MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-26 08:47:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'main' into feature/exclude_deprecated

Browse source
This commit is contained in:
Niclas Dauster 2024-02-16 10:46:24 +01:00 committed by GitHub
commit d70ca177d0
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
82 changed files with 11689 additions and 3025 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

58
clusters/atrm.json
View file

@ -11,7 +11,8 @@
"Ram Pliskin",
"Nikhil Mittal",
"MITRE ATT&CK",
"AlertIQ"
"AlertIQ",
"Craig Fretwell"
],
"category": "atrm",
"description": "The purpose of the Azure Threat Research Matrix (ATRM) is to educate readers on the potential of Azure-based tactics, techniques, and procedures (TTPs). It is not to teach how to weaponize or specifically abuse them. For this reason, some specific commands will be obfuscated or parts will be omitted to prevent abuse.",
@ -491,7 +492,7 @@
"value": "AZT404.2 - Logic Application"
},
{
"description": "By utilizing a Automation Account configured with a managed identity or RunAs account, an attacker can execute Azure operations on a given resource.",
"description": "By utilizing a Function Application, an attacker can execute Azure operations on a given resource.",
"meta": {
"kill_chain": [
"ATRM-tactics:Privilege Escalation"
@ -1066,10 +1067,10 @@
"description": "By generating an SAS URI for a resource, an adversary may extract the contents of that resource without authentication at any time.",
"meta": {
"kill_chain": [
"ATRM-tactics:Exfiltration"
"ATRM-tactics:Impact"
],
"refs": [
"https://microsoft.github.io/Azure-Threat-Research-Matrix/Exfiltration/AZT701/AZT701"
"https://microsoft.github.io/Azure-Threat-Research-Matrix/Impact/AZT701/AZT701"
]
},
"uuid": "9ca7b25c-643a-5e55-a210-684f49fe82d8",
@ -1079,10 +1080,10 @@
"description": "An adversary may create an SAS URI to download the disk attached to a virtual machine.",
"meta": {
"kill_chain": [
"ATRM-tactics:Exfiltration"
"ATRM-tactics:Impact"
],
"refs": [
"https://microsoft.github.io/Azure-Threat-Research-Matrix/Exfiltration/AZT701/AZT701-1"
"https://microsoft.github.io/Azure-Threat-Research-Matrix/Impact/AZT701/AZT701-1"
]
},
"uuid": "8805d880-8887-52b6-a113-8c0f4fec4230",
@ -1092,10 +1093,10 @@
"description": "By generating a Shared Access Signature (SAS) URI, an adversary can access a container in a Storage Account at any time.",
"meta": {
"kill_chain": [
"ATRM-tactics:Exfiltration"
"ATRM-tactics:Impact"
],
"refs": [
"https://microsoft.github.io/Azure-Threat-Research-Matrix/Exfiltration/AZT701/AZT701-2"
"https://microsoft.github.io/Azure-Threat-Research-Matrix/Impact/AZT701/AZT701-2"
]
},
"uuid": "aae55a3a-8e32-5a62-8d41-837b2ebb1e69",
@ -1105,23 +1106,23 @@
"description": "An adversary can generate a connection string to mount an Azure Storage Account File Share as an NFS or SMB share to their local machine.",
"meta": {
"kill_chain": [
"ATRM-tactics:Exfiltration"
"ATRM-tactics:Impact"
],
"refs": [
"https://microsoft.github.io/Azure-Threat-Research-Matrix/Exfiltration/AZT702/AZT702-1"
"https://microsoft.github.io/Azure-Threat-Research-Matrix/Impact/AZT702/AZT702-1"
]
},
"uuid": "dc6f9ee0-55b2-5197-87a5-7474cfc04d72",
"value": "AZT702 - File Share Mounting"
},
{
"description": "By setting up cross-tenant replication, an adversary may set up replication from one tenant's storage account to an external tenant's storage account.",
"description": "",
"meta": {
"kill_chain": [
"ATRM-tactics:Exfiltration"
"ATRM-tactics:Impact"
],
"refs": [
"https://microsoft.github.io/Azure-Threat-Research-Matrix/Exfiltration/AZT703/AZT703-1"
"https://microsoft.github.io/Azure-Threat-Research-Matrix/Impact/AZT703/AZT703-1"
]
},
"uuid": "ff4276bf-ab9e-5157-a171-5cdd4a3e6002",
@ -1131,10 +1132,10 @@
"description": "An adversary may leverage resources found at a 'soft deletion' state, restore them and advance their attack by retrieving contents meant to be deleted",
"meta": {
"kill_chain": [
"ATRM-tactics:Exfiltration"
"ATRM-tactics:Impact"
],
"refs": [
"https://microsoft.github.io/Azure-Threat-Research-Matrix/Exfiltration/AZT704/AZT704"
"https://microsoft.github.io/Azure-Threat-Research-Matrix/Impact/AZT704/AZT704"
]
},
"uuid": "47ded49d-ef4c-57d4-8050-f66f884c4388",
@ -1144,10 +1145,10 @@
"description": "An adversary may recover a key vault object found in a 'soft deletion' state.",
"meta": {
"kill_chain": [
"ATRM-tactics:Exfiltration"
"ATRM-tactics:Impact"
],
"refs": [
"https://microsoft.github.io/Azure-Threat-Research-Matrix/Exfiltration/AZT704/AZT704-1"
"https://microsoft.github.io/Azure-Threat-Research-Matrix/Impact/AZT704/AZT704-1"
]
},
"uuid": "d8fc76f2-6776-5a09-bfb3-57852ae1d786",
@ -1157,10 +1158,10 @@
"description": "An adversary may recover a storage account object found in a 'soft deletion' state.",
"meta": {
"kill_chain": [
"ATRM-tactics:Exfiltration"
"ATRM-tactics:Impact"
],
"refs": [
"https://microsoft.github.io/Azure-Threat-Research-Matrix/Exfiltration/AZT704/AZT704-2"
"https://microsoft.github.io/Azure-Threat-Research-Matrix/Impact/AZT704/AZT704-2"
]
},
"uuid": "cd9f0082-b2c7-53f8-95a6-a4fe746f973e",
@ -1170,15 +1171,28 @@
"description": "An adversary may recover a virtual machine object found in a 'soft deletion' state.",
"meta": {
"kill_chain": [
"ATRM-tactics:Exfiltration"
"ATRM-tactics:Impact"
],
"refs": [
"https://microsoft.github.io/Azure-Threat-Research-Matrix/Exfiltration/AZT704/AZT704-3"
"https://microsoft.github.io/Azure-Threat-Research-Matrix/Impact/AZT704/AZT704-3"
]
},
"uuid": "d333405e-af82-555c-a68f-e723878b5f55",
"value": "AZT704.3 - Recovery Services Vault"
},
{
"description": "An adversary may recover a virtual machine object found in a 'soft deletion' state.",
"meta": {
"kill_chain": [
"ATRM-tactics:Impact"
],
"refs": [
"https://microsoft.github.io/Azure-Threat-Research-Matrix/Impact/AZT704/AZT704-3"
]
},
"uuid": "9d181c95-ccf7-5c94-8f4a-f6a2df62d760",
"value": "AZT705 - Azure Backup Delete"
}
],
"version": 1
"version": 2
}

12
clusters/backdoor.json
View file

@ -374,7 +374,17 @@
],
"uuid": "f8444fcc-730e-4898-8ef5-6cc1976ff475",
"value": "TROIBOMB"
},
{
"description": "ZIPLINE makes use of extensive functionality to ensure the authentication of its custom protocol used to establish command and control (C2).",
"meta": {
"refs": [
"https://www.mandiant.com/resources/blog/investigating-ivanti-zero-day-exploitation"
]
},
"uuid": "14504cbe-8423-47aa-a947-a3ab5549a068",
"value": "ZIPLINE"
}
],
"version": 17
"version": 18
}

