MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-22 23:07:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge branch 'main' into fix

Browse source
This commit is contained in:
Rony 2024-04-27 00:31:16 +05:30 committed by GitHub
commit e71398bbd5
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
23 changed files with 205508 additions and 34858 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
.vscode/launch.json vendored Normal file
View file

@ -0,0 +1,23 @@
{
"version": "0.2.0",
"configurations": [
{
"name": "gen_interpol_dwvat",
"type": "debugpy",
"request": "launch",
"program": "${file}",
"console": "integratedTerminal",
"args": "-p ../../DW-VA-Taxonomy",
"cwd": "${fileDirname}"
},
{
"name": "Python Debugger: Current File",
"type": "debugpy",
"request": "launch",
"program": "${file}",
"console": "integratedTerminal",
"cwd": "${fileDirname}"
}
]
}

52
README.md
View file

@ -6,7 +6,7 @@
MISP galaxy is a simple method to express a large object called cluster that can be attached to MISP events or
attributes. A cluster can be composed of one or more elements. Elements are expressed as key-values. There
are default knowledge base (such as Threat Actors, Tools, Ransomware, ATT&CK matrixes) available in MISP galaxy
are default knowledge base (such as Threat Actors, Tools, Ransomware, ATT&CK matrixes) available in MISP galaxy
but those can be overwritten, replaced, updated, forked and shared as you wish.
Existing clusters and vocabularies can be used as-is or as a common knowledge base. MISP distribution can be applied
@ -63,7 +63,7 @@ Category: *guidelines* - source: *Open Sources* - total: *71* elements
[Backdoor](https://www.misp-project.org/galaxy.html#_backdoor) - A list of backdoor malware.
Category: *tool* - source: *Open Sources* - total: *24* elements
Category: *tool* - source: *Open Sources* - total: *28* elements
[[HTML](https://www.misp-project.org/galaxy.html#_backdoor)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/backdoor.json)]
@ -211,6 +211,14 @@ Category: *Intelligence Agencies* - source: *https://en.wikipedia.org/wiki/List_
[[HTML](https://www.misp-project.org/galaxy.html#_intelligence_agencies)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/intelligence-agencies.json)]
## INTERPOL DWVA Taxonomy
[INTERPOL DWVA Taxonomy](https://www.misp-project.org/galaxy.html#_interpol_dwva_taxonomy) - This taxonomy defines common forms of abuses and entities that represent real-world actors and service that are part of a larger Darknet- and Cryptoasset Ecosystems.
Category: *dwva* - source: *https://interpol-innovation-centre.github.io/DW-VA-Taxonomy/* - total: *94* elements
[[HTML](https://www.misp-project.org/galaxy.html#_interpol_dwva_taxonomy)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/interpol-dwva.json)]
## Malpedia
[Malpedia](https://www.misp-project.org/galaxy.html#_malpedia) - Malware galaxy cluster based on Malpedia.
@ -255,7 +263,7 @@ Category: *course-of-action* - source: *https://github.com/mitre-atlas/atlas-nav
[Attack Pattern](https://www.misp-project.org/galaxy.html#_attack_pattern) - ATT&CK tactic
Category: *attack-pattern* - source: *https://github.com/mitre/cti* - total: *1124* elements
Category: *attack-pattern* - source: *https://github.com/mitre/cti* - total: *1141* elements
[[HTML](https://www.misp-project.org/galaxy.html#_attack_pattern)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-attack-pattern.json)]
@ -263,7 +271,7 @@ Category: *attack-pattern* - source: *https://github.com/mitre/cti* - total: *11
[Course of Action](https://www.misp-project.org/galaxy.html#_course_of_action) - ATT&CK Mitigation
Category: *course-of-action* - source: *https://github.com/mitre/cti* - total: *280* elements
Category: *course-of-action* - source: *https://github.com/mitre/cti* - total: *281* elements
[[HTML](https://www.misp-project.org/galaxy.html#_course_of_action)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-course-of-action.json)]
@ -271,7 +279,7 @@ Category: *course-of-action* - source: *https://github.com/mitre/cti* - total: *
[mitre-data-component](https://www.misp-project.org/galaxy.html#_mitre-data-component) - Data components are parts of data sources.
Category: *data-component* - source: *https://github.com/mitre/cti* - total: *116* elements
Category: *data-component* - source: *https://github.com/mitre/cti* - total: *117* elements
[[HTML](https://www.misp-project.org/galaxy.html#_mitre-data-component)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-data-component.json)]
@ -375,7 +383,7 @@ Category: *attack-pattern* - source: *https://collaborate.mitre.org/attackics/in
[Intrusion Set](https://www.misp-project.org/galaxy.html#_intrusion_set) - Name of ATT&CK Group
Category: *actor* - source: *https://github.com/mitre/cti* - total: *157* elements
Category: *actor* - source: *https://github.com/mitre/cti* - total: *165* elements
[[HTML](https://www.misp-project.org/galaxy.html#_intrusion_set)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-intrusion-set.json)]
@ -383,7 +391,7 @@ Category: *actor* - source: *https://github.com/mitre/cti* - total: *157* elemen
[Malware](https://www.misp-project.org/galaxy.html#_malware) - Name of ATT&CK software
Category: *tool* - source: *https://github.com/mitre/cti* - total: *671* elements
Category: *tool* - source: *https://github.com/mitre/cti* - total: *705* elements
[[HTML](https://www.misp-project.org/galaxy.html#_malware)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-malware.json)]
@ -495,7 +503,7 @@ Category: *actor* - source: *MISP Project* - total: *15* elements
[Ransomware](https://www.misp-project.org/galaxy.html#_ransomware) - Ransomware galaxy based on https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml and http://pastebin.com/raw/GHgpWjar
Category: *tool* - source: *Various* - total: *1705* elements
Category: *tool* - source: *Various* - total: *1706* elements
