-5afb-481b-8c0f-26c28c0d666c",
|
||||
"value": "Attestation - MOB-M1002"
|
||||
},
|
||||
|
@ -77,6 +149,15 @@
|
|||
"meta": {
|
||||
"external_id": "MOB-M1007"
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "8e27551a-5080-4148-a584-c64348212e4f",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "e944670c-d03a-4e93-a21c-b3d4c53ec4c9",
|
||||
"value": "Caution with Device Administrator Access - MOB-M1007"
|
||||
},
|
||||
|
@ -85,6 +166,15 @@
|
|||
"meta": {
|
||||
"external_id": "MOB-M1013"
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "29e07491-8947-43a3-8d4e-9a787c45f3d3",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "25dc1ce8-eb55-4333-ae30-a7cb4f5894a1",
|
||||
"value": "Application Developer Guidance - MOB-M1013"
|
||||
},
|
||||
|
@ -93,6 +183,15 @@
|
|||
"meta": {
|
||||
"external_id": "MOB-M1005"
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "1553b156-6767-47f7-9eb4-2a692505666d",
|
||||
"value": "Application Vetting - MOB-M1005"
|
||||
},
|
||||
|
@ -101,6 +200,15 @@
|
|||
"meta": {
|
||||
"external_id": "MOB-M1011"
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "a0464539-e1b7-4455-a355-12495987c300",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "653492e3-27be-4a0e-b08c-938dd2b7e0e1",
|
||||
"value": "User Guidance - MOB-M1011"
|
||||
},
|
||||
|
@ -109,6 +217,15 @@
|
|||
"meta": {
|
||||
"external_id": "MOB-M1012"
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "51aedbd6-2837-4d15-aeb0-cb09f2bf22ac",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "649f7268-4c12-483b-ac84-4b7bca9fe2ee",
|
||||
"value": "Enterprise Policy - MOB-M1012"
|
||||
},
|
||||
|
@ -117,9 +234,18 @@
|
|||
"meta": {
|
||||
"external_id": "MOB-M1009"
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "393e8c12-a416-4575-ba90-19cc85656796",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "8220b57e-c400-4525-bf69-f8edc6b389a8",
|
||||
"value": "Encrypt Network Traffic - MOB-M1009"
|
||||
}
|
||||
],
|
||||
"version": 3
|
||||
}
|
||||
"version": 4
|
||||
}
|
|
@ -27,6 +27,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "a3dad2be-ce62-4440-953b-00fbce7aba93",
|
||||
|
@ -44,6 +51,15 @@
|
|||
"Trojan-SMS.AndroidOS.Agent.ao"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "a1867c56-8c86-455a-96ad-b0d5f7e2bc17",
|
||||
"value": "Trojan-SMS.AndroidOS.Agent.ao - MOB-S0023"
|
||||
},
|
||||
|
@ -65,6 +81,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "667e5707-3843-4da8-bd34-88b922526f0d",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "507fe748-5e4a-4b45-9e9f-8b1115f4e878",
|
||||
|
@ -82,6 +105,15 @@
|
|||
"KeyRaider"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "3b0b604f-10db-41a0-b54c-493124d455b9",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "3bc1f0ad-ef11-4afc-83c0-fcffe08d4e50",
|
||||
"value": "KeyRaider - MOB-S0004"
|
||||
},
|
||||
|
@ -98,6 +130,15 @@
|
|||
"BrainTest"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "e13d084c-382f-40fd-aa9a-98d69e20301e",
|
||||
"value": "BrainTest - MOB-S0009"
|
||||
},
|
||||
|
@ -123,6 +164,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "c80a6bef-b3ce-44d0-b113-946e93124898",
|
||||
|
@ -140,6 +188,15 @@
|
|||
"DressCode"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "22379609-a99f-4a01-bd7e-70f3e105859d",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "ff742eeb-1f90-4f5a-8b92-9d40fffd99ca",
|
||||
"value": "DressCode - MOB-S0016"
|
||||
},
|
||||
|
@ -156,6 +213,15 @@
|
|||
"Adups"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "f6ac21b6-2592-400c-8472-10d0e2f1bfaf",
|
||||
"value": "Adups - MOB-S0025"
|
||||
},
|
||||
|
@ -186,6 +252,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "33d9d91d-aad9-49d5-a516-220ce101ac8a",
|
||||
|
@ -203,6 +276,15 @@
|
|||
"RuMMS"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "936be60d-90eb-4c36-9247-4b31128432c4",
|
||||
"value": "RuMMS - MOB-S0029"
|
||||
},
|
||||
|
@ -225,6 +307,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "f981d199-2720-467e-9dc9-eea04dbe05cf",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "c8770c81-c29f-40d2-a140-38544206b2b4",
|
||||
|
@ -242,6 +331,15 @@
|
|||
"Trojan-SMS.AndroidOS.OpFake.a"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "d89c132d-7752-4c7f-9372-954a71522985",
|
||||
"value": "Trojan-SMS.AndroidOS.OpFake.a - MOB-S0024"
|
||||
},
|
||||
|
@ -264,6 +362,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "317a2c10-d489-431e-b6b2-f0251fddc88e",
|
||||
|
@ -281,6 +386,15 @@
|
|||
"MazarBOT"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "5ddf81ea-2c06-497b-8c30-5f1ab89a40f9",
|
||||
"value": "MazarBOT - MOB-S0019"
|
||||
},
|
||||
|
@ -297,6 +411,15 @@
|
|||