2
clusters/microsoft-activity-group.json
View file

@ -1840,5 +1840,5 @@
"value": "Zigzag Hail"
}
],
"version": 20
"version": 21
}

381
clusters/mitre-attack-pattern.json
View file

@ -170,6 +170,13 @@
{
"dest-uuid": "1a295f87-af63-4d94-b130-039d6221fb11",
"type": "related-to"
},
{
"dest-uuid": "1a295f87-af63-4d94-b130-039d6221fb11",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "488da8ed-2887-4ef6-a39a-5b69bc6682c6",
@ -190,6 +197,13 @@
{
"dest-uuid": "795c1a92-3a26-453e-b99a-6a566aa94dc6",
"type": "related-to"
},
{
"dest-uuid": "795c1a92-3a26-453e-b99a-6a566aa94dc6",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "286cc500-4291-45c2-99a1-e760db176402",
@ -210,6 +224,13 @@
{
"dest-uuid": "488da8ed-2887-4ef6-a39a-5b69bc6682c6",
"type": "related-to"
},
{
"dest-uuid": "488da8ed-2887-4ef6-a39a-5b69bc6682c6",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "1a295f87-af63-4d94-b130-039d6221fb11",
@ -245,6 +266,13 @@
{
"dest-uuid": "286cc500-4291-45c2-99a1-e760db176402",
"type": "related-to"
},
{
"dest-uuid": "286cc500-4291-45c2-99a1-e760db176402",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "795c1a92-3a26-453e-b99a-6a566aa94dc6",
@ -265,6 +293,13 @@
{
"dest-uuid": "03f4a766-7a21-4b5e-9ccf-e0cf422ab983",
"type": "related-to"
},
{
"dest-uuid": "03f4a766-7a21-4b5e-9ccf-e0cf422ab983",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "e5164428-03ca-4336-a9a7-4d9ea1417e59",
@ -285,6 +320,13 @@
{
"dest-uuid": "e51398e6-53dc-4e9f-a323-e54683d8672b",
"type": "related-to"
},
{
"dest-uuid": "e51398e6-53dc-4e9f-a323-e54683d8672b",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "4900fabf-1142-4c1f-92f5-0b590e049077",
@ -306,6 +348,13 @@
{
"dest-uuid": "e5164428-03ca-4336-a9a7-4d9ea1417e59",
"type": "related-to"
},
{
"dest-uuid": "e5164428-03ca-4336-a9a7-4d9ea1417e59",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "03f4a766-7a21-4b5e-9ccf-e0cf422ab983",
@ -326,6 +375,13 @@
{
"dest-uuid": "4900fabf-1142-4c1f-92f5-0b590e049077",
"type": "related-to"
},
{
"dest-uuid": "4900fabf-1142-4c1f-92f5-0b590e049077",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "e51398e6-53dc-4e9f-a323-e54683d8672b",
@ -358,6 +414,13 @@
{
"dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7",
"type": "revoked-by"
},
{
"dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "revoked-by"
}
],
"uuid": "51aedbd6-2837-4d15-aeb0-cb09f2bf22ac",
@ -405,6 +468,13 @@
{
"dest-uuid": "dfe29258-ce59-421c-9dee-e85cb9fa90cd",
"type": "revoked-by"
},
{
"dest-uuid": "dfe29258-ce59-421c-9dee-e85cb9fa90cd",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "revoked-by"
}
],
"uuid": "f296fc9c-2ff5-43ee-941e-6b49c438270a",
@ -573,6 +643,13 @@
{
"dest-uuid": "0d95940f-9583-4e0f-824c-a42c1be47fad",
"type": "revoked-by"
},
{
"dest-uuid": "0d95940f-9583-4e0f-824c-a42c1be47fad",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "revoked-by"
}
],
"uuid": "f9e4f526-ac9d-4df5-8949-833a82a1d2df",
@ -1052,6 +1129,13 @@
{
"dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a",
"type": "revoked-by"
},
{
"dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "revoked-by"
}
],
"uuid": "a21a6a79-f9a1-4c87-aed9-ba2d79536881",
@ -1159,6 +1243,13 @@
{
"dest-uuid": "2b9a666e-bd59-4f67-9031-ed41b428e04a",
"type": "related-to"
},
{
"dest-uuid": "2b9a666e-bd59-4f67-9031-ed41b428e04a",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "784ff1bc-1483-41fe-a172-4cd9ae25c06b",
@ -1183,6 +1274,20 @@
{
"dest-uuid": "784ff1bc-1483-41fe-a172-4cd9ae25c06b",
"type": "related-to"
},
{
"dest-uuid": "028ad431-84c5-4eb7-a364-2b797c234f88",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
},
{
"dest-uuid": "784ff1bc-1483-41fe-a172-4cd9ae25c06b",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "2b9a666e-bd59-4f67-9031-ed41b428e04a",
@ -1207,6 +1312,13 @@
{
"dest-uuid": "784ff1bc-1483-41fe-a172-4cd9ae25c06b",
"type": "related-to"
},
{
"dest-uuid": "2b9a666e-bd59-4f67-9031-ed41b428e04a",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "028ad431-84c5-4eb7-a364-2b797c234f88",
@ -1893,6 +2005,13 @@
{
"dest-uuid": "eacd1efe-ee30-4b03-b58f-5b3b1adfe45d",
"type": "related-to"
},
{
"dest-uuid": "eacd1efe-ee30-4b03-b58f-5b3b1adfe45d",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "103d72e6-7e0d-4b3a-9373-c38567305c33",
@ -1914,6 +2033,13 @@
{
"dest-uuid": "103d72e6-7e0d-4b3a-9373-c38567305c33",
"type": "related-to"
},
{
"dest-uuid": "103d72e6-7e0d-4b3a-9373-c38567305c33",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "eacd1efe-ee30-4b03-b58f-5b3b1adfe45d",
@ -1966,6 +2092,13 @@
{
"dest-uuid": "7718e92f-b011-4f88-b822-ae245a1de407",
"type": "related-to"
},
{
"dest-uuid": "7718e92f-b011-4f88-b822-ae245a1de407",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "c721b235-679a-4d76-9ae9-e08921fccf84",
@ -2018,6 +2151,13 @@
{
"dest-uuid": "c721b235-679a-4d76-9ae9-e08921fccf84",
"type": "related-to"
},
{
"dest-uuid": "7718e92f-b011-4f88-b822-ae245a1de407",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "0722cd65-0c83-4c89-9502-539198467ab1",
@ -2042,6 +2182,13 @@
{
"dest-uuid": "c721b235-679a-4d76-9ae9-e08921fccf84",
"type": "related-to"
},
{
"dest-uuid": "c721b235-679a-4d76-9ae9-e08921fccf84",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "7718e92f-b011-4f88-b822-ae245a1de407",
@ -2066,6 +2213,13 @@
{
"dest-uuid": "96eb59d1-6c46-44bb-bfcd-56be02a00d41",
"type": "related-to"
},
{
"dest-uuid": "96eb59d1-6c46-44bb-bfcd-56be02a00d41",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "7baccb84-356c-4e89-8c5d-58e701f033fc",
@ -2138,6 +2292,13 @@
{
"dest-uuid": "dfa4eaf4-50d9-49de-89e9-d33f579f3e05",
"type": "related-to"
},
{
"dest-uuid": "dfa4eaf4-50d9-49de-89e9-d33f579f3e05",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "856a9371-4f0f-4ea9-946e-f3144204240f",
@ -2323,6 +2484,13 @@
{
"dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7",
"type": "revoked-by"
},
{
"dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "revoked-by"
}
],
"uuid": "6b846ad0-cc20-4db6-aa34-91561397c5e2",
@ -2455,6 +2623,13 @@
{
"dest-uuid": "856a9371-4f0f-4ea9-946e-f3144204240f",
"type": "related-to"
},
{
"dest-uuid": "856a9371-4f0f-4ea9-946e-f3144204240f",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "dfa4eaf4-50d9-49de-89e9-d33f579f3e05",
@ -2555,6 +2730,20 @@
{
"dest-uuid": "7baccb84-356c-4e89-8c5d-58e701f033fc",
"type": "related-to"
},
{
"dest-uuid": "092f05e3-f7c0-4cd2-91be-3a8d6ed3cadc",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
},
{
"dest-uuid": "7baccb84-356c-4e89-8c5d-58e701f033fc",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "96eb59d1-6c46-44bb-bfcd-56be02a00d41",
@ -2593,6 +2782,20 @@
{
"dest-uuid": "96eb59d1-6c46-44bb-bfcd-56be02a00d41",
"type": "related-to"
},
{
"dest-uuid": "96eb59d1-6c46-44bb-bfcd-56be02a00d41",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
},
{
"dest-uuid": "7baccb84-356c-4e89-8c5d-58e701f033fc",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "092f05e3-f7c0-4cd2-91be-3a8d6ed3cadc",
@ -2668,6 +2871,13 @@
{
"dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7",
"type": "revoked-by"
},
{
"dest-uuid": "53263a67-075e-48fa-974b-91c5b5445db7",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "revoked-by"
}
],
"uuid": "1f96d624-8409-4472-ad8a-30618ee6b2e2",
@ -5416,6 +5626,13 @@
{
"dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a",
"type": "revoked-by"
},
{
"dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "revoked-by"
}
],
"uuid": "b765efd1-02e6-4e67-aebf-0fef5c37e54b",
@ -6467,6 +6684,13 @@
{
"dest-uuid": "0d95940f-9583-4e0f-824c-a42c1be47fad",
"type": "revoked-by"
},
{
"dest-uuid": "0d95940f-9583-4e0f-824c-a42c1be47fad",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "revoked-by"
}
],
"uuid": "b928b94a-4966-4e2a-9e61-36505b896ebc",
@ -7670,6 +7894,13 @@
{
"dest-uuid": "0d95940f-9583-4e0f-824c-a42c1be47fad",
"type": "revoked-by"
},
{
"dest-uuid": "0d95940f-9583-4e0f-824c-a42c1be47fad",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "revoked-by"
}
],
"uuid": "11bd699b-f2c2-4e48-bf46-fb3f8acd9799",
@ -14806,6 +15037,13 @@
{
"dest-uuid": "73e7d7d5-1782-4cd0-a4d7-00c7ec051c2a",
"type": "related-to"
},
{
"dest-uuid": "73e7d7d5-1782-4cd0-a4d7-00c7ec051c2a",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "5b6ce031-bb86-407a-9984-2b9700ac4549",
@ -15038,6 +15276,13 @@
{
"dest-uuid": "5b6ce031-bb86-407a-9984-2b9700ac4549",
"type": "related-to"
},
{
"dest-uuid": "5b6ce031-bb86-407a-9984-2b9700ac4549",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "73e7d7d5-1782-4cd0-a4d7-00c7ec051c2a",
@ -15055,6 +15300,13 @@
{
"dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a",
"type": "revoked-by"
},
{
"dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "revoked-by"
}
],
"uuid": "e30cc912-7ea1-4683-9219-543b86cbdec9",
@ -15130,6 +15382,20 @@
{
"dest-uuid": "7860e21e-7514-4a3f-8a9d-56405ccfdb0c",
"type": "related-to"
},
{
"dest-uuid": "7860e21e-7514-4a3f-8a9d-56405ccfdb0c",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
},
{
"dest-uuid": "59369f72-3005-4e54-9095-3d00efcece73",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "78e41091-d10d-4001-b202-89612892b6ff",
@ -15183,6 +15449,13 @@
{
"dest-uuid": "af358cad-eb71-4e91-a752-236edc237dae",
"type": "related-to"
},
{
"dest-uuid": "af358cad-eb71-4e91-a752-236edc237dae",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "74a3288e-eee9-4f8e-973a-fbc128e033f1",
@ -15336,6 +15609,13 @@
{
"dest-uuid": "78e41091-d10d-4001-b202-89612892b6ff",
"type": "related-to"
},
{
"dest-uuid": "7860e21e-7514-4a3f-8a9d-56405ccfdb0c",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "59369f72-3005-4e54-9095-3d00efcece73",
@ -15403,6 +15683,13 @@
{
"dest-uuid": "78e41091-d10d-4001-b202-89612892b6ff",
"type": "related-to"
},
{
"dest-uuid": "59369f72-3005-4e54-9095-3d00efcece73",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "7860e21e-7514-4a3f-8a9d-56405ccfdb0c",
@ -15427,6 +15714,20 @@
{
"dest-uuid": "a757670d-d600-48d9-8ae9-601d42c184a5",
"type": "related-to"
},
{
"dest-uuid": "74a3288e-eee9-4f8e-973a-fbc128e033f1",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
},
{
"dest-uuid": "a757670d-d600-48d9-8ae9-601d42c184a5",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "af358cad-eb71-4e91-a752-236edc237dae",
@ -15479,6 +15780,20 @@
{
"dest-uuid": "af358cad-eb71-4e91-a752-236edc237dae",
"type": "related-to"
},
{
"dest-uuid": "af358cad-eb71-4e91-a752-236edc237dae",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
},
{
"dest-uuid": "74a3288e-eee9-4f8e-973a-fbc128e033f1",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "a757670d-d600-48d9-8ae9-601d42c184a5",
@ -15535,6 +15850,13 @@
{
"dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a",
"type": "revoked-by"
},
{
"dest-uuid": "d9db3d46-66ca-44b4-9daa-1ef97cb7465a",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "revoked-by"
}
],
"uuid": "831e3269-da49-48ac-94dc-948008e8fd16",
@ -15922,7 +16244,15 @@
"https://attack.mitre.org/techniques/T1454"
]
},
"related": [],
"related": [
{
"dest-uuid": "2d646840-f6f5-4619-a5a8-29c8316bbac5",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "revoked-by"
}
],
"uuid": "0bcc4ec1-a897-49a9-a9ff-c00df1d1209d",
"value": "Malicious SMS Message - T1454"
},
@ -16092,6 +16422,13 @@
{
"dest-uuid": "2d646840-f6f5-4619-a5a8-29c8316bbac5",
"type": "revoked-by"
},
{
"dest-uuid": "2d646840-f6f5-4619-a5a8-29c8316bbac5",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "revoked-by"
}
],
"uuid": "c91c304a-975d-4501-9789-0db1c57afd3f",
@ -16149,6 +16486,13 @@
{
"dest-uuid": "fd339382-bfec-4bf0-8d47-1caedc9e7e57",
"type": "revoked-by"
},
{
"dest-uuid": "fd339382-bfec-4bf0-8d47-1caedc9e7e57",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "revoked-by"
}
],
"uuid": "a9cab8f6-4c94-4c9b-9e7d-9d863ff53431",
@ -24324,6 +24668,13 @@
{
"dest-uuid": "72c8d526-1247-42d4-919c-6d7a31ca8f39",
"type": "related-to"
},
{
"dest-uuid": "72c8d526-1247-42d4-919c-6d7a31ca8f39",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "e6ca2820-a564-4b74-b42a-b6bdf052e5b6",
@ -24452,6 +24803,13 @@
{
"dest-uuid": "dfe29258-ce59-421c-9dee-e85cb9fa90cd",
"type": "revoked-by"
},
{
"dest-uuid": "dfe29258-ce59-421c-9dee-e85cb9fa90cd",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "revoked-by"
}
],
"uuid": "45dcbc83-4abc-4de1-b643-e528d1e9df09",
@ -24888,6 +25246,13 @@
{
"dest-uuid": "54eb2bab-125f-4d1c-b999-0c692860bafe",
"type": "related-to"
},
{
"dest-uuid": "54eb2bab-125f-4d1c-b999-0c692860bafe",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "20a66013-8dab-4ca3-a67d-766c842c561c",
@ -25387,6 +25752,13 @@
{
"dest-uuid": "e6ca2820-a564-4b74-b42a-b6bdf052e5b6",
"type": "related-to"
},
{
"dest-uuid": "e6ca2820-a564-4b74-b42a-b6bdf052e5b6",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "72c8d526-1247-42d4-919c-6d7a31ca8f39",
@ -26677,6 +27049,13 @@
{
"dest-uuid": "20a66013-8dab-4ca3-a67d-766c842c561c",
"type": "related-to"
},
{
"dest-uuid": "20a66013-8dab-4ca3-a67d-766c842c561c",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "54eb2bab-125f-4d1c-b999-0c692860bafe",