[[HTML](https://www.misp-project.org/galaxy.html#_ransomware)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/ransomware.json)]
@ -535,7 +543,7 @@ Category: *sector* - source: *CERT-EU* - total: *118* elements
[Sigma-Rules](https://www.misp-project.org/galaxy.html#_sigma-rules) - MISP galaxy cluster based on Sigma Rules.
Category: *rules* - source: *https://github.com/jstnk9/MISP/tree/main/misp-galaxy/sigma* - total: *2840* elements
Category: *rules* - source: *https://github.com/jstnk9/MISP/tree/main/misp-galaxy/sigma* - total: *2876* elements
[[HTML](https://www.misp-project.org/galaxy.html#_sigma-rules)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/sigma-rules.json)]
@ -575,7 +583,7 @@ Category: *actor* - source: *MISP Project* - total: *50* elements
[Target Information](https://www.misp-project.org/galaxy.html#_target_information) - Description of targets of threat actors.
Category: *target* - source: *Various* - total: *240* elements
Category: *target* - source: *Various* - total: *241* elements
[[HTML](https://www.misp-project.org/galaxy.html#_target_information)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/target-information.json)]
@ -599,7 +607,7 @@ Category: *tea-matrix* - source: ** - total: *7* elements
[Threat Actor](https://www.misp-project.org/galaxy.html#_threat_actor) - Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign. threat-actor-classification meta can be used to clarify the understanding of the threat-actor if also considered as operation, campaign or activity group.
Category: *actor* - source: *MISP Project* - total: *644* elements
Category: *actor* - source: *MISP Project* - total: *671* elements
[[HTML](https://www.misp-project.org/galaxy.html#_threat_actor)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/threat-actor.json)]
@ -615,7 +623,7 @@ Category: *Campaigns* - source: *https://app-api.tidalcyber.com/api/v1/campaigns
[Tidal Groups](https://www.misp-project.org/galaxy.html#_tidal_groups) - Tidal Groups Galaxy
Category: *Threat Groups* - source: *https://app-api.tidalcyber.com/api/v1/groups/* - total: *441* elements
Category: *Threat Groups* - source: *https://app-api.tidalcyber.com/api/v1/groups/* - total: *163* elements
[[HTML](https://www.misp-project.org/galaxy.html#_tidal_groups)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tidal-groups.json)]
@ -623,7 +631,7 @@ Category: *Threat Groups* - source: *https://app-api.tidalcyber.com/api/v1/group
[Tidal References](https://www.misp-project.org/galaxy.html#_tidal_references) - Tidal References Cluster
Category: *References* - source: *https://app-api.tidalcyber.com/api/v1/references/* - total: *3848* elements
Category: *References* - source: *https://app-api.tidalcyber.com/api/v1/references/* - total: *3872* elements
[[HTML](https://www.misp-project.org/galaxy.html#_tidal_references)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tidal-references.json)]
@ -631,7 +639,7 @@ Category: *References* - source: *https://app-api.tidalcyber.com/api/v1/referenc
[Tidal Software](https://www.misp-project.org/galaxy.html#_tidal_software) - Tidal Software Cluster
Category: *Software* - source: *https://app-api.tidalcyber.com/api/v1/software/* - total: *1386* elements
Category: *Software* - source: *https://app-api.tidalcyber.com/api/v1/software/* - total: *931* elements
[[HTML](https://www.misp-project.org/galaxy.html#_tidal_software)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tidal-software.json)]
@ -647,7 +655,7 @@ Category: *Tactic* - source: *https://app-api.tidalcyber.com/api/v1/tactic/* - t
[Tidal Technique](https://www.misp-project.org/galaxy.html#_tidal_technique) - Tidal Technique Cluster
Category: *Technique* - source: *https://app-api.tidalcyber.com/api/v1/technique/* - total: *625* elements
Category: *Technique* - source: *https://app-api.tidalcyber.com/api/v1/technique/* - total: *201* elements
[[HTML](https://www.misp-project.org/galaxy.html#_tidal_technique)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tidal-technique.json)]
@ -663,7 +671,7 @@ Category: *tmss* - source: *https://github.com/microsoft/Threat-matrix-for-stora
[Tool](https://www.misp-project.org/galaxy.html#_tool) - threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.
Category: *tool* - source: *MISP Project* - total: *596* elements
Category: *tool* - source: *MISP Project* - total: *603* elements
[[HTML](https://www.misp-project.org/galaxy.html#_tool)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tool.json)]
@ -675,11 +683,17 @@ Category: *military equipment* - source: *Popular Mechanics* - total: *36* eleme
[[HTML](https://www.misp-project.org/galaxy.html#_uavs/ucavs)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/uavs.json)]
[[HTML](https://www.misp-project.org/galaxy.html#_uavs/ucavs)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/uavs.json)]
## UKHSA Culture Collections
# Online documentation
[UKHSA Culture Collections](https://www.misp-project.org/galaxy.html#_ukhsa_culture_collections) - UK Health Security Agency Culture Collections represent deposits of cultures that consist of expertly preserved, authenticated cell lines and microbial strains of known provenance.
The [misp-galaxy.org](https://misp-galaxy.org) website provides an easily navigable resource for all MISP galaxy clusters.
Category: *virus* - source: *https://www.culturecollections.org.uk* - total: *6667* elements
[[HTML](https://www.misp-project.org/galaxy.html#_ukhsa_culture_collections)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/ukhsa-culture-collections.json)]
# Online documentation
The [misp-galaxy.org](https://misp-galaxy.org) website provides an easily navigable resource for all MISP galaxy clusters.
A [readable PDF overview of the MISP galaxy is available](https://www.misp.software/galaxy.pdf) or [HTML](https://www.misp.software/galaxy.html) and generated from the JSON.