"Gooligan"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "702055ac-4e54-4ae9-9527-e23a38e0b160",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "20d56cd6-8dff-4871-9889-d32d254816de",
|
||||
"value": "Gooligan - MOB-S0006"
|
||||
},
|
||||
|
@ -312,6 +435,15 @@
|
|||
"OldBoot"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "46d818a5-67fa-4585-a7fc-ecf15376c8d5",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "2074b2ad-612e-4758-adce-7901c1b49bbc",
|
||||
"value": "OldBoot - MOB-S0001"
|
||||
},
|
||||
|
@ -333,6 +465,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "326eaf7b-5784-4f08-8fc2-61fd5d5bc5fb",
|
||||
|
@ -351,6 +490,15 @@
|
|||
"DroidJack RAT"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1",
|
||||
"value": "DroidJack RAT - MOB-S0036"
|
||||
},
|
||||
|
@ -366,6 +514,15 @@
|
|||
"HummingWhale"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "f981d199-2720-467e-9dc9-eea04dbe05cf",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "6447e3a1-ef4d-44b1-99d5-6b1c4888674f",
|
||||
"value": "HummingWhale - MOB-S0037"
|
||||
},
|
||||
|
@ -381,6 +538,15 @@
|
|||
"ANDROIDOS_ANSERVER.A"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "4bf6ba32-4165-42c1-b911-9c36165891c8",
|
||||
"value": "ANDROIDOS_ANSERVER.A - MOB-S0026"
|
||||
},
|
||||
|
@ -396,6 +562,15 @@
|
|||
"Trojan-SMS.AndroidOS.FakeInst.a"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "28e39395-91e7-4f02-b694-5e079c964da9",
|
||||
"value": "Trojan-SMS.AndroidOS.FakeInst.a - MOB-S0022"
|
||||
},
|
||||
|
@ -411,6 +586,15 @@
|
|||
"NotCompatible"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "22379609-a99f-4a01-bd7e-70f3e105859d",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "23040c15-e7d8-47b5-8c16-8fd3e0e297fe",
|
||||
"value": "NotCompatible - MOB-S0015"
|
||||
},
|
||||
|
@ -454,6 +638,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "56660521-6db4-4e5a-a927-464f22954b7c",
|
||||
|
@ -471,6 +662,15 @@
|
|||
"Twitoor"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "41e3fd01-7b83-471f-835d-d2b1dc9a770c",
|
||||
"value": "Twitoor - MOB-S0018"
|
||||
},
|
||||
|
@ -486,6 +686,15 @@
|
|||
"OBAD"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "ca4f63b9-a358-4214-bb26-8c912318cfde",
|
||||
"value": "OBAD - MOB-S0002"
|
||||
},
|
||||
|
@ -501,6 +710,15 @@
|
|||
"Android/Chuli.A"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "1f96d624-8409-4472-ad8a-30618ee6b2e2",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "d05f7357-4cbe-47ea-bf83-b8604226d533",
|
||||
"value": "Android/Chuli.A - MOB-S0020"
|
||||
},
|
||||
|
@ -516,6 +734,15 @@
|
|||
"PJApps"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "c709da93-20c3-4d17-ab68-48cba76b2137",
|
||||
"value": "PJApps - MOB-S0007"
|
||||
},
|
||||
|
@ -531,6 +758,15 @@
|
|||
"AndroidOverlayMalware"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "3dd58c80-4c2e-458c-9503-1b2cd273c4d2",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "b6d3657a-2d6a-400f-8b7e-4d60391aa1f7",
|
||||
"value": "AndroidOverlayMalware - MOB-S0012"
|
||||
},
|
||||
|
@ -546,6 +782,15 @@
|
|||
"ZergHelper"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "b765efd1-02e6-4e67-aebf-0fef5c37e54b",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "3c3b55a6-c3e9-4043-8aae-283fe96220c0",
|
||||
"value": "ZergHelper - MOB-S0003"
|
||||
},
|
||||
|
@ -561,6 +806,15 @@
|
|||
"SpyNote RAT"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "20dbaf05-59b8-4dc6-8777-0b17f4553a23",
|
||||
"value": "SpyNote RAT - MOB-S0021"
|
||||
},
|
||||
|
@ -576,6 +830,15 @@
|
|||
"RCSAndroid"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
|
||||
"value": "RCSAndroid - MOB-S0011"
|
||||
},
|
||||
|
@ -598,6 +861,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "d1c600f8-0fb6-4367-921b-85b71947d950",
|
||||
|
@ -614,6 +884,15 @@
|
|||
"YiSpecter"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "51aedbd6-2837-4d15-aeb0-cb09f2bf22ac",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "a15c9357-2be0-4836-beec-594f28b9b4a9",
|
||||
"value": "YiSpecter - MOB-S0027"
|
||||
},
|
||||
|
@ -645,6 +924,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "93799a9d-3537-43d8-b6f4-17215de1657c",
|
||||
|
@ -663,9 +949,18 @@
|
|||
"XcodeGhost"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "c4b96c0b-cb58-497a-a1c2-bb447d79d692",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "d9e07aea-baad-4b68-bdca-90c77647d7f9",
|
||||
"value": "XcodeGhost - MOB-S0013"
|
||||
}
|
||||
],
|
||||
"version": 5
|
||||
}
|
||||
"version": 6
|
||||
}
|
|
@ -41,11 +41,18 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "da21929e-40c0-443d-bdf4-6b60d15448b4",
|
||||
"value": "Xbot - MOB-S0014"
|
||||
}
|
||||
],
|
||||
"version": 5
|
||||
}
|
||||
"version": 6
|
||||
}
|
|