2177
clusters/mitre-course-of-action.json
View file

File diff suppressed because it is too large Load diff

1452
clusters/mitre-intrusion-set.json
View file

File diff suppressed because it is too large Load diff

3017
clusters/mitre-malware.json
View file

File diff suppressed because it is too large Load diff

392
clusters/mitre-tool.json
View file

@ -29,6 +29,13 @@
{
"dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90",
"type": "uses"
},
{
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "242f3da3-4425-4d11-8f5c-b842886da966",
@ -204,6 +211,13 @@
{
"dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e",
"type": "uses"
},
{
"dest-uuid": "c23b740b-a42b-47a1-aec2-9d48ddd547ff",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "a52edc76-328d-4596-85e7-d56ef5a9eb69",
@ -381,6 +395,13 @@
{
"dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916",
"type": "uses"
},
{
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "b52d6583-14a2-4ddc-8527-87fd2142558f",
@ -402,6 +423,13 @@
{
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
"type": "uses"
},
{
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "294e2560-bd48-44b2-9da2-833b5588ad11",
@ -498,6 +526,20 @@
{
"dest-uuid": "f303a39a-6255-4b89-aecc-18c4d8ca7163",
"type": "uses"
},
{
"dest-uuid": "7f3a035d-d83a-45b8-8111-412aa8ade802",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60",
@ -540,6 +582,20 @@
{
"dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea",
"type": "uses"
},
{
"dest-uuid": "3fb18a77-91ef-4c68-a9a9-fa6bdbea38e8",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "d5e96a35-7b0b-4c6a-9533-d63ecbda563e",
@ -624,6 +680,13 @@
{
"dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011",
"type": "uses"
},
{
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "9de2308e-7bed-43a3-8e58-f194b3586700",
@ -659,6 +722,20 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "8410d208-7450-407d-b56c-e5c1ced19632",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "b07c2c47-fefb-4d7c-a69e-6a3296171f54",
@ -687,6 +764,13 @@
{
"dest-uuid": "f3d95a1f-bba2-44ce-9af7-37866cd63fd0",
"type": "uses"
},
{
"dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "0c8465c0-d0b4-4670-992e-4eee8d7ff952",
@ -705,6 +789,13 @@
{
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
"type": "uses"
},
{
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "362dc67f-4e85-4562-9dac-1b6b7f3ec4b5",
@ -729,6 +820,13 @@
{
"dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011",
"type": "uses"
},
{
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "4f45dfeb-fe51-4df0-8db3-edf7dd0513fe",
@ -751,6 +849,13 @@
{
"dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475",
"type": "uses"
},
{
"dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "b35068ec-107a-4266-bda8-eb7036267aea",
@ -769,6 +874,13 @@
{
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
"type": "uses"
},
{
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "c11ac61d-50f4-444f-85d8-6f006067f0de",
@ -840,6 +952,13 @@
{
"dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475",
"type": "uses"
},
{
"dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "4664b683-f578-434f-919b-1c1aad2a1111",
@ -978,6 +1097,13 @@
{
"dest-uuid": "767dbf9e-df3f-45cb-8998-4903ab5f80c0",
"type": "uses"
},
{
"dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "38952eac-cb1b-4a71-bad2-ee8223a1c8fe",
@ -1026,6 +1152,13 @@
{
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
"type": "uses"
},
{
"dest-uuid": "56fca983-1cf1-4fd1-bda0-5e170a37ab59",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "bba595da-b73a-4354-aa6c-224d4de7cb4e",
@ -1063,6 +1196,20 @@
{
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
"type": "uses"
},
{
"dest-uuid": "3e205e84-9f90-4b4b-8896-c82189936a15",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "0a68f1f1-da74-4d28-8d9a-696c082706cc",
@ -1100,6 +1247,13 @@
{
"dest-uuid": "f63fe421-b1d1-45c0-b8a7-02cd16ff2bed",
"type": "uses"
},
{
"dest-uuid": "241814ae-de3f-4656-b49e-f9a80764d4b7",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "5a63f900-5e7e-4928-a746-dd4558e1df71",
@ -1136,6 +1290,13 @@
{
"dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b",
"type": "uses"
},
{
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "64764dc6-a032-495f-8250-1e4c06bdc163",
@ -1314,6 +1475,20 @@
{
"dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4",
"type": "uses"
},
{
"dest-uuid": "6dd05630-9bd8-11e8-a8b9-47ce338a4367",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "ffe742ed-9100-4686-9e00-c331da544787",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db",
@ -1396,6 +1571,13 @@
{
"dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077",
"type": "uses"
},
{
"dest-uuid": "b6075259-dba3-44e9-87c7-e954f37ec0d5",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "03342581-f790-4f03-ba41-e82e67392e23",
@ -1569,6 +1751,13 @@
{
"dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896",
"type": "uses"
},
{
"dest-uuid": "2edd9d6a-5674-4326-a600-ba56de467286",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "cde2d700-9ed1-46cf-9bce-07364fe8b24f",
@ -1598,6 +1787,13 @@
{
"dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384",
"type": "uses"
},
{
"dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "2e45723a-31da-4a7e-aaa6-e01998a6788f",
@ -1722,6 +1918,13 @@
{
"dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b",
"type": "uses"
},
{
"dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "cf23bf4a-e003-4116-bbae-1ea6c558d565",
@ -1743,6 +1946,13 @@
{
"dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1",
"type": "uses"
},
{
"dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1",
@ -1764,6 +1974,13 @@
{
"dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735",
"type": "uses"
},
{
"dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "b77b563c-34bb-4fb8-86a3-3694338f7b47",
@ -1795,6 +2012,13 @@
{
"dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735",
"type": "uses"
},
{
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "30489451-5886-4c46-90c9-0dff9adc5252",
@ -1820,6 +2044,13 @@
{
"dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9",
"type": "uses"
},
{
"dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "c9703cd3-141c-43a0-a926-380082be5d04",
@ -1844,6 +2075,13 @@
{
"dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90",
"type": "uses"
},
{
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "2fab555f-7664-4623-b4e0-1675ae38190b",
@ -1869,6 +2107,20 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "ccde5b0d-fe13-48e6-a6f4-4e434ce29371",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "ca1a3f50-5ebd-41f8-8320-2c7d6a6e88be",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "102c3898-85e0-43ee-ae28-62a0a3ed9507",
@ -1936,6 +2188,13 @@
{
"dest-uuid": "6add2ab5-2711-4e9d-87c8-7a0be8531530",
"type": "uses"
},
{
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "c9cd7ec9-40b7-49db-80be-1399eddd9c52",
@ -2066,6 +2325,20 @@
{
"dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4",
"type": "uses"
},
{
"dest-uuid": "811bdec0-e236-48ae-b27c-1a8fe0bfc3a9",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "f44731de-ea9f-406d-9b83-30ecbb9b4392",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "96fd6cc4-a693-4118-83ec-619e5352d07d",
@ -2084,6 +2357,13 @@
{
"dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4",
"type": "uses"
},
{
"dest-uuid": "f44731de-ea9f-406d-9b83-30ecbb9b4392",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "4fa49fc0-9162-4bdb-a37e-7aa3dcb6d38b",
@ -2348,6 +2628,20 @@
{
"dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945",
"type": "uses"
},
{
"dest-uuid": "bdb420be-5882-41c8-b439-02bbef69d83f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "cb69b20d-56d0-41ab-8440-4a4b251614d4",
@ -2445,6 +2739,13 @@
{
"dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada",
"type": "uses"
},
{
"dest-uuid": "7d751199-05fa-4a72-920f-85df4506c76c",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68",
@ -2471,6 +2772,13 @@
{
"dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18",
"type": "uses"
},
{
"dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "90ec2b22-7061-4469-b539-0989ec4f96c2",
@ -2536,6 +2844,13 @@
{
"dest-uuid": "650c784b-7504-4df7-ab2c-4ea882384d1e",
"type": "uses"
},
{
"dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "a1dd2dbd-1550-44bf-abcc-1a4c52e97719",
@ -2670,6 +2985,13 @@
{
"dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945",
"type": "uses"
},
{
"dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "13cd9151-83b7-410d-9f98-25d0f0d1d80d",
@ -2695,6 +3017,13 @@
{
"dest-uuid": "ca9d3402-ada3-484d-876a-d717bd6e05f2",
"type": "uses"
},
{
"dest-uuid": "1ce03c65-5946-4ac9-9d4d-66db87e024bd",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "65370d0b-3bd4-4653-8cf9-daf56f6be830",
@ -2809,6 +3138,13 @@
{
"dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c",
"type": "uses"
},
{
"dest-uuid": "1b84d551-6de8-4b96-9930-d177677c3b1d",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "d8d19e33-94fd-4aa3-b94a-08ee801a2153",
@ -2907,6 +3243,13 @@
{
"dest-uuid": "3120b9fa-23b8-4500-ae73-09494f607b7d",
"type": "uses"
},
{
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "5a33468d-844d-4b1f-98c9-0e786c556b27",
@ -2925,6 +3268,13 @@
{
"dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c",
"type": "uses"
},
{
"dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "fbd727ea-c0dc-42a9-8448-9e12962d1ab5",
@ -2943,6 +3293,13 @@
{
"dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c",
"type": "uses"
},
{
"dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "9a2640c2-9f43-46fe-b13f-bde881e55555",
@ -3087,6 +3444,13 @@
{
"dest-uuid": "0c4b4fda-9062-47da-98b9-ceae2dcf052a",
"type": "uses"
},
{
"dest-uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "33b9e38f-103c-412d-bdcf-904a91fff1e4",
@ -3661,6 +4025,34 @@
{
"dest-uuid": "eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
"type": "uses"
},
{
"dest-uuid": "e683cd91-40b4-4e1c-be25-34a27610a22e",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "4cfa42a3-71d9-43e2-bf23-daa79f326387",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "5a78ec38-8b93-4dde-a99e-0c9b77674838",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "da21929e-40c0-443d-bdf4-6b60d15448b4",