34
clusters/entity.json Normal file
View file

@ -0,0 +1,34 @@
{
"authors": [
"Various"
],
"category": "actor",
"description": "Description of entities that can be involved in events.",
"name": "Entity",
"source": "MISP Project",
"type": "entity",
"uuid": "cd80fe0d-b905-449c-89f5-9a6b0ea09fc3",
"values": [
{
"description": "An individual involved in an event.",
"uuid": "e3983732-c670-4ea1-a28e-1f60bb3d74b7",
"value": "Individual"
},
{
"description": "A group involved in an event.",
"uuid": "d32a81f3-ed96-4bb0-a6b2-37efbeaa8cc0",
"value": "Group"
},
{
"description": "A employee involved in an event.",
"uuid": "35afacc1-8b9d-41b2-b90e-d2e2b2602aa9",
"value": "Employee"
},
{
"description": "A structure involved in an event.",
"uuid": "019a12dc-5325-4672-82b2-56558b661fe8",
"value": "Structure"
}
],
"version": 1
}

1005
clusters/interpol-dwva.json Normal file
View file

File diff suppressed because it is too large Load diff

1562
clusters/mitre-attack-pattern.json
View file

File diff suppressed because it is too large Load diff

2438
clusters/mitre-course-of-action.json
View file

File diff suppressed because it is too large Load diff

196
clusters/mitre-data-component.json
View file

@ -179,6 +179,10 @@
"dest-uuid": "7de1f7ac-5d0c-4c9c-8873-627202205331",
"type": "detects"
},
{
"dest-uuid": "890c9858-598c-401d-a4d5-c67ebcdd703a",
"type": "detects"
},
{
"dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27",
"type": "detects"
@ -199,6 +203,10 @@
"dest-uuid": "c63a348e-ffc2-486a-b9d9-d7f11ec54d99",
"type": "detects"
},
{
"dest-uuid": "ceaeb6d8-95ee-4da2-9d42-dc6aa6ca43ae",
"type": "detects"
},
{
"dest-uuid": "d50955c2-272d-4ac8-95da-10c29dda1c48",
"type": "detects"
@ -867,6 +875,10 @@
"dest-uuid": "22905430-4901-4c2a-84f6-98243cb173f8",
"type": "detects"
},
{
"dest-uuid": "24769ab5-14bd-4f4e-a752-cfb185da53ee",
"type": "detects"
},
{
"dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7",
"type": "detects"
@ -1051,6 +1063,10 @@
"dest-uuid": "b2d03cea-aec1-45ca-9744-9ee583c1e1cc",
"type": "detects"
},
{
"dest-uuid": "b4409cd8-0da9-46e1-a401-a241afd4d1cc",
"type": "detects"
},
{
"dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a",
"type": "detects"
@ -1099,6 +1115,10 @@
"dest-uuid": "d456de47-a16f-4e46-8980-e67478a12dcb",
"type": "detects"
},
{
"dest-uuid": "d4bdbdea-eaec-4071-b4f9-5105e12ea4b6",
"type": "detects"
},
{
"dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6",
"type": "detects"
@ -1115,6 +1135,10 @@
"dest-uuid": "e848506b-8484-4410-8017-3d235a52f5b3",
"type": "detects"
},
{
"dest-uuid": "ebb42bbe-62d7-47d7-a55f-3b08b61d792d",
"type": "detects"
},
{
"dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84",
"type": "detects"
@ -2487,6 +2511,10 @@
"dest-uuid": "cacc40da-4c9e-462c-80d5-fd70a178b12d",
"type": "detects"
},
{
"dest-uuid": "ceaeb6d8-95ee-4da2-9d42-dc6aa6ca43ae",
"type": "detects"
},
{
"dest-uuid": "e52d89f9-1710-4708-88a5-cbef77c4cd5e",
"type": "included-in"
@ -2494,6 +2522,10 @@
{
"dest-uuid": "e848506b-8484-4410-8017-3d235a52f5b3",
"type": "detects"
},
{
"dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84",
"type": "detects"
}
],
"uuid": "e52d89f9-1710-4708-88a5-cbef77c4cd5e",
@ -2877,6 +2909,10 @@
"dest-uuid": "cca0ccb6-a068-4574-a722-b1556f86833a",
"type": "detects"
},
{
"dest-uuid": "cd25c1b4-935c-4f0e-ba8d-552f28bc4783",
"type": "detects"
},
{
"dest-uuid": "cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8",
"type": "detects"
@ -2921,6 +2957,10 @@
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
"type": "detects"
},
{
"dest-uuid": "eb897572-8979-4242-a089-56f294f4c91d",
"type": "detects"
},
{
"dest-uuid": "ee7ff928-801c-4f34-8a99-3df965e581a5",
"type": "detects"
@ -3601,6 +3641,24 @@
"uuid": "b9a1578e-8653-4103-be23-cb52e0b1816e",
"value": "Named Pipe Metadata"
},
{
"description": "Additional assets included with an application",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "613788f2-ad72-43f5-b5f7-a93e2adc70fa",
"type": "included-in"
},
{
"dest-uuid": "dfafc230-5465-4993-8dc5-f51fa9fec002",
"type": "detects"
}
],
"uuid": "613788f2-ad72-43f5-b5f7-a93e2adc70fa",
"value": "Application Assets"
},
{
"description": "API calls utilized by an application that could indicate malicious activity",
"meta": {
@ -4153,6 +4211,10 @@
"refs": []
},
"related": [
{
"dest-uuid": "106c0cf6-bf73-4601-9aa8-0945c2715ec5",
"type": "detects"
},
{
"dest-uuid": "1126cab1-c700-412f-a510-61f4937bb096",
"type": "detects"
@ -4180,6 +4242,10 @@
{
"dest-uuid": "b0c74ef9-c61e-4986-88cb-78da98a355ec",
"type": "detects"
},
{
"dest-uuid": "b0e54bf7-835e-4f44-bd8e-62f431b9b76a",
"type": "detects"
}
],
"uuid": "a5ae90ca-0c4b-481c-959f-0eb18a7ff953",
@ -4539,6 +4605,10 @@
"dest-uuid": "3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc",
"type": "detects"
},
{
"dest-uuid": "3a32740a-11b0-4bcf-b0a9-3abd0f6d3cd5",
"type": "detects"
},
{
"dest-uuid": "3aef9463-9a7a-43ba-8957-a867e07c1e6a",
"type": "detects"
@ -4663,6 +4733,10 @@
"dest-uuid": "55bb4471-ff1f-43b4-88c1-c9384ec47abf",
"type": "detects"
},
{
"dest-uuid": "561ae9aa-c28a-4144-9eec-e7027a14c8c3",
"type": "detects"
},
{
"dest-uuid": "562e9b64-7239-493d-80f4-2bff900d9054",
"type": "detects"
@ -5039,6 +5113,10 @@
"dest-uuid": "b0c74ef9-c61e-4986-88cb-78da98a355ec",
"type": "detects"
},
{
"dest-uuid": "b0e54bf7-835e-4f44-bd8e-62f431b9b76a",
"type": "detects"
},
{
"dest-uuid": "b22e5153-ac28-4cc6-865c-2054e36285cb",
"type": "detects"
@ -5275,6 +5353,14 @@
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
"type": "detects"
},
{
"dest-uuid": "e6f19759-dde3-47fc-99cc-d9f5fa4ade60",
"type": "detects"
},
{
"dest-uuid": "e8a0a025-3601-4755-abfb-8d08283329fb",
"type": "detects"
},
{
"dest-uuid": "ea071aa0-8f17-416f-ab0d-2bab7e79003d",
"type": "detects"
@ -5385,6 +5471,14 @@
"dest-uuid": "0533ab23-3f7d-463f-9bd8-634d27e4dee1",
"type": "detects"
},
{
"dest-uuid": "09b008a9-b4eb-462a-a751-a0eb58050cd9",
"type": "detects"
},
{
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
"type": "detects"
},
{
"dest-uuid": "0c2d00da-7742-49e7-9928-4514e5075d32",