@ -33,6 +33,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1108"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "e6ca2820-a564-4b74-b42a-b6bdf052e5b6",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "72c8d526-1247-42d4-919c-6d7a31ca8f39",
|
||||
"value": "Obfuscate infrastructure - PRE-T1108"
|
||||
},
|
||||
|
@ -173,6 +182,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1025"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "7718e92f-b011-4f88-b822-ae245a1de407",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "c721b235-679a-4d76-9ae9-e08921fccf84",
|
||||
"value": "Identify job postings and needs/gaps - PRE-T1025"
|
||||
},
|
||||
|
@ -369,6 +387,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1077"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "96eb59d1-6c46-44bb-bfcd-56be02a00d41",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "7baccb84-356c-4e89-8c5d-58e701f033fc",
|
||||
"value": "Analyze organizational skillsets and deficiencies - PRE-T1077"
|
||||
},
|
||||
|
@ -439,6 +466,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1026"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "af358cad-eb71-4e91-a752-236edc237dae",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "74a3288e-eee9-4f8e-973a-fbc128e033f1",
|
||||
"value": "Conduct social engineering - PRE-T1026"
|
||||
},
|
||||
|
@ -453,6 +489,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1106"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "286cc500-4291-45c2-99a1-e760db176402",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "795c1a92-3a26-453e-b99a-6a566aa94dc6",
|
||||
"value": "Acquire and/or use 3rd party infrastructure services - PRE-T1106"
|
||||
},
|
||||
|
@ -481,6 +526,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1074"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "092f05e3-f7c0-4cd2-91be-3a8d6ed3cadc",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "96eb59d1-6c46-44bb-bfcd-56be02a00d41",
|
||||
"value": "Analyze organizational skillsets and deficiencies - PRE-T1074"
|
||||
},
|
||||
|
@ -509,6 +563,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1109"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "e5164428-03ca-4336-a9a7-4d9ea1417e59",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "03f4a766-7a21-4b5e-9ccf-e0cf422ab983",
|
||||
"value": "Acquire or compromise 3rd party signing certificates - PRE-T1109"
|
||||
},
|
||||
|
@ -593,6 +656,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1023"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "7860e21e-7514-4a3f-8a9d-56405ccfdb0c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "78e41091-d10d-4001-b202-89612892b6ff",
|
||||
"value": "Identify supply chains - PRE-T1023"
|
||||
},
|
||||
|
@ -635,6 +707,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1060"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "5b6ce031-bb86-407a-9984-2b9700ac4549",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "73e7d7d5-1782-4cd0-a4d7-00c7ec051c2a",
|
||||
"value": "Identify business relationships - PRE-T1060"
|
||||
},
|
||||
|
@ -747,6 +828,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1049"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "73e7d7d5-1782-4cd0-a4d7-00c7ec051c2a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "5b6ce031-bb86-407a-9984-2b9700ac4549",
|
||||
"value": "Identify business relationships - PRE-T1049"
|
||||
},
|
||||
|
@ -803,6 +893,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1088"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "54eb2bab-125f-4d1c-b999-0c692860bafe",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "20a66013-8dab-4ca3-a67d-766c842c561c",
|
||||
"value": "Dynamic DNS - PRE-T1088"
|
||||
},
|
||||
|
@ -929,6 +1028,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1037"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "dfa4eaf4-50d9-49de-89e9-d33f579f3e05",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "856a9371-4f0f-4ea9-946e-f3144204240f",
|
||||
"value": "Determine 3rd party infrastructure services - PRE-T1037"
|
||||
},
|
||||
|
@ -957,6 +1065,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1141"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "103d72e6-7e0d-4b3a-9373-c38567305c33",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "eacd1efe-ee30-4b03-b58f-5b3b1adfe45d",
|
||||
"value": "Friend/Follow/Connect to targets of interest - PRE-T1141"
|
||||
},
|
||||
|
@ -1027,6 +1144,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1084"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "795c1a92-3a26-453e-b99a-6a566aa94dc6",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "286cc500-4291-45c2-99a1-e760db176402",
|
||||
"value": "Acquire and/or use 3rd party infrastructure services - PRE-T1084"
|
||||
},
|
||||