14
clusters/rat.json
View file

@ -3634,7 +3634,19 @@
},
"uuid": "b30cb6f4-1e0a-4a97-8d88-ca38f83b4422",
"value": "STRRAT"
},
{
"description": "Chinese FortiGate RAT. The COATHANGER malware is a remote access trojan (RAT) designed specifically for Fortigate appliances. It is used as second-stage malware, and does not exploit a new vulnerability. Intelligence services MIVD & AIVD refer to the malware as COATHANGER based on a string present in the code./nThe COATHANGER malware is stealthy and persistent. It hides itself by hooking system calls that could reveal its presence. It survives reboots and firmware upgrades./nMIVD & AIVD assess with high confidence that the malicious activity was conducted by a state-sponsored actor from the Peoples Republic of China. This is part of a wider trend of Chinese political espionage against the Netherlands and its allies./nMIVD & AIVD assess that use of COATHANGER may be relatively targeted. The Chinese threat actor(s) scan for vulnerable edge devices at scale and gain access opportunistically, and likely introduce COATHANGER as a communication channel for select victims.",
"meta": {
"refs": [
"https://github.com/JSCU-NL/COATHANGER",
"https://www.ncsc.nl/documenten/publicaties/2024/februari/6/mivd-aivd-advisory-coathanger-tlp-clear",
"https://twitter.com/sehof/status/1754883344574103670"
]
},
"uuid": "c04e9738-de62-43e4-b645-2e308c1f77f7",
"value": "COATHANGER"
}
],
"version": 44
"version": 45
}

5295
clusters/sigma-rules.json
View file

File diff suppressed because it is too large Load diff

72
clusters/stealer.json
View file

@ -223,7 +223,77 @@
},
"uuid": "0266302b-52d3-44da-ab63-a8a6f16de737",
"value": "Sordeal-Stealer"
},
{
"description": "Mars stealer is an improved successor of Oski Stealer, supporting stealing from current browsers and targeting crypto currencies and 2FA plugins. Mars Stealer written in ASM/C using WinApi, weight is 95 kb. Uses special techniques to hide WinApi calls, encrypts strings, collects information in the memory, supports secure SSL-connection with C&C, doesnt use CRT, STD.",
"meta": {
"refs": [
"https://malpedia.caad.fkie.fraunhofer.de/details/win.mars_stealer",
"https://3xp0rt.com/posts/mars-stealer/",
"https://cyberint.com/blog/research/mars-stealer/",
"https://isc.sans.edu/diary/rss/28468",
"https://isc.sans.edu/diary/Arkei+Variants%3A+From+Vidar+to+Mars+Stealer/28468",
"https://blog.morphisec.com/threat-research-mars-stealer",
"https://cert.gov.ua/article/38606",
"https://www.malwarebytes.com/blog/threat-intelligence/2022/04/colibri-loader-combines-task-scheduler-and-powershell-in-clever-persistence-technique",
"https://blog.sekoia.io/mars-a-red-hot-information-stealer/",
"https://www.bleepingcomputer.com/news/security/new-meta-information-stealer-distributed-in-malspam-campaign/",
"https://www.esentire.com/blog/fake-chrome-setup-leads-to-netsupportmanager-rat-and-mars-stealer",
"https://resources.infosecinstitute.com/topics/malware-analysis/mars-stealer-malware-analysis/",
"https://www.microsoft.com/en-us/security/blog/2022/05/17/in-hot-pursuit-of-cryware-defending-hot-wallets-from-attacks/",
"https://www.esentire.com/blog/esentire-threat-intelligence-malware-analysis-mars-stealer",
"https://x-junior.github.io/malware%20analysis/2022/05/19/MarsStealer.html",
"https://www.kelacyber.com/information-stealers-a-new-landscape/",
"https://cyble.com/blog/fake-atomic-wallet-website-distributing-mars-stealer/",
"https://go.recordedfuture.com/hubfs/reports/cta-2022-0802.pdf",
"https://drive.google.com/file/d/14cmYxzowVLyuiS5qDGOKzgI2_vak2Fve/view",
"https://threatmon.io/mars-stealer-malware-analysis-2022/",
"https://threatmon.io/storage/mars-stealer-malware-analysis-2022.pdf",
"https://3xp0rt.com/posts/mars-stealer/forum.png"
]
},
"related": [
{
"dest-uuid": "54b61c7e-8ced-4b90-a295-62102bfd4f32",
"tags": [
"estimative-language:likelihood-probability=\"very-likely\""
],
"type": "successor-of"
}
],
"uuid": "64e51712-89d6-4c91-98ac-8907eafe98c6",
"value": "Mars Stealer"
},
{
"description": "The Oski stealer is a malicious information stealer, which was first introduced in November 2019. As the name implies, the Oski stealer steals personal and sensitive information from its target. “Oski” is derived from an old Nordic word meaning Viking warrior, which is quite fitting considering this popular info-stealer is extremely effective at pillaging privileged information from its victims.",
"meta": {
"refs": [
"https://malpedia.caad.fkie.fraunhofer.de/details/win.oski",
"https://twitter.com/albertzsigovits/status/1160874557454131200",
"https://www.bitdefender.com/blog/labs/",
"https://www.cyberark.com/resources/threat-research-blog/meet-oski-stealer-an-in-depth-analysis-of-the-popular-credential-stealer",
"https://medium.com/shallvhack/oski-stealer-a-credential-theft-malware-b9bba5164601",
"https://yoroi.company/en/research/the-wayback-campaign-a-large-scale-operation-hiding-in-plain-sight/",
"https://drive.google.com/file/d/1c72YIF6JYcEvbFZCrkZO26D9hC3gnyMP/view",
"https://www.rapid7.com/solutions/unified-mdr-xdr-vm/",
"https://3xp0rt.com/posts/mars-stealer/",
"https://cyberint.com/blog/research/mars-stealer/",
"https://isc.sans.edu/diary/Arkei+Variants%3A+From+Vidar+to+Mars+Stealer/28468"
]
},
"uuid": "54b61c7e-8ced-4b90-a295-62102bfd4f32",
"value": "Oski Stealer"
},
{
"description": "WARPWIRE is a JavaScript-based credential stealer",
"meta": {
"refs": [
"https://www.mandiant.com/resources/blog/investigating-ivanti-zero-day-exploitation"
]
},
"uuid": "b581b182-505a-4243-9569-c175513c4441",
"value": "WARPWIRE"
}
],
"version": 13
"version": 15
}

28
clusters/surveillance-vendor.json
View file

@ -33,8 +33,15 @@
"official-refs": [
"https://www.nsogroup.com/"
],
"products": [
"PEGASUS"
],
"refs": [
"https://en.wikipedia.org/wiki/NSO_Group"
],
"synonyms": [
"Q-Cyber",
"Circles"
]
},
"uuid": "49d8e89f-401d-4d3d-9155-5758a346a4a1",
@ -184,6 +191,9 @@
{
"description": "Cytroxs Israeli companies were founded in 2017 as Cytrox EMEA Ltd. and Cytrox Software Ltd. Perhaps taking a page from Candirus corporate obfuscation playbook, both of those companies were renamed in 2019 to Balinese Ltd. and Peterbald Ltd., respectively. We also observed one entity in Hungary, Cytrox Holdings Zrt, which was also formed in 2017.",
"meta": {
"products": [
"DevilsTongue"
],
"refs": [
"https://citizenlab.ca/2021/12/pegasus-vs-predator-dissidents-doubly-infected-iphone-reveals-cytrox-mercenary-spyware/"
],
@ -201,10 +211,16 @@
{
"description": "RCS Lab S.p.A., Italian vendor likely using Tykelab Srl as a front company.",
"meta": {
"products": [
"Hermit"
],
"refs": [
"https://www.rcslab.it/en/index.html",
"https://www.lookout.com/blog/hermit-spyware-discovery",
"https://www.vice.com/en/article/nz75wd/european-surveillance-companies-agt-rcs-sell-syria-tools-of-oppression"
],
"synonyms": [
"RCS Lab"
]
},
"uuid": "28ed79b6-a11d-4e41-af80-ece8f0e0c2d3",
@ -236,6 +252,13 @@
{
"description": "The Intellexa alliance is an evolving group of companies and brands that have been involved in developing and marketing a wide range of surveillance products including advanced spyware, mass surveillance platforms, and tactical systems for targeting and intercepting nearby devices. The corporate entities of the alliance span various jurisdictions, both within and outside the EU. The exact nature of links between these companies is shrouded in secrecy as corporate entities, and the structures between them, are constantly morphing, renaming, rebranding, and evolving.",
"meta": {
"products": [
"Nova",
"Triton",
"Helios",
"ALIEN",
"PREDATOR"
],
"refs": [
"https://www.atlanticcouncil.org/wp-content/uploads/2021/11/Surveillance-Technology-at-the-Fair.pdf",
"https://securitylab.amnesty.org/latest/2023/10/technical-deep-dive-into-intellexa-alliance-surveillance-products/",
@ -369,6 +392,9 @@
"https://www.atlanticcouncil.org/wp-content/uploads/2021/11/Surveillance-Technology-at-the-Fair.pdf",
"https://securityaffairs.com/125083/intelligence/nexa-technologies-indicted.html",
"https://wearenexa.com/aboutus/"
],
"synonyms": [
"Nexa Technologies"
]
},
"uuid": "eb6af48e-82ea-11ee-a4dc-325096b39f47",
@ -601,5 +627,5 @@
"value": "Raxir"
}
],
"version": 4
"version": 6
}