"type": "detects"
@ -5397,6 +5491,10 @@
"dest-uuid": "0cfe31a7-81fc-472c-bc45-e2808d1066a3",
"type": "detects"
},
{
"dest-uuid": "0d91b3c0-5e50-47c3-949a-2a796f04d144",
"type": "detects"
},
{
"dest-uuid": "0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3",
"type": "detects"
@ -5477,6 +5575,10 @@
"dest-uuid": "35187df2-31ed-43b6-a1f5-2f1d3d58d3f1",
"type": "detects"
},
{
"dest-uuid": "356662f7-e315-4759-86c9-6214e2a50ff8",
"type": "detects"
},
{
"dest-uuid": "359b00ad-9425-420b-bba5-6de8d600cbc0",
"type": "detects"
@ -5553,6 +5655,10 @@
"dest-uuid": "633a100c-b2c9-41bf-9be5-905c1b16c825",
"type": "detects"
},
{
"dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90",
"type": "detects"
},
{
"dest-uuid": "70d81154-b187-45f9-8ec5-295d01255979",
"type": "detects"
@ -5597,6 +5703,10 @@
"dest-uuid": "90c4a591-d02d-490b-92aa-619d9701ac04",
"type": "detects"
},
{
"dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58",
"type": "detects"
},
{
"dest-uuid": "960c3c86-1480-4d72-b4e0-8c242e84a5c5",
"type": "detects"
@ -6123,6 +6233,10 @@
"dest-uuid": "1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf",
"type": "detects"
},
{
"dest-uuid": "1f9c2bae-b441-4f66-a8af-b65946ee72f2",
"type": "detects"
},
{
"dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b",
"type": "detects"
@ -6239,6 +6353,10 @@
"dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1",
"type": "detects"
},
{
"dest-uuid": "356662f7-e315-4759-86c9-6214e2a50ff8",
"type": "detects"
},
{
"dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9",
"type": "detects"
@ -6263,6 +6381,14 @@
"dest-uuid": "3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc",
"type": "detects"
},
{
"dest-uuid": "3a32740a-11b0-4bcf-b0a9-3abd0f6d3cd5",
"type": "detects"
},
{
"dest-uuid": "3aef9463-9a7a-43ba-8957-a867e07c1e6a",
"type": "detects"
},
{
"dest-uuid": "3b0e52ce-517a-4614-a523-1bd5deef6c5e",
"type": "detects"
@ -6383,6 +6509,10 @@
"dest-uuid": "54a649ff-439a-41a4-9856-8d144a2551ba",
"type": "detects"
},
{
"dest-uuid": "561ae9aa-c28a-4144-9eec-e7027a14c8c3",
"type": "detects"
},
{
"dest-uuid": "565275d5-fcc3-4b66-b4e7-928e4cac6b8c",
"type": "detects"
@ -6447,6 +6577,10 @@
"dest-uuid": "67720091-eee3-4d2d-ae16-8264567f6f5b",
"type": "detects"
},
{
"dest-uuid": "6836813e-8ec8-4375-b459-abb388cb1a35",
"type": "detects"
},
{
"dest-uuid": "68a0c5ed-bee2-4513-830d-5b0d650139bd",
"type": "detects"
@ -6487,6 +6621,10 @@
"dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830",
"type": "detects"
},
{
"dest-uuid": "74d2a63f-3c7b-4852-92da-02d8fbab16da",
"type": "detects"
},
{
"dest-uuid": "7610cada-1499-41a4-b3dd-46467b68d177",
"type": "detects"
@ -6891,6 +7029,14 @@
"dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b",
"type": "detects"
},
{
"dest-uuid": "e6f19759-dde3-47fc-99cc-d9f5fa4ade60",
"type": "detects"
},
{
"dest-uuid": "e8a0a025-3601-4755-abfb-8d08283329fb",
"type": "detects"
},
{
"dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf",
"type": "detects"
@ -6919,6 +7065,10 @@
"dest-uuid": "f244b8dd-af6c-4391-a497-fc03627ce995",
"type": "detects"
},
{
"dest-uuid": "f2857333-11d4-45bf-b064-2c28d8525be5",
"type": "detects"
},
{
"dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077",
"type": "detects"
@ -7033,6 +7183,10 @@
"dest-uuid": "0dcbbf4f-929c-489a-b66b-9b820d3f7f0e",
"type": "included-in"
},
{
"dest-uuid": "149b477f-f364-4824-b1b5-aa1d56115869",
"type": "detects"
},
{
"dest-uuid": "155207c0-7f53-4f13-a06b-0a9907ef5096",
"type": "detects"
@ -7121,6 +7275,10 @@
"dest-uuid": "e5d550f3-2202-4634-85f2-4a200a1d49b3",
"type": "detects"
},
{
"dest-uuid": "eb897572-8979-4242-a089-56f294f4c91d",
"type": "detects"
},
{
"dest-uuid": "edadea33-549c-4ed1-9783-8f5a5853cbdf",
"type": "detects"
@ -7595,6 +7753,10 @@
"dest-uuid": "7e3beebd-8bfe-4e7b-a892-e44ab06a75f9",
"type": "detects"
},
{
"dest-uuid": "eb897572-8979-4242-a089-56f294f4c91d",
"type": "detects"
},
{
"dest-uuid": "f9cc4d06-775f-4ee1-b401-4e2cc0da30ba",
"type": "detects"
@ -7895,6 +8057,10 @@
"dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67",
"type": "detects"
},
{
"dest-uuid": "e6f19759-dde3-47fc-99cc-d9f5fa4ade60",
"type": "detects"
},
{
"dest-uuid": "f6fe9070-7a65-49ea-ae72-76292f42cebe",
"type": "detects"
@ -7961,6 +8127,10 @@
"dest-uuid": "09b130a2-a77e-4af0-a361-f46f9aad1345",
"type": "detects"
},
{
"dest-uuid": "0d91b3c0-5e50-47c3-949a-2a796f04d144",
"type": "detects"
},
{
"dest-uuid": "10ff21b9-5a01-4268-a1b5-3b55015f1847",
"type": "detects"
@ -8593,6 +8763,10 @@
"dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b",
"type": "detects"
},
{
"dest-uuid": "e8a0a025-3601-4755-abfb-8d08283329fb",
"type": "detects"
},
{
"dest-uuid": "ea071aa0-8f17-416f-ab0d-2bab7e79003d",
"type": "detects"
@ -8743,6 +8917,10 @@
"dest-uuid": "670a4d75-103b-4b14-8a9e-4652fa795edd",
"type": "detects"
},
{
"dest-uuid": "6ecbc2eb-e85a-440a-ab68-4d98f8d56fbe",
"type": "detects"
},
{
"dest-uuid": "74d2a63f-3c7b-4852-92da-02d8fbab16da",
"type": "detects"
@ -9017,6 +9195,10 @@
"dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34",
"type": "detects"
},
{
"dest-uuid": "356662f7-e315-4759-86c9-6214e2a50ff8",
"type": "detects"
},
{
"dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336",
"type": "detects"
@ -9452,6 +9634,10 @@
{
"dest-uuid": "e196b5c5-8118-4a1c-ab8a-936586ce3db5",
"type": "detects"
},
{
"dest-uuid": "eb897572-8979-4242-a089-56f294f4c91d",
"type": "detects"
}
],
"uuid": "1067aa74-5796-4d9b-b4f1-a4c9eb6fd9da",
@ -9763,6 +9949,10 @@
"dest-uuid": "39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
"type": "detects"
},
{
"dest-uuid": "45a5fe76-eda3-4d40-8f22-c186efd6278d",
"type": "detects"
},
{
"dest-uuid": "498e7b81-238d-404c-aa5e-332904d63286",
"type": "detects"
@ -9811,6 +10001,10 @@
"dest-uuid": "b1e0bb80-23d4-44f2-b919-7e9c54898f43",
"type": "included-in"
},
{
"dest-uuid": "be63612f-a48f-44f2-a7a6-1763509fcf80",
"type": "detects"
},
{
"dest-uuid": "c6421411-ae61-42bb-9098-73fddb315002",
"type": "detects"
@ -10058,5 +10252,5 @@
"value": "System Settings"
}
],
"version": 1
"version": 2
}