|
@ -1265,6 +1391,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1055"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "c721b235-679a-4d76-9ae9-e08921fccf84",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "7718e92f-b011-4f88-b822-ae245a1de407",
|
||||
"value": "Identify job postings and needs/gaps - PRE-T1055"
|
||||
},
|
||||
|
@ -1279,6 +1414,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1056"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "af358cad-eb71-4e91-a752-236edc237dae",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "a757670d-d600-48d9-8ae9-601d42c184a5",
|
||||
"value": "Conduct social engineering - PRE-T1056"
|
||||
},
|
||||
|
@ -1293,6 +1437,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1053"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "59369f72-3005-4e54-9095-3d00efcece73",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "7860e21e-7514-4a3f-8a9d-56405ccfdb0c",
|
||||
"value": "Identify supply chains - PRE-T1053"
|
||||
},
|
||||
|
@ -1321,6 +1474,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1111"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "4900fabf-1142-4c1f-92f5-0b590e049077",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "e51398e6-53dc-4e9f-a323-e54683d8672b",
|
||||
"value": "Compromise 3rd party infrastructure to support delivery - PRE-T1111"
|
||||
},
|
||||
|
@ -1335,6 +1497,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1086"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "72c8d526-1247-42d4-919c-6d7a31ca8f39",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "e6ca2820-a564-4b74-b42a-b6bdf052e5b6",
|
||||
"value": "Obfuscate infrastructure - PRE-T1086"
|
||||
},
|
||||
|
@ -1517,6 +1688,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1121"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "eacd1efe-ee30-4b03-b58f-5b3b1adfe45d",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "103d72e6-7e0d-4b3a-9373-c38567305c33",
|
||||
"value": "Friend/Follow/Connect to targets of interest - PRE-T1121"
|
||||
},
|
||||
|
@ -1559,6 +1739,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1054"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "2b9a666e-bd59-4f67-9031-ed41b428e04a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "028ad431-84c5-4eb7-a364-2b797c234f88",
|
||||
"value": "Acquire OSINT data sets and information - PRE-T1054"
|
||||
},
|
||||
|
@ -1629,6 +1818,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1061"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "856a9371-4f0f-4ea9-946e-f3144204240f",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "dfa4eaf4-50d9-49de-89e9-d33f579f3e05",
|
||||
"value": "Determine 3rd party infrastructure services - PRE-T1061"
|
||||
},
|
||||
|
@ -1657,6 +1855,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1089"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "e51398e6-53dc-4e9f-a323-e54683d8672b",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "4900fabf-1142-4c1f-92f5-0b590e049077",
|
||||
"value": "Compromise 3rd party infrastructure to support delivery - PRE-T1089"
|
||||
},
|
||||
|
@ -1769,6 +1976,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1087"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "03f4a766-7a21-4b5e-9ccf-e0cf422ab983",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "e5164428-03ca-4336-a9a7-4d9ea1417e59",
|
||||
"value": "Acquire or compromise 3rd party signing certificates - PRE-T1087"
|
||||
},
|
||||
|
@ -1881,6 +2097,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1024"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "2b9a666e-bd59-4f67-9031-ed41b428e04a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "784ff1bc-1483-41fe-a172-4cd9ae25c06b",
|
||||
"value": "Acquire OSINT data sets and information - PRE-T1024"
|
||||
},
|
||||
|
@ -1895,6 +2120,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1085"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "488da8ed-2887-4ef6-a39a-5b69bc6682c6",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "1a295f87-af63-4d94-b130-039d6221fb11",
|
||||
"value": "Acquire and/or use 3rd party software services - PRE-T1085"
|
||||
},
|
||||
|
@ -1923,6 +2157,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1044"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "7718e92f-b011-4f88-b822-ae245a1de407",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "0722cd65-0c83-4c89-9502-539198467ab1",
|
||||
"value": "Identify job postings and needs/gaps - PRE-T1044"
|
||||
},
|
||||
|
@ -1951,6 +2194,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1107"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "1a295f87-af63-4d94-b130-039d6221fb11",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "488da8ed-2887-4ef6-a39a-5b69bc6682c6",