1055
clusters/threat-actor.json
View file

File diff suppressed because it is too large Load diff

96
clusters/tool.json
View file

@ -9230,11 +9230,12 @@
"value": "metasploit"
},
{
"description": "A swiss army knife for pentesting networks.",
"description": "A swiss army knife for pentesting networks. CRACKMAPEXEC is a post-exploitation tool against Microsoft Windows environments. It is recognized for its lateral movement capabilities.",
"meta": {
"refs": [
"https://github.com/byt3bl33d3r/CrackMapExec",
"https://bitdefender.com/files/News/CaseStudies/study/332/Bitdefender-Whitepaper-Chafer-creat4491-en-EN-interactive.pdf"
"https://bitdefender.com/files/News/CaseStudies/study/332/Bitdefender-Whitepaper-Chafer-creat4491-en-EN-interactive.pdf",
"https://www.mandiant.com/resources/blog/investigating-ivanti-zero-day-exploitation"
],
"synonyms": [],
"type": [
@ -10794,7 +10795,96 @@
],
"uuid": "cdd432b0-8899-4e7d-ad4a-b18741ade11d",
"value": "RevClient"
},
{
"description": "Colibri Loader is a piece of malware that first appeared on underground forums in August 2021 and was advertised to “people who have large volumes of traffic and lack of time to work out the material“. As it names suggests, it is meant to deliver and manage payloads onto infected computers.",
"meta": {
"refs": [
"https://www.malwarebytes.com/blog/threat-intelligence/2022/04/colibri-loader-combines-task-scheduler-and-powershell-in-clever-persistence-technique"
]
},
"related": [
{
"dest-uuid": "64e51712-89d6-4c91-98ac-8907eafe98c6",
"tags": [
"estimative-language:likelihood-probability=\"very-likely\""
],
"type": "delivers"
}
],
"uuid": "63615901-dd49-4541-801f-327a6963c88b",
"value": "Colibri Loader"
},
{
"description": "A mitigation bypass technique was recently identified that led to the deployment of a custom webshell tracked as BUSHWALK. Successful exploitation would bypass the initial mitigation provided by Ivanti on Jan. 10, 2024. At this time, Mandiant assesses the mitigation bypass activity is highly targeted, limited, and is distinct from the post-advisory mass exploitation activity. BUSHWALK is written in Perl and is embedded into a legitimate CS file, querymanifest.cgi. BUSHWALK provides a threat actor the ability to execute arbitrary commands or write files to a server. BUSHWALK executes its malicious Perl function, validateVersion, if the web request platform parameter is SafariiOS. It uses Base64 and RC4 to decode and decrypt the threat actors payload in the web requests command parameter.",
"meta": {
"refs": [
"https://www.mandiant.com/resources/blog/investigating-ivanti-zero-day-exploitation"
]
},
"uuid": "0752d766-2c2a-43ce-aebd-6a4e214cd43c",
"value": "BUSHWALK"
},
{
"description": "The original LIGHTWIRE webshell sample contains a simpler obfuscation routine. It will initialize an RC4 object and then immediately use the RC4 object to decrypt the issued command./nMandiant has identified an additional variant of the LIGHTWIRE web shell that inserts itself into a legitimate component of the VPN gateway, compcheckresult.cgi./nThe new sample utilizes the same GET parameters as the original LIGHTWIRE sample./nThe new variant of LIGHTWIRE features a different obfuscation routine. It first assigns a string scalar variable to $useCompOnly. Next, it will use the Perl tr operator to transform the string using a character-by-character translation. The key is then Base64-decoded and used to RC4 decrypt the incoming request. Finally, the issued command is executed by calling eval.",
"meta": {
"refs": [
"https://www.mandiant.com/resources/blog/investigating-ivanti-zero-day-exploitation"
]
},
"uuid": "5b9d5714-9eb9-4e3b-b437-26a9b50a633e",
"value": "LIGHTWIRE"
},
{
"description": "CHAINLINE is a Python webshell backdoor that is embedded in a Ivanti Connect Secure Python package that enables arbitrary command execution./nCHAINLINE was identified in the CAV Python package in the following path: /home/venv3/lib/python3.6/site-packages/cav-0.1-py3.6.egg/cav/api/resources/health.py. This is the same Python package modified to support the WIREFIRE web shell./nUnlike WIREFIRE, which modifies an existing file, CHAINLINE creates a new file called health.py, which is not a legitimate filename in the CAV Python package. The existence of this filename or an associated compiled Python cache file may indicate the presence of CHAINLINE./nUNC5221 registered a new API resource path to support the access of CHAINLINE at the REST endpoint /api/v1/cav/client/health. This was accomplished by importing the maliciously created Health API resource and then calling the add_resource() class method on the FLASK-RESTful Api object within /home/venv3/lib/python3.6/site-packages/cav-0.1-py3.6.egg/cav/api/__init__.py.",
"meta": {
"refs": [
"https://www.mandiant.com/resources/blog/investigating-ivanti-zero-day-exploitation"
]
},
"uuid": "87e353c6-e0e8-427a-b55f-61cbd2853c57",
"value": "CHAINLINE"
},
{
"description": "FRAMESTING is a Python webshell embedded in a Ivanti Connect Secure Python package that enables arbitrary command execution./nFRAMESTING was identified in the CAV Python package in the following path: /home/venv3/lib/python3.6/site-packages/cav-0.1-py3.6.egg/cav/api/resources/category.py. Note that this is the same Python package modified to support the WIREFIRE and CHAINLINE web shells./nWhen installed, the threat actor can access FRAMESTING web shell at the REST endpoint /api/v1/cav/client/categories with a POST request. Note that the legitimate categories endpoint only accepts GET requests./nThe web shell employs two methods of accepting commands from an attacker. It first attempts to retrieve the command stored in the value of a cookie named DSID from the current HTTP request. If the cookie is not present or is not of the expected length, it will attempt to decompress zlib data within the request's POST data. Lastly, FRAMESTING will then pass the decrypted POST data into a Python exec() statement to dynamically execute additional Python code./nNote that DSID is also the name of a cookie used by Ivanti Connect Secure appliances for maintaining user VPN sessions. FRAMESTING likely uses the same cookie name to blend in with network traffic.",
"meta": {
"refs": [
"https://www.mandiant.com/resources/blog/investigating-ivanti-zero-day-exploitation"
]
},
"uuid": "a9470d3d-ecfd-408b-ba1e-f3ca65791e0d",
"value": "FRAMESTING"
},
{
"description": "IMPACKET is a Python library that allows for interaction with various network protocols. It is particularly effective in environments that rely on Active Directory and related Microsoft Windows network services.",
"meta": {
"refs": [
"https://www.mandiant.com/resources/blog/investigating-ivanti-zero-day-exploitation"
]
},
"uuid": "7b02521e-422e-49a2-96fc-ad6c13057a6c",
"value": "IMPACKET"
},
{
"description": "IODINE is a network traffic tunneler that allows for tunneling of IPv4 traffic over DNS.",
"meta": {
"refs": [
"https://www.mandiant.com/resources/blog/investigating-ivanti-zero-day-exploitation"
]
},
"uuid": "94ae63e7-7f92-4657-812c-2f27bf50ca21",
"value": "IODINE"
},
{
"description": "ENUM4LINUX is a Linux Perl script for enumerating data from Windows and Samba hosts.",
"meta": {
"refs": [
"https://www.mandiant.com/resources/blog/investigating-ivanti-zero-day-exploitation"
]
},
"uuid": "c44c5c54-435a-453a-a128-43ca18b82c37",
"value": "ENUM4LINUX"
}
],
"version": 171
"version": 172
}

4
galaxies/atrm.json
View file

@ -9,12 +9,12 @@
"Privilege Escalation",
"Persistence",
"Credential Access",
"Exfiltration"
"Impact"
]
},
"name": "Azure Threat Research Matrix",
"namespace": "atrm",
"type": "atrm",
"uuid": "b541a056-154c-41e7-8a56-41db3f871c00",
"version": 1
"version": 2
}

4
tools/mkdocs/.gitignore vendored Normal file
View file

@ -0,0 +1,4 @@
/site/docs/*
!/site/docs/01_attachements
/site/site

4
tools/mkdocs/REQUIREMENTS
View file

@ -1,4 +0,0 @@
validators
mkdocs-git-committers-plugin
mkdocs-rss-plugin

17
tools/mkdocs/build.sh
View file

@ -1,6 +1,21 @@
#!/bin/bash
requirements_path="requirements.txt"
pip freeze > installed.txt
diff -u <(sort $requirements_path) <(sort installed.txt)
if [ $? -eq 0 ]; then
echo "All dependencies are installed with correct versions."
else
echo "Dependencies missing or with incorrect versions. Please install all dependencies from $requirements_path into your environment."
rm installed.txt # Clean up
exit 1
fi
rm installed.txt # Clean up
python3 generator.py
cd site
cd ./site/ || exit
mkdocs build
rsync --include ".*" -v -rz --checksum site/ circl@cppz.circl.lu:/var/www/misp-galaxy.org

10
tools/mkdocs/generator.py
View file

@ -12,6 +12,7 @@ CLUSTER_PATH = "../../clusters"
SITE_PATH = "./site/docs"
GALAXY_PATH = "../../galaxies"
FILES_TO_IGNORE = [] # if you want to skip a specific cluster in the generation
# Variables for statistics
@ -61,7 +62,10 @@ We encourage collaboration and contributions to the [MISP Galaxy JSON files](htt
class Galaxy:
def __init__(self, cluster_list: List[dict], authors, description, name, json_file_name):
def __init__(
self, cluster_list: List[dict], authors, description, name, json_file_name
):
self.cluster_list = cluster_list
self.authors = authors
self.description = description
@ -142,6 +146,7 @@ class Cluster:
self.galaxie = galaxie
self.related_clusters = []
global public_clusters_dict
if self.galaxie:
public_clusters_dict[self.uuid] = self.galaxie
@ -296,6 +301,7 @@ class Cluster:
related_clusters = [
cluster for cluster in related_clusters if cluster not in to_remove
]
self.related_clusters = related_clusters
return related_clusters
@ -525,7 +531,7 @@ def main():
if not os.path.exists(SITE_PATH):
os.mkdir(SITE_PATH)
for galaxy in galaxies[:7]:
for galaxy in galaxies:
galaxy.write_entry(SITE_PATH, cluster_dict)
index_output = create_index(galaxies)

48
tools/mkdocs/requirements.txt Normal file
View file

@ -0,0 +1,48 @@
Babel==2.14.0
bracex==2.4
certifi==2023.11.17
cffi==1.16.0
charset-normalizer==3.3.2
click==8.1.7
colorama==0.4.6
cryptography==42.0.1
Deprecated==1.2.14
ghp-import==2.1.0
gitdb==4.0.11
GitPython==3.1.41
graphviz==0.20.1
idna==3.6
Jinja2==3.1.3
Markdown==3.5.2
MarkupSafe==2.1.4
mergedeep==1.3.4
mkdocs==1.5.3
mkdocs-awesome-pages-plugin==2.9.2
mkdocs-git-committers-plugin==0.2.3
mkdocs-material==9.5.6
mkdocs-material-extensions==1.3.1
mkdocs-rss-plugin==1.12.0
natsort==8.4.0
packaging==23.2
paginate==0.5.6
pathspec==0.12.1
platformdirs==4.1.0
pycparser==2.21
PyGithub==2.2.0
Pygments==2.17.2
PyJWT==2.8.0
pymdown-extensions==10.7
PyNaCl==1.5.0
python-dateutil==2.8.2
PyYAML==6.0.1
pyyaml_env_tag==0.1
regex==2023.12.25
requests==2.31.0
six==1.16.0
smmap==5.0.1
typing_extensions==4.9.0
urllib3==2.1.0
validators==0.22.0
watchdog==3.0.0
wcmatch==8.5
wrapt==1.16.0

313
tools/mkdocs/site/docs/01_attachements/javascripts/graph.js Normal file
View file