6
clusters/mitre-data-source.json
View file

@ -225,6 +225,10 @@
"dest-uuid": "5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
"type": "includes"
},
{
"dest-uuid": "613788f2-ad72-43f5-b5f7-a93e2adc70fa",
"type": "includes"
},
{
"dest-uuid": "6c62144a-cd5c-401c-ada9-58c4c74cd9d2",
"type": "includes"
@ -1251,5 +1255,5 @@
"value": "Certificate - DS0037"
}
],
"version": 1
"version": 2
}

2459
clusters/mitre-intrusion-set.json
View file

File diff suppressed because it is too large Load diff

5140
clusters/mitre-malware.json
View file

File diff suppressed because it is too large Load diff

352
clusters/mitre-tool.json
View file

@ -29,13 +29,6 @@
{
"dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90",
"type": "uses"
},
{
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "242f3da3-4425-4d11-8f5c-b842886da966",
@ -211,13 +204,6 @@
{
"dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e",
"type": "uses"
},
{
"dest-uuid": "c23b740b-a42b-47a1-aec2-9d48ddd547ff",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "a52edc76-328d-4596-85e7-d56ef5a9eb69",
@ -395,13 +381,6 @@
{
"dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916",
"type": "uses"
},
{
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "b52d6583-14a2-4ddc-8527-87fd2142558f",
@ -423,13 +402,6 @@
{
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
"type": "uses"
},
{
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "294e2560-bd48-44b2-9da2-833b5588ad11",
@ -526,13 +498,6 @@
{
"dest-uuid": "f303a39a-6255-4b89-aecc-18c4d8ca7163",
"type": "uses"
},
{
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60",
@ -575,13 +540,6 @@
{
"dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea",
"type": "uses"
},
{
"dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "d5e96a35-7b0b-4c6a-9533-d63ecbda563e",
@ -666,13 +624,6 @@
{
"dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011",
"type": "uses"
},
{
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "9de2308e-7bed-43a3-8e58-f194b3586700",
@ -708,13 +659,6 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "b07c2c47-fefb-4d7c-a69e-6a3296171f54",
@ -743,13 +687,6 @@
{
"dest-uuid": "f3d95a1f-bba2-44ce-9af7-37866cd63fd0",
"type": "uses"
},
{
"dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "0c8465c0-d0b4-4670-992e-4eee8d7ff952",
@ -768,13 +705,6 @@
{
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
"type": "uses"
},
{
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "362dc67f-4e85-4562-9dac-1b6b7f3ec4b5",
@ -799,13 +729,6 @@
{
"dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011",
"type": "uses"
},
{
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "4f45dfeb-fe51-4df0-8db3-edf7dd0513fe",
@ -828,13 +751,6 @@
{
"dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475",
"type": "uses"
},
{
"dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "b35068ec-107a-4266-bda8-eb7036267aea",
@ -853,13 +769,6 @@
{
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
"type": "uses"
},
{
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "c11ac61d-50f4-444f-85d8-6f006067f0de",
@ -931,13 +840,6 @@
{
"dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475",
"type": "uses"
},
{
"dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "4664b683-f578-434f-919b-1c1aad2a1111",
@ -972,6 +874,10 @@
"dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4",
"type": "uses"
},
{
"dest-uuid": "0d91b3c0-5e50-47c3-949a-2a796f04d144",
"type": "uses"
},
{
"dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2",
"type": "uses"
@ -1012,10 +918,6 @@
"dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d",
"type": "uses"
},
{
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
"type": "uses"
},
{
"dest-uuid": "b4b7458f-81f2-4d38-84be-1c5ba0167a52",
"type": "uses"
@ -1076,13 +978,6 @@
{
"dest-uuid": "767dbf9e-df3f-45cb-8998-4903ab5f80c0",
"type": "uses"
},
{
"dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "38952eac-cb1b-4a71-bad2-ee8223a1c8fe",
@ -1131,13 +1026,6 @@
{
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
"type": "uses"
},
{
"dest-uuid": "56fca983-1cf1-4fd1-bda0-5e170a37ab59",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "bba595da-b73a-4354-aa6c-224d4de7cb4e",
@ -1175,20 +1063,6 @@
{
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
"type": "uses"
},
{
"dest-uuid": "3e205e84-9f90-4b4b-8896-c82189936a15",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "0a68f1f1-da74-4d28-8d9a-696c082706cc",
@ -1226,13 +1100,6 @@
{
"dest-uuid": "f63fe421-b1d1-45c0-b8a7-02cd16ff2bed",
"type": "uses"
},
{
"dest-uuid": "241814ae-de3f-4656-b49e-f9a80764d4b7",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "5a63f900-5e7e-4928-a746-dd4558e1df71",
@ -1269,13 +1136,6 @@
{
"dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b",
"type": "uses"
},
{
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "64764dc6-a032-495f-8250-1e4c06bdc163",
@ -1454,13 +1314,6 @@
{
"dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4",
"type": "uses"
},
{
"dest-uuid": "ffe742ed-9100-4686-9e00-c331da544787",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db",
@ -1474,9 +1327,9 @@
"Windows"
],
"refs": [
"http://windowsitpro.com/windows/netexe-reference",
"https://attack.mitre.org/software/S0039",
"https://msdn.microsoft.com/en-us/library/aa939914"
"https://msdn.microsoft.com/en-us/library/aa939914",
"https://web.archive.org/web/20150511162820/http://windowsitpro.com/windows/netexe-reference"
],
"synonyms": [
"Net",
@ -1543,13 +1396,6 @@
{
"dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077",
"type": "uses"
},
{
"dest-uuid": "b6075259-dba3-44e9-87c7-e954f37ec0d5",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "03342581-f790-4f03-ba41-e82e67392e23",
@ -1723,13 +1569,6 @@
{
"dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896",
"type": "uses"
},
{
"dest-uuid": "2edd9d6a-5674-4326-a600-ba56de467286",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "cde2d700-9ed1-46cf-9bce-07364fe8b24f",
@ -1759,13 +1598,6 @@
{
"dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384",
"type": "uses"
},
{
"dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "2e45723a-31da-4a7e-aaa6-e01998a6788f",
@ -1890,13 +1722,6 @@
{
"dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b",
"type": "uses"
},
{
"dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "cf23bf4a-e003-4116-bbae-1ea6c558d565",
@ -1918,13 +1743,6 @@
{
"dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1",
"type": "uses"
},
{
"dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1",
@ -1946,13 +1764,6 @@
{
"dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735",
"type": "uses"
},
{
"dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "b77b563c-34bb-4fb8-86a3-3694338f7b47",
@ -1984,13 +1795,6 @@
{
"dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735",
"type": "uses"
},
{
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "30489451-5886-4c46-90c9-0dff9adc5252",
@ -2016,13 +1820,6 @@
{
"dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9",
"type": "uses"
},
{
"dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "c9703cd3-141c-43a0-a926-380082be5d04",
@ -2047,13 +1844,6 @@
{
"dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90",
"type": "uses"
},
{
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "2fab555f-7664-4623-b4e0-1675ae38190b",
@ -2079,13 +1869,6 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "ca1a3f50-5ebd-41f8-8320-2c7d6a6e88be",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "102c3898-85e0-43ee-ae28-62a0a3ed9507",
@ -2153,13 +1936,6 @@
{
"dest-uuid": "6add2ab5-2711-4e9d-87c8-7a0be8531530",
"type": "uses"
},
{
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "c9cd7ec9-40b7-49db-80be-1399eddd9c52",
@ -2290,13 +2066,6 @@
{
"dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4",
"type": "uses"
},
{
"dest-uuid": "f44731de-ea9f-406d-9b83-30ecbb9b4392",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "96fd6cc4-a693-4118-83ec-619e5352d07d",
@ -2315,13 +2084,6 @@
{
"dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4",
"type": "uses"
},
{
"dest-uuid": "f44731de-ea9f-406d-9b83-30ecbb9b4392",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "4fa49fc0-9162-4bdb-a37e-7aa3dcb6d38b",
@ -2586,13 +2348,6 @@
{
"dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945",
"type": "uses"
},
{
"dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "cb69b20d-56d0-41ab-8440-4a4b251614d4",
@ -2690,13 +2445,6 @@
{
"dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada",
"type": "uses"
},
{
"dest-uuid": "7d751199-05fa-4a72-920f-85df4506c76c",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68",
@ -2723,13 +2471,6 @@
{
"dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18",
"type": "uses"
},
{
"dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "90ec2b22-7061-4469-b539-0989ec4f96c2",
@ -2795,13 +2536,6 @@
{
"dest-uuid": "650c784b-7504-4df7-ab2c-4ea882384d1e",
"type": "uses"
},
{
"dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "a1dd2dbd-1550-44bf-abcc-1a4c52e97719",
@ -2936,13 +2670,6 @@
{
"dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945",
"type": "uses"
},
{
"dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "13cd9151-83b7-410d-9f98-25d0f0d1d80d",
@ -2968,13 +2695,6 @@
{
"dest-uuid": "ca9d3402-ada3-484d-876a-d717bd6e05f2",
"type": "uses"
},
{
"dest-uuid": "1ce03c65-5946-4ac9-9d4d-66db87e024bd",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "65370d0b-3bd4-4653-8cf9-daf56f6be830",
@ -3000,6 +2720,10 @@
"dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9",
"type": "uses"
},
{
"dest-uuid": "0d91b3c0-5e50-47c3-949a-2a796f04d144",
"type": "uses"
},
{
"dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c",
"type": "uses"
@ -3016,10 +2740,6 @@
"dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580",
"type": "uses"
},
{
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
"type": "uses"
},
{
"dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1",
"type": "uses"
@ -3089,13 +2809,6 @@
{
"dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c",
"type": "uses"
},
{
"dest-uuid": "1b84d551-6de8-4b96-9930-d177677c3b1d",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "d8d19e33-94fd-4aa3-b94a-08ee801a2153",
@ -3194,13 +2907,6 @@
{
"dest-uuid": "3120b9fa-23b8-4500-ae73-09494f607b7d",
"type": "uses"
},
{
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "5a33468d-844d-4b1f-98c9-0e786c556b27",
@ -3219,13 +2925,6 @@
{
"dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c",
"type": "uses"
},
{
"dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "fbd727ea-c0dc-42a9-8448-9e12962d1ab5",
@ -3244,13 +2943,6 @@
{
"dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c",
"type": "uses"
},
{
"dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "9a2640c2-9f43-46fe-b13f-bde881e55555",
@ -3395,13 +3087,6 @@
{
"dest-uuid": "0c4b4fda-9062-47da-98b9-ceae2dcf052a",
"type": "uses"
},
{
"dest-uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "33b9e38f-103c-412d-bdcf-904a91fff1e4",
@ -3976,13 +3661,6 @@
{
"dest-uuid": "eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
"type": "uses"
},
{
"dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "da21929e-40c0-443d-bdf4-6b60d15448b4",
@ -4328,6 +4006,10 @@
"dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c",
"type": "uses"
},
{
"dest-uuid": "0d91b3c0-5e50-47c3-949a-2a796f04d144",
"type": "uses"
},
{
"dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72",
"type": "uses"
@ -4356,10 +4038,6 @@
"dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d",
"type": "uses"
},
{
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
"type": "uses"
},
{
"dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada",
"type": "uses"
@ -5248,5 +4926,5 @@
"value": "Mythic - S0699"
}
],
"version": 31
"version": 32
}