|
||||
"value": "Acquire and/or use 3rd party software services - PRE-T1107"
|
||||
},
|
||||
|
@ -1979,6 +2231,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1110"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "20a66013-8dab-4ca3-a67d-766c842c561c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "54eb2bab-125f-4d1c-b999-0c692860bafe",
|
||||
"value": "Dynamic DNS - PRE-T1110"
|
||||
},
|
||||
|
@ -2021,6 +2282,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1043"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "028ad431-84c5-4eb7-a364-2b797c234f88",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "2b9a666e-bd59-4f67-9031-ed41b428e04a",
|
||||
"value": "Acquire OSINT data sets and information - PRE-T1043"
|
||||
},
|
||||
|
@ -2077,6 +2347,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1066"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "96eb59d1-6c46-44bb-bfcd-56be02a00d41",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "092f05e3-f7c0-4cd2-91be-3a8d6ed3cadc",
|
||||
"value": "Analyze organizational skillsets and deficiencies - PRE-T1066"
|
||||
},
|
||||
|
@ -2147,6 +2426,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1042"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "7860e21e-7514-4a3f-8a9d-56405ccfdb0c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "59369f72-3005-4e54-9095-3d00efcece73",
|
||||
"value": "Identify supply chains - PRE-T1042"
|
||||
},
|
||||
|
@ -2357,6 +2645,15 @@
|
|||
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1045"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "74a3288e-eee9-4f8e-973a-fbc128e033f1",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "af358cad-eb71-4e91-a752-236edc237dae",
|
||||
"value": "Conduct social engineering - PRE-T1045"
|
||||
},
|
||||
|
@ -2445,5 +2742,5 @@
|
|||
"value": "Data Hiding - PRE-T1097"
|
||||
}
|
||||
],
|
||||
"version": 3
|
||||
}
|
||||
"version": 4
|
||||
}
|
|
@ -20,6 +20,15 @@
|
|||
"APT16"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "3cab1b76-2f40-4cd0-8d2c-7ed16eeb909c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "d6e88e18-81e8-4709-82d8-973095da1e70",
|
||||
"value": "APT16 - G0023"
|
||||
},
|
||||
|
@ -59,6 +68,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "62b8c999-dcc0-4755-bd69-09442d9359f5",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
|
||||
|
@ -142,6 +158,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063",
|
||||
|
@ -170,6 +193,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "8beac7c2-48d2-4cd9-9b15-6c452f38ac06",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "c47f937f-1022-4f42-8525-e7a4779a14cb",
|
||||
|
@ -197,6 +227,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "1608f3e1-598a-42f4-a01a-2e252e81728f",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
|
||||
|
@ -223,6 +260,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "88c621a7-aef9-4ae0-94e3-1fc87123eb24",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8",
|
||||
|
@ -269,11 +313,18 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d69c8146-ab35-4d50-8382-6fc80e641d43",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "090242d7-73fc-4738-af68-20162f7a5aae",
|
||||
"value": "APT17 - G0025"
|
||||
}
|
||||
],
|
||||
"version": 4
|
||||
}
|
||||
"version": 5
|
||||
}
|
|
@ -1,102 +0,0 @@
|
|||
#!/usr/bin/env python
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
import json
|
||||
import re
|
||||
import os
|
||||
import argparse
|
||||
|
||||
parser = argparse.ArgumentParser(description='Create a couple galaxy/cluster with cti\'s relationship\nMust be in the mitre/cti/enterprise-attack/relationship folder')
|
||||
parser.add_argument("-v", "--version", type=int, required=True, help="Version of the galaxy. Please increment the previous one")
|
||||
args = parser.parse_args()
|
||||
|
||||
values = []
|
||||
|
||||
path = "relationship/"
|
||||
for element in os.listdir(path):
|
||||
with open(path+element) as json_data:
|
||||
d = json.load(json_data)
|
||||
json_data.close()
|
||||
|
||||
temp = d['objects'][0]
|
||||
source = temp['source_ref']
|
||||
target = temp['target_ref']
|
||||
relationship = temp['relationship_type']
|
||||
|
||||
if source.startswith('attack-pattern'):
|
||||
paths = "attack-pattern/"
|
||||
elif source.startswith('course-of-action'):
|
||||
paths = "course-of-action/"
|
||||
elif source.startswith('identity'):
|
||||
paths = "identity/"
|
||||
elif source.startswith('intrusion-set'):
|
||||
paths = "intrusion-set/"
|
||||
elif source.startswith('malware'):
|
||||
paths = "malware/"
|
||||
elif source.startswith('marking-definition'):
|
||||
paths = "marking-definition/"
|
||||
elif source.startswith('tool'):
|
||||
paths = "tool/"
|