@ -0,0 +1,313 @@
document$.subscribe(function () {
const NODE_RADIUS = 8;
const NODE_COLOR = "#69b3a2";
const Parent_Node_COLOR = "#ff0000";
function parseFilteredTable(tf, allData) {
var data = [];
tf.getFilteredData().forEach((row, i) => {
sourcePath = allData[row[0] - 2].sourcePath;
targetPath = allData[row[0] - 2].targetPath;
data.push({
source: row[1][0],
sourcePath: sourcePath,
target: row[1][1],
targetPath: targetPath,
level: row[1][2]
});
});
return data;
}
function parseTable(table) {
var data = [];
table.querySelectorAll("tr").forEach((row, i) => {
if (i > 1) {
var cells = row.querySelectorAll("td");
var sourceAnchor = cells[0].querySelector("a");
var sourcePath = sourceAnchor ? sourceAnchor.getAttribute("href") : null;
var targetAnchor = cells[1].querySelector("a");
var targetPath = targetAnchor ? targetAnchor.getAttribute("href") : null;
data.push({
source: cells[0].textContent,
target: cells[1].textContent,
sourcePath: sourcePath,
targetPath: targetPath,
level: cells[2].textContent
});
}
});
return data;
}
function processNewData(newData) {
var nodePaths = {};
newData.forEach(d => {
nodePaths[d.source] = d.sourcePath || null;
nodePaths[d.target] = d.targetPath || null;
});
var newNodes = Array.from(new Set(newData.flatMap(d => [d.source, d.target])))
.map(id => ({
id,
path: nodePaths[id]
}));
var newLinks = newData.map(d => ({ source: d.source, target: d.target }));
return { newNodes, newLinks };
}
function filterTableAndGraph(tf, simulation, data) {
var filteredData = parseFilteredTable(tf, data);
var { newNodes, newLinks } = processNewData(filteredData);
simulation.update({ newNodes: newNodes, newLinks: newLinks });
}
function createForceDirectedGraph(data, elementId) {
var nodePaths = {};
data.forEach(d => {
nodePaths[d.source] = d.sourcePath || null;
nodePaths[d.target] = d.targetPath || null;
});
var nodes = Array.from(new Set(data.flatMap(d => [d.source, d.target])))
.map(id => ({
id,
path: nodePaths[id]
}));
var links = data.map(d => ({ source: d.source, target: d.target }));
var tooltip = d3.select("body").append("div")
.attr("class", "tooltip") // Add relevant classes for styling
.style("opacity", 0);
// Set up the dimensions of the graph
var width = 800, height = 1000;
var svg = d3.select(elementId).append("svg")
.attr("width", width)
.attr("height", height);
// Create a force simulation
linkDistance = Math.sqrt((width * height) / nodes.length);
var simulation = d3.forceSimulation(nodes)
.force("link", d3.forceLink(links).id(d => d.id).distance(linkDistance))
.force("charge", d3.forceManyBody().strength(-50))
.force("center", d3.forceCenter(width / 2, height / 2))
.alphaDecay(0.02); // A lower value, adjust as needed
// Create links
var link = svg.append("g")
.attr("stroke", "#999")
.attr("stroke-opacity", 0.6)
.selectAll("line")
.data(links)
.enter().append("line")
.attr("stroke-width", d => Math.sqrt(d.value));
// Create nodes
var node = svg.append("g")
.attr("stroke", "#fff")
.attr("stroke-width", 1.5)
.selectAll("circle")
.data(nodes)
.enter().append("circle")
.attr("r", function (d, i) {
return i === 0 ? NODE_RADIUS + 5 : NODE_RADIUS;
})
.attr("fill", function (d, i) {
return i === 0 ? Parent_Node_COLOR : NODE_COLOR;
});
// Apply tooltip on nodes
node.on("mouseover", function (event, d) {
tooltip.transition()
.duration(200)
.style("opacity", .9);
tooltip.html(d.id)
.style("left", (event.pageX) + "px")
.style("top", (event.pageY - 28) + "px");
})
.on("mousemove", function (event) {
tooltip.style("left", (event.pageX) + "px")
.style("top", (event.pageY - 28) + "px");
})
.on("mouseout", function (d) {
tooltip.transition()
.duration(500)
.style("opacity", 0);
});
// Apply links on nodes
node.on("dblclick", function (event, d) {
location.href = d.path;
});
// Define drag behavior
var drag = d3.drag()
.on("start", dragstarted)
.on("drag", dragged)
.on("end", dragended);
// Apply drag behavior to nodes
node.call(drag);
function dragstarted(event, d) {
if (!event.active) simulation.alphaTarget(0.3).restart();
d.fx = d.x;
d.fy = d.y;
}
function dragged(event, d) {
d.fx = event.x;
d.fy = event.y;
}
function dragended(event, d) {
// Do not reset the fixed positions
if (!event.active) simulation.alphaTarget(0);
}
// Update positions on each simulation 'tick'
simulation.on("tick", () => {
nodes.forEach(d => {
d.x = Math.max(NODE_RADIUS, Math.min(width - NODE_RADIUS, d.x));
d.y = Math.max(NODE_RADIUS, Math.min(height - NODE_RADIUS, d.y));
});
link
.attr("x1", d => d.source.x)
.attr("y1", d => d.source.y)
.attr("x2", d => d.target.x)
.attr("y2", d => d.target.y);
node
.attr("cx", d => d.x)
.attr("cy", d => d.y);
});
return Object.assign(svg.node(), {
update({ newNodes, newLinks }) {
const oldNodesMap = new Map(node.data().map(d => [d.id, d]));
nodes = newNodes.map(d => Object.assign(oldNodesMap.get(d.id) || {}, d));
// Update nodes with new data
node = node.data(nodes, d => d.id)
.join(
enter => enter.append("circle")
.attr("r", function (d, i) {
return i === 0 ? NODE_RADIUS + 5 : NODE_RADIUS;
})
.attr("fill", function (d, i) {
return i === 0 ? Parent_Node_COLOR : NODE_COLOR;
}),
update => update,
exit => exit.remove()
);
node.call(drag);
// Apply tooltip on nodes
node.on("mouseover", function (event, d) {
tooltip.transition()
.duration(200)
.style("opacity", .9);
tooltip.html(d.id)
.style("left", (event.pageX) + "px")
.style("top", (event.pageY - 28) + "px");
})
.on("mousemove", function (event) {
tooltip.style("left", (event.pageX) + "px")
.style("top", (event.pageY - 28) + "px");
})
.on("mouseout", function (d) {
tooltip.transition()
.duration(500)
.style("opacity", 0);
});
// Apply links on nodes
node.on("dblclick", function (event, d) {
console.log("Node: " + d.id);
console.log(d);
console.log("Source Path: " + d.sourcePath);
location.href = d.path;
});
// Process new links
const oldLinksMap = new Map(link.data().map(d => [`${d.source.id},${d.target.id}`, d]));
links = newLinks.map(d => Object.assign(oldLinksMap.get(`${d.source.id},${d.target.id}`) || {}, d));
// Update links with new data
link = link.data(links, d => `${d.source.id},${d.target.id}`)
.join(
enter => enter.append("line")
.attr("stroke-width", d => Math.sqrt(d.value)),
update => update,
exit => exit.remove()
);
// Restart the simulation with new data
simulation.nodes(nodes);
simulation.force("link").links(links);
simulation.alpha(1).restart();
}
});
}
// Find all tables that have a th with the class .graph and generate Force-Directed Graphs
document.querySelectorAll("table").forEach((table, index) => {
var graphHeader = table.querySelector("th.graph");
if (graphHeader) {
var tf = new TableFilter(table, {
base_path: "../../../../01_attachements/modules/tablefilter/",
highlight_keywords: true,
col_2: "checklist",
col_widths: ["350px", "350px", "100px"],
col_types: ["string", "string", "number"],
grid_layout: false,
responsive: false,
watermark: ["Filter table ...", "Filter table ..."],
auto_filter: {
delay: 100 //milliseconds
},
filters_row_index: 1,
state: false,
rows_counter: true,
status_bar: true,
themes: [{
name: "transparent",
}],
btn_reset: {
tooltip: "Reset",
toolbar_position: "right",
},
toolbar: true,
extensions: [{
name: "sort",
},
{
name: 'filtersVisibility',
description: 'Sichtbarkeit der Filter',
toolbar_position: 'right',
}],
});
tf.init();
var data = parseTable(table);
var graphId = "graph" + index;
var div = document.createElement("div");
div.id = graphId;
table.parentNode.insertBefore(div, table);
var simulation = createForceDirectedGraph(data, "#" + graphId);
// Listen for table filtering events
tf.emitter.on(['after-filtering'], function () {
filterTableAndGraph(tf, simulation, data);
});
}
});
});

168
tools/mkdocs/site/docs/01_attachements/javascripts/statistics.js Normal file
View file

@ -0,0 +1,168 @@
document$.subscribe(function () {
function parseTable(table) {
var data = [];
table.querySelectorAll("tr").forEach((row, i) => {
if (i > 0) {
var cells = row.querySelectorAll("td");
data.push({ name: cells[1].textContent, value: Number(cells[2].textContent) });
}
});
return data;
}
function createPieChart(data, elementId) {
// Set up the dimensions of the graph
var width = 500, height = 500;
// Append SVG for the graph
var svg = d3.select(elementId).append("svg")
.attr("width", width)
.attr("height", height);
// Set up the dimensions of the graph
var radius = Math.min(width, height) / 2 - 20;
// Append a group to the SVG
var g = svg.append("g")
.attr("transform", "translate(" + width / 2 + "," + height / 2 + ")");
// Set up the color scale
var color = d3.scaleOrdinal()
.domain(data.map(d => d.name))
.range(d3.quantize(t => d3.interpolateSpectral(t * 0.8 + 0.1), data.length).reverse());
// Compute the position of each group on the pie
var pie = d3.pie()
.value(d => d.value);
var data_ready = pie(data);
// Build the pie chart
g.selectAll('whatever')
.data(data_ready)
.enter()
.append('path')
.attr('d', d3.arc()
.innerRadius(0)
.outerRadius(radius)
)
.attr('fill', d => color(d.data.name))
.attr("stroke", "black")
.style("stroke-width", "2px")
.style("opacity", 0.7);
// Add labels
g.selectAll('whatever')
.data(data_ready)
.enter()
.append('text')
.text(d => d.data.name)
.attr("transform", d => "translate(" + d3.arc().innerRadius(0).outerRadius(radius).centroid(d) + ")")
.style("text-anchor", "middle")
.style("font-size", 17);
}
function createBarChart(data, elementId, mode) {
// Set up the dimensions of the graph
var svgWidth = 1000, svgHeight = 1000;
var margin = { top: 20, right: 200, bottom: 350, left: 60 }, // Increase bottom margin for x-axis labels
width = svgWidth - margin.left - margin.right,
height = svgHeight - margin.top - margin.bottom;
// Append SVG for the graph
var svg = d3.select(elementId).append("svg")
.attr("width", svgWidth)
.attr("height", svgHeight)
.append("g")
.attr("transform", "translate(" + margin.left + "," + margin.top + ")");
// Set up the scales
var x = d3.scaleBand()
.range([0, width])
.padding(0.2)
.domain(data.map(d => d.name));
var maxYValue = d3.max(data, d => d.value);
if (mode == "log") {
var minYValue = d3.min(data, d => d.value);
if (minYValue <= 0) {
console.error("Logarithmic scale requires strictly positive values");
return;
}
}
var y = mode == "log" ? d3.scaleLog().range([height, 0]).domain([1, maxYValue]) : d3.scaleLinear().range([height, 0]).domain([0, maxYValue + maxYValue * 0.1]);
// Set up the color scale
var color = d3.scaleOrdinal()
.range(d3.schemeCategory10);
// Set up the axes
var xAxis = d3.axisBottom(x)
.tickSize(0)
.tickPadding(6);
var yAxis = d3.axisLeft(y);
// Add the bars
svg.selectAll(".bar")
.data(data)
.enter().append("rect")
.attr("class", "bar")
.attr("x", d => x(d.name))
.attr("y", d => {
if (mode == "log") {
return y(Math.max(1, d.value));
} else if (mode == "linear") {
return y(d.value);
}
})
.attr("width", x.bandwidth())
.attr("height", d => {
if (mode == "log") {
return height - y(Math.max(1, d.value));
} else if (mode == "linear") {
return height - y(d.value);
}
})
.attr("fill", d => color(d.name));
// Add and rotate x-axis labels
svg.append("g")
.attr("transform", "translate(0," + height + ")")
.call(xAxis)
.selectAll("text")
.style("text-anchor", "end")
.attr("dx", "-.8em")
.attr("dy", ".15em")
.attr("transform", "rotate(-65)"); // Rotate the labels
// Add the y-axis
svg.append("g")
.call(yAxis);
}
document.querySelectorAll("table").forEach((table, index) => {
var pieChart = table.querySelector("th.pie-chart");
var barChart = table.querySelector("th.bar-chart");
var logBarChart = table.querySelector("th.log-bar-chart");
graphId = "graph" + index;
var div = document.createElement("div");
div.id = graphId;
table.parentNode.insertBefore(div, table);
if (pieChart) {
var data = parseTable(table);
createPieChart(data, "#" + graphId);
}
if (barChart) {
var data = parseTable(table);
createBarChart(data, "#" + graphId, "linear");
}
if (logBarChart) {
var data = parseTable(table);
createBarChart(data, "#" + graphId, "log");
}
})
});