157
clusters/producer.json
View file

@ -306,7 +306,162 @@
},
"uuid": "8a22c0b2-d05f-4142-ab74-ffdf38fe4758",
"value": "Team Cymru"
},
{
"description": "G Data CyberDefense AG (until September 2019 G Data Software AG) is a German software company that focuses on computer security.",
"meta": {
"company-type": [
"Computer software"
],
"country": "DE",
"official-refs": [
"https://www.gdata-software.com",
"https://www.gdatasoftware.co.uk"
],
"product-type": [
"Antivirus software",
"Mobile Device Management"
],
"products": [
"AntiVirus",
"InternetSecurity",
"TotalSecurity",
"AntiVirus for Mac",
"AntiVirus Business",
"AntiVirus Enterprise",
"ClientSecurity Business",
"ClientSecurity Enterprise",
"EndpointProtection Business",
"EndpointProtection Enterprise",
"MailSecurity",
"PatchManagement",
"Mobile Security",
"VPN"
],
"refs": [
"https://en.wikipedia.org/wiki/G_Data_CyberDefense"
],
"synonyms": [
"GDATA",
"G Data CyberDefense AG",
"G Data Software AG"
]
},
"uuid": "2b69f676-c875-4000-8350-5f162e69d908",
"value": "G DATA"
},
{
"description": "Sekoia.io is a European cybersecurity SAAS company, whose mission is to develop the best protection capabilities against cyber attacks.",
"meta": {
"company-type": [
"Cyber Security Vendor"
],
"country": "FR",
"official-refs": [
"https://www.sekoia.io"
],
"product-type": [
"eXtended Detection and Response SaaS platform"
],
"products": [
"SIEM RELOADED | Sekoia Defend",
"CTI RELOADED"
]
},
"uuid": "6c9ef130-7cf6-4eeb-9e65-46228fc5e30c",
"value": "Sekoia"
},
{
"description": "Excellium Services Group is a cyber-security consulting and technology Integration Company established since 2012 in Luxemburg and Belgium, with activities and in France and Africa.",
"meta": {
"company-type": [
"Cyber-security consulting and technology Integration Company",
"CSIRT"
],
"country": "LU",
"official-refs": [
"https://excellium-services.com"
],
"product-type": [
"CERT-XLM",
"SOC",
"GDPR Services",
"Information Security Governance",
"Intrusion Tests Red Team (Application Security Team)",
"Network & Security Infrastructure",
"Training"
],
"products": [
"EyeGuard",
"EyeTools",
"EyeDeep",
"EyeTLD",
"EyeNotify"
]
},
"uuid": "73ae2776-3700-4120-84ae-7e9785e6071b",
"value": "Excellium"
},
{
"description": "Telindus is a brand of Proximus Luxembourg SA. Founded in 1979, Telindus Luxembourg accompanies all organizations in their digital transformation, by providing holistic ICT & Telecommunication solutions, as well as tailored support services. Our areas of expertise include Telecommunication Services, ICT Infrastructure, Multi-Cloud, Digital Trust Solutions, Cybersecurity, Business Applications, Managed Services and Training.",
"meta": {
"company-type": [
"Service Provider"
],
"country": "LU",
"official-refs": [
"https://www.telindus.lu/en"
],
"product-type": [
"Ethical Hacking",
"Infrastructure Security",
"Managed Security Services",
"Protection, Detection and Orchestration",
"Security Operations Center",
"Strategy, risk, management and advice",
"ICT solutions",
"Telecoms",
"Cloud"
]
},
"uuid": "4155eec3-fae2-4e80-a9a6-89b0f976851a",
"value": "Telindus"
},
{
"description": "Bleeping Computer is a website covering technology news and offering free computer help via its forums that was created by Lawrence Abrams in 2004. It publishes news focusing heavily on cybersecurity, but also covers other topics including computer software, computer hardware, operating system and general technology.",
"meta": {
"company-type": [
"Technology news and computer help"
],
"country": "US",
"official-refs": [
"https://www.bleepingcomputer.com/"
],
"product-type": [
"Security and Technology Blog Posts"
],
"refs": [
"https://en.wikipedia.org/wiki/Bleeping_Computer"
]
},
"uuid": "ec3fb9b0-4f24-4099-ad48-3e8f68e88275",
"value": "BleepingComputer"
},
{
"description": "",
"meta": {
"country": "US",
"refs": [
"https://talosintelligence.com/",
"https://blog.talosintelligence.com/"
],
"synonyms": [
"Cisco Talos"
]
},
"uuid": "0adf6f0f-3795-4de1-9763-1bdd1c31a5d7",
"value": "Cisco Talos Intelligence Group"
}
],
"version": 4
"version": 6
}