||||
else:
|
||||
print('Invalid value')
|
||||
continue
|
||||
|
||||
with open(paths+source+'.json') as json_data:
|
||||
s = json.load(json_data)
|
||||
json_data.close()
|
||||
|
||||
if target.startswith('attack-pattern'):
|
||||
patht = "attack-pattern/"
|
||||
elif target.startswith('course-of-action'):
|
||||
patht = "course-of-action/"
|
||||
elif target.startswith('identity'):
|
||||
patht = "identity/"
|
||||
elif target.startswith('intrusion-set'):
|
||||
patht = "intrusion-set/"
|
||||
elif target.startswith('malware'):
|
||||
patht = "malware/"
|
||||
elif target.startswith('marking-definition'):
|
||||
patht = "marking-definition/"
|
||||
elif target.startswith('tool'):
|
||||
patht = "tool/"
|
||||
else:
|
||||
print('Invalid value')
|
||||
continue
|
||||
|
||||
with open(patht+target+'.json') as json_data:
|
||||
t = json.load(json_data)
|
||||
json_data.close()
|
||||
|
||||
value = {}
|
||||
value['meta'] = {}
|
||||
value['uuid'] = re.search('--(.*)$', temp['id']).group(0)[2:]
|
||||
value['meta']['source-uuid'] = re.search('--(.*)$', s['objects'][0]['id']).group(0)[2:]
|
||||
value['meta']['target-uuid'] = re.search('--(.*)$', t['objects'][0]['id']).group(0)[2:]
|
||||
value['value'] = s['objects'][0]['name'] + ' (' + s['objects'][0]['external_references'][0]['external_id'] + ') ' + relationship + ' ' + t['objects'][0]['name'] + ' (' + t['objects'][0]['external_references'][0]['external_id'] + ')'
|
||||
# value['value'] = s['objects'][0]['name'] + ' ' + relationship + ' ' + t['objects'][0]['name']
|
||||
values.append(value)
|
||||
|
||||
galaxy = {}
|
||||
galaxy['name'] = "Enterprise Attack - Relationship"
|
||||
galaxy['type'] = "mitre-enterprise-attack-relationship"
|
||||
galaxy['description'] = "Mitre Relationship"
|
||||
galaxy['uuid' ] = "fc404638-1707-11e8-a5cf-b78b9b562766"
|
||||
galaxy['version'] = args.version
|
||||
galaxy['icon'] = "link"
|
||||
galaxy['namespace'] = "mitre-attack"
|
||||
|
||||
cluster = {}
|
||||
cluster['name'] = "Enterprise Attack - Relationship"
|
||||
cluster['type'] = "mitre-enterprise-attack-relationship"
|
||||
cluster['description'] = "MITRE Relationship"
|
||||
cluster['version'] = args.version
|
||||
cluster['source'] = "https://github.com/mitre/cti"
|
||||
cluster['uuid' ] = "fc605f90-1707-11e8-9d6a-9f165ac2ab5c"
|
||||
cluster['authors'] = ["MITRE"]
|
||||
cluster['values'] = values
|
||||
|
||||
with open('generate/galaxies/mitre-enterprise-attack-relationship.json', 'w') as galaxy_file:
|
||||
json.dump(galaxy, galaxy_file, indent=4)
|
||||
|
||||
with open('generate/clusters/mitre-enterprise-attack-relationship.json', 'w') as cluster_file:
|
||||
json.dump(cluster, cluster_file, indent=4)
|
|
@ -1,101 +0,0 @@
|
|||
#!/usr/bin/env python
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
import json
|
||||
import re
|
||||
import os
|
||||
import argparse
|
||||
|
||||
parser = argparse.ArgumentParser(description='Create a couple galaxy/cluster with cti\'s relationship\nMust be in the mitre/cti/mobile-attack/relationship folder')
|
||||
parser.add_argument("-v", "--version", type=int, required=True, help="Version of the galaxy. Please increment the previous one")
|
||||
args = parser.parse_args()
|
||||
|
||||
values = []
|
||||
|
||||
path = "relationship/"
|
||||
for element in os.listdir(path):
|
||||
with open(path+element) as json_data:
|
||||
d = json.load(json_data)
|
||||
json_data.close()
|
||||
|
||||
temp = d['objects'][0]
|
||||
source = temp['source_ref']
|
||||
target = temp['target_ref']
|
||||
relationship = temp['relationship_type']
|
||||
|
||||
if source.startswith('attack-pattern'):
|
||||
paths = "attack-pattern/"
|
||||
elif source.startswith('course-of-action'):
|
||||
paths = "course-of-action/"
|
||||
elif source.startswith('identity'):
|
||||
paths = "identity/"
|
||||
elif source.startswith('intrusion-set'):
|
||||
paths = "intrusion-set/"
|
||||
elif source.startswith('malware'):
|
||||
paths = "malware/"
|
||||
elif source.startswith('marking-definition'):
|
||||
paths = "marking-definition/"
|
||||
elif source.startswith('tool'):
|
||||
paths = "tool/"
|
||||
else:
|
||||
print('Invalid value')
|
||||
continue
|
||||
|
||||
with open(paths+source+'.json') as json_data:
|
||||
s = json.load(json_data)
|
||||
json_data.close()
|
||||
|
||||
if target.startswith('attack-pattern'):
|
||||
patht = "attack-pattern/"
|
||||
elif target.startswith('course-of-action'):
|
||||
patht = "course-of-action/"
|
||||
elif target.startswith('identity'):
|
||||
patht = "identity/"
|
||||
elif target.startswith('intrusion-set'):
|
||||
patht = "intrusion-set/"
|
||||
elif target.startswith('malware'):
|
||||
patht = "malware/"
|
||||
elif target.startswith('marking-definition'):
|
||||