53
tools/mkdocs/site/docs/01_attachements/javascripts/tablefilter.js Normal file
View file

@ -0,0 +1,53 @@
document$.subscribe(function () {
var tables = document.querySelectorAll("article table")
tables.forEach(function (table) {
var excludeTable = table.querySelector("td.no-filter, th.no-filter");
if (!excludeTable) {
var tf = new TableFilter(table, {
base_path: "https://unpkg.com/tablefilter@0.7.3/dist/tablefilter/",
highlight_keywords: true,
// col_0: "select",
// col_1: "select",
col_2: "checklist",
col_widths: ["350px", "350px", "100px"],
col_types: ["string", "string", "number"],
grid_layout: false,
responsive: false,
watermark: ["Filter table ...", "Filter table ..."],
auto_filter: {
delay: 100 //milliseconds
},
filters_row_index: 1,
state: true,
// alternate_rows: true,
rows_counter: true,
status_bar: true,
themes: [{
name: "transparent",
}],
btn_reset: {
tooltip: "Reset",
toolbar_position: "right",
},
// no_results_message: {
// content: "No matching records found",
// },
toolbar: true,
extensions: [{
name: "sort",
},
{
name: 'filtersVisibility',
description: 'Sichtbarkeit der Filter',
toolbar_position: 'right',
},],
})
tf.init()
}
})
})

2
tools/mkdocs/site/docs/01_attachements/modules/d3.min.js vendored Normal file
View file

File diff suppressed because one or more lines are too long

1
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/colsVisibility.css Normal file
View file

@ -0,0 +1 @@
span.colVisSpan{text-align:left;}span.colVisSpan a.colVis{display:inline-block;padding:7px 5px 0;font-size:inherit;font-weight:inherit;vertical-align:top}div.colVisCont{position:relative;background:#fff;-webkit-box-shadow:3px 3px 2px #888;-moz-box-shadow:3px 3px 2px #888;box-shadow:3px 3px 2px #888;position:absolute;display:none;border:1px solid #ccc;height:auto;width:250px;background-color:#fff;margin:35px 0 0 -100px;z-index:10000;padding:10px 10px 10px 10px;text-align:left;font-size:inherit;}div.colVisCont:after,div.colVisCont:before{bottom:100%;left:50%;border:solid transparent;content:" ";height:0;width:0;position:absolute;pointer-events:none}div.colVisCont:after{border-color:rgba(255,255,255,0);border-bottom-color:#fff;border-width:10px;margin-left:-10px}div.colVisCont:before{border-color:rgba(255,255,255,0);border-bottom-color:#ccc;border-width:12px;margin-left:-12px}div.colVisCont p{margin:6px auto 6px auto}div.colVisCont a.colVis{display:initial;font-weight:inherit}ul.cols_checklist{padding:0;margin:0;list-style-type:none;}ul.cols_checklist label{display:block}ul.cols_checklist input{vertical-align:middle;margin:2px 5px 2px 1px}li.cols_checklist_item{padding:4px;margin:0;}li.cols_checklist_item:hover{background-color:#335ea8;color:#fff}.cols_checklist_slc_item{background-color:#335ea8;color:#fff}

1
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/filtersVisibility.css Normal file
View file

@ -0,0 +1 @@
span.expClpFlt a.btnExpClpFlt{width:35px;height:35px;display:inline-block;}span.expClpFlt a.btnExpClpFlt:hover{background-color:#f4f4f4}span.expClpFlt img{padding:8px 11px 11px 11px}

1
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/tablefilter.css Normal file
View file

File diff suppressed because one or more lines are too long

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/blank.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 144 B

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/btn_clear_filters.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 360 B

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/btn_filter.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 325 B

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/btn_first_page.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 63 B

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/btn_last_page.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 61 B

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/btn_next_page.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 59 B

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/btn_previous_page.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 58 B

1
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/default/default.css Normal file
View file

@ -0,0 +1 @@
table.TF{border-left:1px solid #ccc;border-top:none;border-right:none;border-bottom:none;}table.TF th{background:#ebecee url("images/bg_th.jpg") left top repeat-x;border-bottom:1px solid #d0d0d0;border-right:1px solid #d0d0d0;border-left:1px solid #fff;border-top:1px solid #fff;color:#333}table.TF td{border-bottom:1px dotted #999;padding:5px}.fltrow{background-color:#ebecee !important;}.fltrow th,.fltrow td{border-bottom:1px dotted #666 !important;padding:1px 3px 1px 3px !important}.flt,select.flt,select.flt_multi,.flt_s,.single_flt,.div_checklist{border:1px solid #999 !important}input.flt{width:99% !important}.inf{height:$min-height;background:#d7d7d7 url("images/bg_infDiv.jpg") 0 0 repeat-x !important}input.reset{background:transparent url("images/btn_eraser.gif") center center no-repeat !important}.helpBtn:hover{background-color:transparent}.nextPage{background:transparent url("images/btn_next_page.gif") center center no-repeat !important;}.nextPage:hover{background:transparent url("images/btn_over_next_page.gif") center center no-repeat !important}.previousPage{background:transparent url("images/btn_previous_page.gif") center center no-repeat !important;}.previousPage:hover{background:transparent url("images/btn_over_previous_page.gif") center center no-repeat !important}.firstPage{background:transparent url("images/btn_first_page.gif") center center no-repeat !important;}.firstPage:hover{background:transparent url("images/btn_over_first_page.gif") center center no-repeat !important}.lastPage{background:transparent url("images/btn_last_page.gif") center center no-repeat !important;}.lastPage:hover{background:transparent url("images/btn_over_last_page.gif") center center no-repeat !important}div.grd_Cont{background-color:#ebecee !important;border:1px solid #ccc !important;padding:0 !important;}div.grd_Cont .even{background-color:#fff}div.grd_Cont .odd{background-color:#d5d5d5}div.grd_headTblCont{background-color:#ebecee !important;border-bottom:none !important;}div.grd_headTblCont table{border-right:none !important}div.grd_tblCont table th,div.grd_headTblCont table th,div.grd_headTblCont table td{background:#ebecee url("images/bg_th.jpg") left top repeat-x !important;border-bottom:1px solid #d0d0d0 !important;border-right:1px solid #d0d0d0 !important;border-left:1px solid #fff !important;border-top:1px solid #fff !important}div.grd_tblCont table td{border-bottom:1px solid #999 !important}.grd_inf{background:#d7d7d7 url("images/bg_infDiv.jpg") 0 0 repeat-x !important;border-top:1px solid #d0d0d0 !important}.loader{border:1px solid #999}.defaultLoader{width:32px;height:32px;background:transparent url("images/img_loading.gif") 0 0 no-repeat !important}.even{background-color:#fff}.odd{background-color:#d5d5d5}span.expClpFlt a.btnExpClpFlt:hover{background-color:transparent !important}.activeHeader{background:#999 !important}

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/default/images/bg_infDiv.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 303 B

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/default/images/bg_th.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 326 B

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/default/images/btn_eraser.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 356 B

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/default/images/btn_first_page.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 332 B

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/default/images/btn_last_page.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 331 B

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/default/images/btn_next_page.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 187 B

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/default/images/btn_over_eraser.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 440 B

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/default/images/btn_over_first_page.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 640 B

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/default/images/btn_over_last_page.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 427 B

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/default/images/btn_over_next_page.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 393 B

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/default/images/btn_over_previous_page.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 395 B

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/default/images/btn_previous_page.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 290 B

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/default/images/img_loading.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 3.2 KiB

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/downsimple.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 201 B

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/icn_clp.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 441 B

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/icn_exp.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 469 B

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/icn_filter.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 68 B

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/icn_filterActive.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 78 B

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/mytheme/images/bg_headers.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 300 B

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/mytheme/images/bg_infDiv.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 303 B

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/mytheme/images/btn_filter.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 928 B

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/mytheme/images/btn_first_page.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 63 B

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/mytheme/images/btn_last_page.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 61 B

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/mytheme/images/btn_next_page.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 59 B

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/mytheme/images/btn_previous_page.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 58 B

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/mytheme/images/img_loading.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 8.6 KiB

1
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/mytheme/mytheme.css Normal file
View file

@ -0,0 +1 @@
table.TF{border-left:1px dotted #81963b;border-top:none;border-right:0;border-bottom:none;}table.TF th{background:#39424b url("images/bg_headers.jpg") left top repeat-x;border-bottom:0;border-right:1px dotted #d0d0d0;border-left:0;border-top:0;color:#fff}table.TF td{border-bottom:1px dotted #81963b;border-right:1px dotted #81963b;padding:5px}.fltrow{background-color:#81963b !important;}.fltrow th,.fltrow td{border-bottom:1px dotted #39424b !important;border-right:1px dotted #fff !important;border-left:0 !important;border-top:0 !important;padding:1px 3px 1px 3px !important}.flt,select.flt,select.flt_multi,.flt_s,.single_flt,.div_checklist{border:1px solid #687830 !important}input.flt{width:99% !important}.inf{background:#d8d8d8;height:$min-height}input.reset{width:53px;background:transparent url("images/btn_filter.png") center center no-repeat !important}.helpBtn:hover{background-color:transparent}.nextPage{background:transparent url("images/btn_next_page.gif") center center no-repeat !important}.previousPage{background:transparent url("images/btn_previous_page.gif") center center no-repeat !important}.firstPage{background:transparent url("images/btn_first_page.gif") center center no-repeat !important}.lastPage{background:transparent url("images/btn_last_page.gif") center center no-repeat !important}div.grd_Cont{background:#81963b url("images/bg_headers.jpg") left top repeat-x !important;border:1px solid #ccc !important;padding:0 1px 1px 1px !important;}div.grd_Cont .even{background-color:#bccd83}div.grd_Cont .odd{background-color:#fff}div.grd_headTblCont{background-color:#ebecee !important;border-bottom:none !important}div.grd_tblCont table{border-right:none !important;}div.grd_tblCont table td{border-bottom:1px dotted #81963b;border-right:1px dotted #81963b}div.grd_tblCont table th,div.grd_headTblCont table th{background:transparent url("images/bg_headers.jpg") 0 0 repeat-x !important;border-bottom:0 !important;border-right:1px dotted #d0d0d0 !important;border-left:0 !important;border-top:0 !important;padding:0 4px 0 4px !important;color:#fff !important;height:35px !important}div.grd_headTblCont table td{border-bottom:1px dotted #39424b !important;border-right:1px dotted #fff !important;border-left:0 !important;border-top:0 !important;background-color:#81963b !important;padding:1px 3px 1px 3px !important}.grd_inf{background-color:#d8d8d8;border-top:1px solid #d0d0d0 !important}.loader{border:0 !important;background:#81963b !important}.defaultLoader{width:32px;height:32px;background:transparent url("images/img_loading.gif") 0 0 no-repeat !important}.even{background-color:#bccd83}.odd{background-color:#fff}span.expClpFlt a.btnExpClpFlt:hover{background-color:transparent !important}.activeHeader{background:#81963b !important}