3040
clusters/sigma-rules.json
View file

File diff suppressed because it is too large Load diff

5856
clusters/tidal-groups.json
View file

File diff suppressed because it is too large Load diff

1640
clusters/tidal-references.json
View file

File diff suppressed because it is too large Load diff

13246
clusters/tidal-software.json
View file

File diff suppressed because one or more lines are too long

8672
clusters/tidal-technique.json
View file

File diff suppressed because one or more lines are too long

194138
clusters/ukhsa-culture-collections.json Normal file
View file

File diff suppressed because it is too large Load diff

9
galaxies/entity.json Normal file
View file

@ -0,0 +1,9 @@
{
"description": "Description of entities that can be involved in events.",
"icon": "user",
"name": "Entity",
"namespace": "misp",
"type": "entity",
"uuid": "f1b42b47-778f-4e50-bda5-969ee7f9029f",
"version": 1
}

27
galaxies/interpol-dwva.json Normal file
View file

@ -0,0 +1,27 @@
{
"description": "This taxonomy defines common forms of abuses and entities that represent real-world actors and service that are part of a larger Darknet- and Cryptoasset Ecosystems.",
"icon": "user-secret",
"kill_chain_order": {
"Abuses": [
"Concept"
],
"Entities": [
"Actor",
"Asset",
"Authorities",
"Cryptocurrency",
"Dark_Web",
"Generic",
"Infrastructure",
"Process",
"Service",
"Technology",
"Wallet"
]
},
"name": "INTERPOL DWVA Taxonomy",
"namespace": "interpol",
"type": "dwva",
"uuid": "a375d7fd-0a3e-41cf-a531-ef56033df967",
"version": 1
}

9
galaxies/ukhsa-culture-collections.json Normal file
View file

@ -0,0 +1,9 @@
{
"description": "UK Health Security Agency Culture Collections represent deposits of cultures that consist of expertly preserved, authenticated cell lines and microbial strains of known provenance.",
"icon": "virus",
"name": "UKHSA Culture Collections",
"namespace": "gov.uk",
"type": "ukhsa-culture-collections",
"uuid": "bbe11c06-1d6a-477e-88f1-cdda2d71de56",
"version": 1
}

163
tools/gen_interpol_dwvat.py Executable file
View file

@ -0,0 +1,163 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
#
#
# A simple convertor of the Interpol Dark Web and Virtual Assets Taxonomies to a MISP Galaxy datastructure.
# https://github.com/INTERPOL-Innovation-Centre/DW-VA-Taxonomy
# Copyright (C) 2024 Christophe Vandeplas
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import yaml
import os
import uuid
import re
import json
import argparse
parser = argparse.ArgumentParser(description='Create/update the Interpol Dark Web and Virtual Assets Taxonomies based on Markdown files.')
parser.add_argument("-p", "--path", required=True, help="Path of the 'DW-VA-Taxonomy' git clone folder")
args = parser.parse_args()
if not os.path.exists(args.path):
exit("ERROR: DW-VA-Taxonomy folder incorrect")
'''
contains _data folder with
- abuses.yaml - simple taxonomy
- entities.yaml - matrix like taxonomy
'''
try:
with open(os.path.join('..', 'galaxies', 'interpol-dwva.json'), 'r') as f:
json_galaxy = json.load(f)
except FileNotFoundError:
json_galaxy = {
'icon': "user-secret",
'kill_chain_order': {
'Entities': [],
'Abuses': ['Concept']
},
'name': "INTERPOL DWVA Taxonomy",
'description': "This taxonomy defines common forms of abuses and entities that represent real-world actors and service that are part of a larger Darknet- and Cryptoasset Ecosystems.",
'namespace': "interpol",
'type': "dwva",
'uuid': "a375d7fd-0a3e-41cf-a531-ef56033df967",
'version': 1
}
try:
with open(os.path.join('..', 'clusters', 'interpol-dwva.json'), 'r') as f:
json_cluster = json.load(f)
except FileNotFoundError:
json_cluster = {
'authors': ["INTERPOL Darkweb and Virtual Assets Working Group"],
'category': 'dwva',
'name': "INTERPOL DWVA Taxonomy",
'description': "This taxonomy defines common forms of abuses and entities that represent real-world actors and service that are part of a larger Darknet- and Cryptoasset Ecosystems.",
'source': 'https://interpol-innovation-centre.github.io/DW-VA-Taxonomy/',
'type': "dwva",
'uuid': "b15898ba-a923-4916-856c-0dfe8b174196",
'values': [],
'version': 1
}
tactics = set()
clusters_dict = {}
# FIXME create dict for the existing clusters, so we can update the clusters without losing the relations
#
# Entities
#
with open(os.path.join(args.path, '_data', 'entities.yaml'), 'r') as f:
entities_data = yaml.safe_load(f)
# build a broader concept list so we can ignore them later on
broaders = set()
for section in entities_data:
try:
broaders.add(entities_data[section]['broader'])
except KeyError:
pass
# the Entities
for section in entities_data:
item = entities_data[section]
if item['type'] == 'concept':
if item['id'] in broaders: # skip the broader concepts
continue
if 'broader' not in item:
item['broader'] = 'generic'
tactics.add(item['broader'].title())
value = item['prefLabel']
clusters_dict[value] = {
'value': value,
'description': item['description'],
'uuid': str(uuid.uuid5(uuid.UUID("d0ceebc2-877b-4873-9785-d00f279ccb45"), value)),
'meta': {
'kill_chain': [f"Entities:{item['broader'].title()}"],
}
}
try:
clusters_dict[value]['meta']['refs'] = [item['seeAlso']]
except KeyError:
pass
#
# Abuses
#
with open(os.path.join(args.path, '_data', 'abuses.yaml'), 'r') as f:
entities_data = yaml.safe_load(f)
for section in entities_data:
item = entities_data[section]
if item['type'] == 'concept':
value = item['prefLabel']
clusters_dict[value] = {
'value': value,
'description': item['description'],
'uuid': str(uuid.uuid5(uuid.UUID("d0ceebc2-877b-4873-9785-d00f279ccb45"), value)),
'meta': {
'kill_chain': [f"Abuses:Concept"],
}
}
try:
clusters_dict[value]['meta']['refs'] = [item['seeAlso']]
except KeyError:
pass
#
# Finally transform dict to list
#
clusters = []
for item in clusters_dict.values():
clusters.append(item)
json_cluster['values'] = clusters
json_galaxy['kill_chain_order']['Entities'] = sorted(list(tactics))
# save the Galaxy and Cluster file
with open(os.path.join('..', 'galaxies', 'interpol-dwva.json'), 'w') as f:
json.dump(json_galaxy, f, indent=2, sort_keys=True, ensure_ascii=False)
f.write('\n') # only needed for the beauty and to be compliant with jq_all_the_things
with open(os.path.join('..', 'clusters', 'interpol-dwva.json'), 'w') as f:
json.dump(json_cluster, f, indent=2, sort_keys=True, ensure_ascii=False)
f.write('\n') # only needed for the beauty and to be compliant with jq_all_the_things
print("All done, please don't forget to ./jq_all_the_things.sh, commit, and then ./validate_all.sh.")