patht = "marking-definition/"
|
||||
elif target.startswith('tool'):
|
||||
patht = "tool/"
|
||||
else:
|
||||
print('Invalid value')
|
||||
continue
|
||||
|
||||
with open(patht+target+'.json') as json_data:
|
||||
t = json.load(json_data)
|
||||
json_data.close()
|
||||
|
||||
value = {}
|
||||
value['meta'] = {}
|
||||
value['uuid'] = re.search('--(.*)$', temp['id']).group(0)[2:]
|
||||
value['meta']['source-uuid'] = re.search('--(.*)$', s['objects'][0]['id']).group(0)[2:]
|
||||
value['meta']['target-uuid'] = re.search('--(.*)$', t['objects'][0]['id']).group(0)[2:]
|
||||
value['value'] = s['objects'][0]['name'] + ' (' + s['objects'][0]['external_references'][0]['external_id'] + ') ' + relationship + ' ' + t['objects'][0]['name'] + ' (' + t['objects'][0]['external_references'][0]['external_id'] + ')'
|
||||
values.append(value)
|
||||
|
||||
galaxy = {}
|
||||
galaxy['name'] = "Mobile Attack - Relationship"
|
||||
galaxy['type'] = "mitre-mobile-attack-relationship"
|
||||
galaxy['description'] = "Mitre Relationship"
|
||||
galaxy['uuid' ] = "fc8471aa-1707-11e8-b306-33cbe96a1ede"
|
||||
galaxy['version'] = args.version
|
||||
galaxy['icon'] = "link"
|
||||
galaxy['namespace'] = "mitre-attack"
|
||||
|
||||
cluster = {}
|
||||
cluster['name'] = "Mobile Attack - Relationship"
|
||||
cluster['type'] = "mitre-mobile-attack-relationship"
|
||||
cluster['description'] = "MITRE Relationship"
|
||||
cluster['version'] = args.version
|
||||
cluster['source'] = "https://github.com/mitre/cti"
|
||||
cluster['uuid' ] = "02f1fc42-1708-11e8-a4f2-eb70472c5901"
|
||||
cluster['authors'] = ["MITRE"]
|
||||
cluster['values'] = values
|
||||
|
||||
with open('generate/galaxies/mitre-mobile-attack-relationship.json', 'w') as galaxy_file:
|
||||
json.dump(galaxy, galaxy_file, indent=4)
|
||||
|
||||
with open('generate/clusters/mitre-mobile-attack-relationship.json', 'w') as cluster_file:
|
||||
json.dump(cluster, cluster_file, indent=4)
|
|
@ -1,102 +0,0 @@
|
|||
#!/usr/bin/env python
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
import json
|
||||
import re
|
||||
import os
|
||||
import argparse
|
||||
|
||||
parser = argparse.ArgumentParser(description='Create a couple galaxy/cluster with cti\'s relationship\nMust be in the mitre/cti/pre-attack/relationship folder')
|
||||
parser.add_argument("-v", "--version", type=int, required=True, help="Version of the galaxy. Please increment the previous one")
|
||||
args = parser.parse_args()
|
||||
|
||||
values = []
|
||||
|
||||
path = "relationship/"
|
||||
for element in os.listdir(path):
|
||||
with open(path+element) as json_data:
|
||||
d = json.load(json_data)
|
||||
json_data.close()
|
||||
|
||||
temp = d['objects'][0]
|
||||
source = temp['source_ref']
|
||||
target = temp['target_ref']
|
||||
relationship = temp['relationship_type']
|
||||
|
||||
if source.startswith('attack-pattern'):
|
||||
paths = "attack-pattern/"
|
||||
elif source.startswith('course-of-action'):
|
||||
paths = "course-of-action/"
|
||||
elif source.startswith('identity'):
|
||||
paths = "identity/"
|
||||
elif source.startswith('intrusion-set'):
|
||||
paths = "intrusion-set/"
|
||||
elif source.startswith('malware'):
|
||||
paths = "malware/"
|
||||
elif source.startswith('marking-definition'):
|
||||
paths = "marking-definition/"
|
||||
elif source.startswith('tool'):
|
||||
paths = "tool/"
|
||||
else:
|
||||
print('Invalid value')
|
||||
continue
|
||||
|
||||
with open(paths+source+'.json') as json_data:
|
||||
s = json.load(json_data)
|
||||
json_data.close()
|
||||
|
||||
if target.startswith('attack-pattern'):
|
||||
patht = "attack-pattern/"
|
||||
elif target.startswith('course-of-action'):
|
||||
patht = "course-of-action/"
|
||||
elif target.startswith('identity'):
|
||||
patht = "identity/"
|
||||
elif target.startswith('intrusion-set'):
|
||||
patht = "intrusion-set/"
|
||||
elif target.startswith('malware'):
|
||||
patht = "malware/"
|
||||
elif target.startswith('marking-definition'):
|
||||
patht = "marking-definition/"
|
||||
elif target.startswith('tool'):
|
||||
patht = "tool/"
|
||||
else:
|
||||
print('Invalid value')
|
||||
continue
|
||||
|
||||
with open(patht+target+'.json') as json_data:
|
||||
t = json.load(json_data)
|
||||
json_data.close()
|
||||
|
||||
value = {}
|
||||
value['meta'] = {}
|
||||
value['uuid'] = re.search('--(.*)$', temp['id']).group(0)[2:]
|
||||
value['meta']['source-uuid'] = re.search('--(.*)$', s['objects'][0]['id']).group(0)[2:]
|
||||
value['meta']['target-uuid'] = re.search('--(.*)$', t['objects'][0]['id']).group(0)[2:]
|
||||
value['value'] = s['objects'][0]['name'] + ' (' + s['objects'][0]['external_references'][0]['external_id'] + ') ' + relationship + ' ' + t['objects'][0]['name'] + ' (' + t['objects'][0]['external_references'][0]['external_id'] + ')'