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/skyblue/images/bg_skyblue.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 554 B

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/skyblue/images/btn_first_page.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 118 B

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/skyblue/images/btn_last_page.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 118 B

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/skyblue/images/btn_next_page.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 97 B

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/skyblue/images/btn_prev_page.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 97 B

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/skyblue/images/icn_clear_filters.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 601 B

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/skyblue/images/img_loading.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 847 B

1
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/skyblue/skyblue.css Normal file
View file

@ -0,0 +1 @@
table.TF{padding:0;color:#000;border-right:1px solid #a4bed4;border-top:1px solid #a4bed4;border-left:1px solid #a4bed4;border-bottom:0;}table.TF th{margin:0;color:inherit;background:#d1e5fe url("images/bg_skyblue.gif") 0 0 repeat-x;border-color:#fdfdfd #a4bed4 #a4bed4 #fdfdfd;border-width:1px;border-style:solid}table.TF td{margin:0;padding:5px;color:inherit;border-bottom:1px solid #a4bed4;border-left:0;border-top:0;border-right:0}.fltrow{background-color:#d1e5fe !important;}.fltrow th,.fltrow td{padding:1px 3px 1px 3px !important}.flt,select.flt,select.flt_multi,.flt_s,.single_flt,.div_checklist{border:1px solid #a4bed4 !important}input.flt{width:99% !important}.inf{background-color:#e3efff !important;border:1px solid #a4bed4;height:$min-height;color:#004a6f}div.tot,div.status{border-right:0 !important}.helpBtn:hover{background-color:transparent}input.reset{background:transparent url("images/icn_clear_filters.png") center center no-repeat !important}.nextPage{background:transparent url("images/btn_next_page.gif") center center no-repeat !important;border:1px solid transparent !important;}.nextPage:hover{background:#ffe4ab url("images/btn_next_page.gif") center center no-repeat !important;border:1px solid #ffb552 !important}.previousPage{background:transparent url("images/btn_prev_page.gif") center center no-repeat !important;border:1px solid transparent !important;}.previousPage:hover{background:#ffe4ab url("images/btn_prev_page.gif") center center no-repeat !important;border:1px solid #ffb552 !important}.firstPage{background:transparent url("images/btn_first_page.gif") center center no-repeat !important;border:1px solid transparent !important;}.firstPage:hover{background:#ffe4ab url("images/btn_first_page.gif") center center no-repeat !important;border:1px solid #ffb552 !important}.lastPage{background:transparent url("images/btn_last_page.gif") center center no-repeat !important;border:1px solid transparent !important;}.lastPage:hover{background:#ffe4ab url("images/btn_last_page.gif") center center no-repeat !important;border:1px solid #ffb552 !important}.activeHeader{background:#ffe4ab !important;border:1px solid #ffb552 !important;color:inherit !important}div.grd_Cont{background-color:#d9eaed !important;border:1px solid #9cc !important;padding:0 !important;}div.grd_Cont .even{background-color:#fff}div.grd_Cont .odd{background-color:#e3efff}div.grd_headTblCont{background-color:#d9eaed !important;border-bottom:none !important}div.grd_tblCont table{border-right:none !important}div.grd_tblCont table th,div.grd_headTblCont table th,div.grd_headTblCont table td{background:#d9eaed url("images/bg_skyblue.gif") left top repeat-x;border-bottom:1px solid #a4bed4;border-right:1px solid #a4bed4 !important;border-left:1px solid #fff !important;border-top:1px solid #fff !important}div.grd_tblCont table td{border-bottom:1px solid #a4bed4 !important;border-right:0 !important;border-left:0 !important;border-top:0 !important}.grd_inf{background-color:#cce2fe;color:#004a6f;border-top:1px solid #9cc !important;}.grd_inf a{text-decoration:none;font-weight:bold}.loader{background-color:#2d8eef;border:1px solid #cce2fe;border-radius:5px}.even{background-color:#fff}.odd{background-color:#e3efff}span.expClpFlt a.btnExpClpFlt:hover{background-color:transparent !important}.ezActiveRow{background-color:#ffdc61 !important;color:inherit}.ezSelectedRow{background-color:#ffe4ab !important;color:inherit}.ezActiveCell{background-color:#fff !important;color:#000 !important;font-weight:bold}.ezETSelectedCell{background-color:#fff !important;font-weight:bold;color:#000 !important}

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/transparent/images/btn_first_page.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 63 B

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/transparent/images/btn_last_page.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 61 B

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/transparent/images/btn_next_page.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 59 B

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/transparent/images/btn_prev_page.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 58 B

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/transparent/images/icn_clear_filters.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 601 B

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/transparent/images/img_loading.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 847 B

1
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/transparent/transparent.css Normal file
View file

@ -0,0 +1 @@
table.TF{padding:0;color:inherit;border-right:1px solid transparent;border-top:1px solid transparent;border-left:1px solid transparent;border-bottom:0;}table.TF th{margin:0;color:inherit;background-color:transparent;border-color:transparent;border-width:1px;border-style:solid;}table.TF th:last-child{border-right:1px solid transparent}table.TF td{margin:0;padding:5px;color:inherit;border-bottom:1px solid transparent;border-left:0;border-top:0;border-right:0}.fltrow{background-color:transparent;}.fltrow th,.fltrow td{padding:1px 3px 1px 3px;border-bottom:1px solid transparent !important;}.fltrow th:last-child,.fltrow td:last-child{border-right:1px solid transparent}.flt,select.flt,select.flt_multi,.flt_s,.single_flt,.div_checklist{border:1px solid #a4bed4}input.flt{width:99% !important}.inf{background-color:transparent;border:1px solid transparent;height:$min-height;color:inherit}div.tot,div.status{border-right:0 !important}.helpBtn:hover{background-color:transparent}input.reset{background:transparent url("images/icn_clear_filters.png") center center no-repeat !important}.nextPage{background:transparent url("images/btn_next_page.gif") center center no-repeat !important;border:1px solid transparent !important;}.nextPage:hover{background:#f7f7f7 url("images/btn_next_page.gif") center center no-repeat !important;border:1px solid #f7f7f7 !important}.previousPage{background:transparent url("images/btn_prev_page.gif") center center no-repeat !important;border:1px solid transparent !important;}.previousPage:hover{background:#f7f7f7 url("images/btn_prev_page.gif") center center no-repeat !important;border:1px solid #f7f7f7 !important}.firstPage{background:transparent url("images/btn_first_page.gif") center center no-repeat !important;border:1px solid transparent !important;}.firstPage:hover{background:#f7f7f7 url("images/btn_first_page.gif") center center no-repeat !important;border:1px solid #f7f7f7 !important}.lastPage{background:transparent url("images/btn_last_page.gif") center center no-repeat !important;border:1px solid transparent !important;}.lastPage:hover{background:#f7f7f7 url("images/btn_last_page.gif") center center no-repeat !important;border:1px solid #f7f7f7 !important}.activeHeader{background:#f7f7f7 !important;border:1px solid transparent;color:inherit !important}div.grd_Cont{-webkit-box-shadow:0 0 0 0 rgba(50,50,50,0.75);-moz-box-shadow:0 0 0 0 rgba(50,50,50,0.75);box-shadow:0 0 0 0 rgba(50,50,50,0.75);background-color:transparent;border:1px solid transparent;padding:0 !important;}div.grd_Cont .even{background-color:transparent}div.grd_Cont .odd{background-color:#f7f7f7}div.grd_headTblCont{background-color:transparent;border-bottom:none !important}div.grd_tblCont table{border-right:none !important}div.grd_tblCont table th,div.grd_headTblCont table th,div.grd_headTblCont table td{background:transparent;border-bottom:1px solid transparent;border-right:1px solid transparent !important;border-left:1px solid transparent;border-top:1px solid transparent}div.grd_tblCont table td{border-bottom:1px solid transparent;border-right:0 !important;border-left:0 !important;border-top:0 !important}.grd_inf{background-color:transparent;color:inherit;border-top:1px solid transparent;}.grd_inf a{text-decoration:none;font-weight:bold}.loader{background-color:#f7f7f7;border:1px solid #f7f7f7;border-radius:5px;color:#000;text-shadow:none}.even{background-color:transparent}.odd{background-color:#f7f7f7}span.expClpFlt a.btnExpClpFlt:hover{background-color:transparent !important}.ezActiveRow{background-color:#ccc !important;color:inherit}.ezSelectedRow{background-color:#ccc !important;color:inherit}.ezActiveCell{background-color:transparent;color:inherit;font-weight:bold}.ezETSelectedCell{background-color:transparent;font-weight:bold;color:inherit}

BIN
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/style/themes/upsimple.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 201 B

1
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/tablefilter.js Normal file
View file

File diff suppressed because one or more lines are too long

1
tools/mkdocs/site/docs/01_attachements/modules/tablefilter/tf-1-2aa33b10e0e549020c12.js Normal file
View file

File diff suppressed because one or more lines are too long

10
tools/mkdocs/site/docs/01_attachements/stylesheets/graph.css Normal file
View file

@ -0,0 +1,10 @@
.tooltip {
position: absolute;
text-align: center;
padding: 8px;
background: lightgrey;
border: 0px;
border-radius: 4px;
pointer-events: none;
color: black;
}

21
tools/mkdocs/site/mkdocs.yml
View file

@ -23,6 +23,7 @@ theme:
- navigation.footer
- search.highlight
- search.share
- navigation.instant.preview
palette:
# Palette toggle for automatic mode
@ -46,7 +47,10 @@ theme:
markdown_extensions:
- admonition
- pymdownx.details
- pymdownx.superfences
- pymdownx.superfences:
custom_fences:
- name: mermaid
class: mermaid
- tables
- attr_list
- pymdownx.emoji:
@ -61,8 +65,23 @@ extra:
link: https://github.com/misp
generator: false
extra_javascript:
# - javascripts/tablefilter.js
# - "https://unpkg.com/tablefilter@0.7.3/dist/tablefilter/tablefilter.js"
# - "https://d3js.org/d3.v6.min.js"
- 01_attachements/javascripts/graph.js
- 01_attachements/javascripts/statistics.js
# - node_modules/tablefilter/dist/tablefilter/tablefilter.js
# - node_modules/d3/dist/d3.min.js
- 01_attachements/modules/d3.min.js
- 01_attachements/modules/tablefilter/tablefilter.js
extra_css:
- 01_attachements/stylesheets/graph.css
plugins:
- search
- rss
- awesome-pages
#- git-committers:
# branch: main