142
tools/gen_ukhsa_culture_collections.py Executable file
View file

@ -0,0 +1,142 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
#
# A simple convertor of the UK Health Security Agency Culture Collections
# to a MISP Galaxy datastructure.
# Copyright (C) 2024 MISP Project
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import os
import json
import requests
import uuid
'''
From https://www.culturecollections.org.uk/search/?searchScope=Product&pageNumber=1&filter.collectionGroup=0&filter.collection=0&filter.sorting=DateCreated
JSON is loaded, needs to be paginated
Culturecollections.org.uk is published under the Open Government Licence, allowing the reproduction of information as
long as the license terms are obeyed. Material on this website is subject to Crown copyright protection unless otherwise
indicated. Users should be aware that information provided to third parties through feeds may be edited or cached, and
we do not guarantee the accuracy of such third-party products.
https://www.culturecollections.org.uk/training-and-support/policies/terms-and-conditions-of-use/
The Culture Collections represent deposits of cultures from world-wide sources. While every effort is made to ensure
details distributed by Culture Collections are accurate, Culture Collections cannot be held responsible for any
inaccuracies in the data supplied. References where quoted are mainly attributed to the establishment of the cell
culture and not for any specific property of the cell line, therefore further references should be obtained regarding
cell culture characteristics. Passage numbers where given act only as a guide and Culture Collections does not guarantee
the passage number stated will be the passage number received by the customer.
'''
def download_items():
data = {'items': [],
'collections': {},
'collection_groups': {}}
page_number = 1
page_number_max = None
while True:
url = 'https://www.culturecollections.org.uk/umbraco/api/searchApi/getSearchResults?searchParams={"searchText":"","searchScope":"Product","pageNumber":' + str(page_number) + ',"filter":{"collectionGroup":"0","collection":"0","facets":{},"sorting":"DateCreated"}}'
page_resp = requests.get(url)
page_resp.encoding = 'utf-8-sig'
page_data = page_resp.json()
page_number_max = page_data['pagination']['totalPages']
for c in page_data['filter']['collections']['aggregationItems']:
data['collections'][int(c['value'])] = c['title']
for cg in page_data['filter']['collectionGroups']['aggregationItems']:
data['collection_groups'][int(cg['value'])] = cg['title']
for item in page_data['items']:
item['collection'] = data['collections'][item['collectionId']]
data['items'].extend(page_data['items'])
print(f"Fetching page {page_number}/{page_number_max}: ", end="")
print(f"items size is now {len(data['items'])} as I extended with {len(page_data['items'])} items.")
if page_number >= page_number_max:
break
page_number += 1
return data
def save_items(d):
with open('items.json', 'w') as f:
json.dump(d, f, indent=2, sort_keys=True)
return True
def load_saved_items():
with open('items.json', 'r') as f:
d = json.load(f)
return d
data = download_items()
# save_items(data)
# data = load_saved_items()
clusters_dict = {}
for item in data['items']:
# create a cluster
cluster = {
'value': f"{item['name']}",
'uuid': str(uuid.uuid5(uuid.UUID("bbe11c06-1d6a-477e-88f1-cdda2d71de56"), item['name'])),
'meta': {
'refs': [item['url']],
'external_id': [item['catalogueNumber']]
}
}
# add all properties of the culture
for p in item['properties']:
if p['value']:
p_name = p['name'].lower().replace(' ', '_')
if p['name'] not in cluster['meta']:
cluster['meta'][p_name] = []
cluster['meta'][p_name].append(p['value'])
# merge if the collection already exists
if cluster['value'] in clusters_dict:
clusters_dict[cluster['value']]['meta']['refs'].extend(cluster['meta']['refs'])
clusters_dict[cluster['value']]['meta']['external_id'].extend(cluster['meta']['external_id'])
else:
clusters_dict[cluster['value']] = cluster
# transform dict to list
clusters = []
for item in clusters_dict.values():
clusters.append(item)
json_galaxy = {
'icon': "virus",
'name': "UKHSA Culture Collections",
'description': "UK Health Security Agency Culture Collections represent deposits of cultures that consist of expertly preserved, authenticated cell lines and microbial strains of known provenance.",
'namespace': "gov.uk",
'type': "ukhsa-culture-collections",
'uuid': "bbe11c06-1d6a-477e-88f1-cdda2d71de56",
'version': 1
}
with open(os.path.join('..', 'clusters', 'ukhsa-culture-collections.json'), 'r') as f:
json_cluster = json.load(f)
json_cluster['values'] = clusters
json_cluster['version'] += 1
# save the Galaxy and Cluster file
with open(os.path.join('..', 'galaxies', 'ukhsa-culture-collections.json'), 'w') as f:
json.dump(json_galaxy, f, indent=2, sort_keys=True, ensure_ascii=False)
f.write('\n') # only needed for the beauty and to be compliant with jq_all_the_things
with open(os.path.join('..', 'clusters', 'ukhsa-culture-collections.json'), 'w') as f:
json.dump(json_cluster, f, indent=2, sort_keys=True, ensure_ascii=False)
f.write('\n') # only needed for the beauty and to be compliant with jq_all_the_things
print("All done, please don't forget to ./jq_all_the_things.sh, commit, and then ./validate_all.sh.")