|
||||
# value['value'] = s['objects'][0]['name'] + ' ' + relationship + ' ' + t['objects'][0]['name']
|
||||
values.append(value)
|
||||
|
||||
galaxy = {}
|
||||
galaxy['name'] = "Pre Attack - Relationship"
|
||||
galaxy['type'] = "mitre-pre-attack-relationship"
|
||||
galaxy['description'] = "Mitre Relationship"
|
||||
galaxy['uuid' ] = "1f8e3bae-1708-11e8-8e97-4bd2150e5aae"
|
||||
galaxy['version'] = args.version
|
||||
galaxy['icon'] = "link"
|
||||
galaxy['namespace'] = "mitre-attack"
|
||||
|
||||
cluster = {}
|
||||
cluster['name'] = "Pre Attack - Relationship"
|
||||
cluster['type'] = "mitre-pre-attack-relationship"
|
||||
cluster['description'] = "MITRE Relationship"
|
||||
cluster['version'] = args.version
|
||||
cluster['source'] = "https://github.com/mitre/cti"
|
||||
cluster['uuid' ] = "1ffd3108-1708-11e8-9f98-67b378d9094c"
|
||||
cluster['authors'] = ["MITRE"]
|
||||
cluster['values'] = values
|
||||
|
||||
with open('generate/galaxies/mitre-pre-attack-relationship.json', 'w') as galaxy_file:
|
||||
json.dump(galaxy, galaxy_file, indent=4)
|
||||
|
||||
with open('generate/clusters/mitre-pre-attack-relationship.json', 'w') as cluster_file:
|
||||
json.dump(cluster, cluster_file, indent=4)
|
97
tools/mitre-cti/v2.0/create_mitre_relationships.py
Executable file
97
tools/mitre-cti/v2.0/create_mitre_relationships.py
Executable file
|
@ -0,0 +1,97 @@
|
|||
#!/usr/bin/env python3
|
||||
|
||||
|
||||
import json
|
||||
import re
|
||||
import os
|
||||
import argparse
|
||||
|
||||
parser = argparse.ArgumentParser(description='Create a couple galaxy/cluster with cti\'s relationship\nMust be in the mitre/cti/enterprise-attack/relationship folder')
|
||||
parser.add_argument("-p", "--path", required=True, help="Path of the mitre/cti folder")
|
||||
args = parser.parse_args()
|
||||
|
||||
|
||||
|
||||
# read out all clusters and map them based on uuid
|
||||
|
||||
|
||||
# build a mapping between uuids and Clusters
|
||||
clusters = []
|
||||
pathClusters = '../../../clusters'
|
||||
for f in os.listdir(pathClusters):
|
||||
if '.json' in f:
|
||||
clusters.append(f)
|
||||
clusters.sort()
|
||||
|
||||
cluster_uuids = {}
|
||||
for cluster in clusters:
|
||||
fullPathClusters = os.path.join(pathClusters, cluster)
|
||||
with open(fullPathClusters) as fp:
|
||||
c = json.load(fp)
|
||||
for v in c['values']:
|
||||
if 'uuid' not in v:
|
||||
continue
|
||||
cluster_uuids[v['uuid']] = cluster
|
||||
|
||||
|
||||
# read out all STIX mappings and store them in a list
|
||||
stix_relations = {}
|
||||
for subfolder in ['mobile-attack', 'pre-attack', 'enterprise-attack']:
|
||||
curr_dir = os.path.join(args.path, subfolder, 'relationship')
|
||||
for stix_fname in os.listdir(curr_dir):
|
||||
with open(os.path.join(curr_dir, stix_fname)) as f:
|
||||
json_data = json.load(f)
|
||||
for o in json_data['objects']:
|
||||
rel_type = o['relationship_type']
|
||||
dest_uuid = re.findall(r'--([0-9a-f-]+)', o['target_ref']).pop()
|
||||
uuid = re.findall(r'--([0-9a-f-]+)', o['source_ref']).pop()
|
||||
tags = []
|
||||
galaxy_fname = cluster_uuids[uuid]
|
||||
# print("{} \t {} \t {} \t {}".format(rel_type, uuid, dest_uuid, galaxy_fname))
|
||||
if not stix_relations.get(galaxy_fname):
|
||||
stix_relations[galaxy_fname] = {}
|
||||
stix_relations[galaxy_fname][uuid] = {
|
||||
"dest-uuid": dest_uuid,
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": rel_type
|
||||
}
|
||||
|
||||
|
||||
# for each correlation per galaxy-file ,
|
||||
# open the file,
|
||||
# add the relationship,
|
||||
# and save the galaxy file
|
||||
for galaxy_fname, relations in stix_relations.items():
|
||||
print("############# {}".format(galaxy_fname))
|
||||
with open(os.path.join(pathClusters, galaxy_fname)) as f_in:
|
||||
file_json = json.load(f_in)
|
||||
|
||||
for k, v in relations.items():
|
||||
# print("{} \t {}".format(k, v))
|
||||
for cluster in file_json['values']:
|
||||
if cluster['uuid'] == k:
|
||||
# skip if mapping already exists
|
||||
skip = False
|
||||
if 'related' in cluster:
|
||||
for r in cluster['related']:
|
||||
if r['dest-uuid'] == v['dest-uuid']:
|
||||
print(" Mapping already exists! skipping... {}".format(v))
|
||||
skip = True
|
||||
break
|
||||
if skip:
|
||||
break
|
||||
if 'related' not in cluster:
|
||||
cluster['related'] = []
|
||||
cluster['related'].append(v)
|
||||
print(" Adding mapping: {}".format(v))
|
||||
break
|
||||
|
||||
# increment version
|
||||
file_json['version'] += 1
|
||||
|
||||
with open(os.path.join(pathClusters, galaxy_fname), 'w') as f_out:
|
||||
json.dump(file_json, f_out, indent=2, sort_keys=True, ensure_ascii=False)
|
||||
|
||||
file_json = None
|
Loading…
Reference in a new issue