chg: magical mapping with malpedia

This commit is contained in:
Christophe Vandeplas 2018-10-12 11:00:00 +02:00
parent 65eb66a739
commit f14d616e22
20 changed files with 7959 additions and 39 deletions

View file

@ -29,6 +29,15 @@
"GhostCtrl"
]
},
"related": [
{
"dest-uuid": "3b6c1771-6d20-4177-8be0-12116e254bf5",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "a01e1d0b-5303-4d11-94dc-7db74f3d599d",
"value": "Andr/Dropr-FH"
},
@ -50,6 +59,15 @@
"https://www.bleepingcomputer.com/news/security/researchers-discover-new-android-banking-trojan/"
]
},
"related": [
{
"dest-uuid": "e9aaab46-abb1-4390-b37b-d0457d05b28f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "d10f8cd5-0077-4d8f-9145-03815a68dd33",
"value": "RedAlert2"
},
@ -70,6 +88,15 @@
"https://www.welivesecurity.com/2017/10/13/doublelocker-innovative-android-malware/"
]
},
"related": [
{
"dest-uuid": "10d0115a-00b4-414e-972b-8320a2bb873c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "6671bb0b-4fab-44a7-92f9-f641a887a0aa",
"value": "DoubleLocker"
},
@ -91,6 +118,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "d99c0a47-9d61-4d92-86ec-86a87b060d76",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "426ead34-b3e6-45c7-ba22-5b8f3b8214bd",
@ -103,6 +137,29 @@
"https://clientsidedetection.com/lokibot___the_first_hybrid_android_malware.html"
]
},
"related": [
{
"dest-uuid": "a6f481fe-b6db-4507-bb3c-28f10d800e2f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "b8fa5036-813f-4887-b4d4-bb17b4a7eba0",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "4793a29b-1191-4750-810e-9301a6576fc4",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "fbda9705-677b-4c5b-9b0b-13b52eff587c",
"value": "LokiBot"
},
@ -115,6 +172,15 @@
"https://blog.avast.com/mobile-banking-trojan-sneaks-into-google-play-targeting-wells-fargo-chase-and-citibank-customers"
]
},
"related": [
{
"dest-uuid": "85975621-5126-40cb-8083-55cbfa75121b",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "4ed03b03-a34f-4583-9db1-6c58a4bd952b",
"value": "BankBot"
},
@ -188,6 +254,15 @@
"https://www.symantec.com/security_response/writeup.jsp?docid=2017-090410-0547-99"
]
},
"related": [
{
"dest-uuid": "e3e90666-bc19-4741-aca8-1e4cbc2f4c9e",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "60857664-0671-4b12-ade9-86ee6ecb026a",
"value": "Switcher"
},
@ -259,6 +334,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "d87e2574-7b9c-4ea7-98eb-88f3e139f6ff",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "3d3aa832-8847-47c5-9e31-ef13ab7ab6fb",
@ -311,6 +393,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "8eb9d4aa-257a-45eb-8c65-95c18500171c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "ce1a9641-5bb8-4a61-990a-870e9ef36ac1",
@ -762,6 +851,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "d87e2574-7b9c-4ea7-98eb-88f3e139f6ff",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "620981e8-49c8-486a-b30c-359702c8ffbc",
@ -1094,6 +1190,22 @@
"https://www.symantec.com/security_response/writeup.jsp?docid=2015-071409-0636-99"
]
},
"related": [
{
"dest-uuid": "4b2ab902-811e-4b50-8510-43454d77d027",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "c359c74e-4155-4e66-a344-b56947f75119",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "c17f6e4b-70c5-42f8-a91b-19d73485bd04",
"value": "Crisis"
},
@ -3349,6 +3461,15 @@
"https://www.symantec.com/security_response/writeup.jsp?docid=2016-062710-0328-99"
]
},
"related": [
{
"dest-uuid": "db3dcfd1-79d2-4c91-898f-5f2463d7c417",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "05f5a051-d7a2-4757-a2f0-d685334d9374",
"value": "Rootnik"
},
@ -3660,6 +3781,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "8eb9d4aa-257a-45eb-8c65-95c18500171c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "dadccdda-a4c2-4021-90b9-61a394e602be",
@ -3714,6 +3842,20 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "d26b5518-8d7f-41a6-b539-231e4962853e",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "6bd20349-1231-4aaa-ba2a-f4b09d3b344c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729",
@ -4482,6 +4624,15 @@
"https://www.bleepingcomputer.com/news/security/new-mysterybot-android-malware-packs-a-banking-trojan-keylogger-and-ransomware/"
]
},
"related": [
{
"dest-uuid": "0a53ace4-98ae-442f-be64-b8e373948bde",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "53e2e7e8-70a8-11e8-b0f8-33fcf651adaf",
"value": "MysteryBot"
},
@ -4492,6 +4643,15 @@
"https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/"
]
},
"related": [
{
"dest-uuid": "f5fded3c-8f45-471a-a372-d8be101e1b22",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "3e19d162-9ee1-11e8-b8d7-d32141691f1f",
"value": "Skygofree"
},
@ -4516,5 +4676,5 @@
"value": "Triout"
}
],
"version": 14
}
"version": 15
}

View file

@ -16,6 +16,15 @@
"https://blog.jpcert.or.jp/2018/07/malware-wellmes-9b78.html"
]
},
"related": [
{
"dest-uuid": "d84ebd91-58f6-459f-96a1-d028a1719914",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "e0e79fab-0f1d-4fc2-b424-208cb019a9cd",
"value": "WellMess"
},
@ -33,5 +42,5 @@
"value": "Rosenbridge"
}
],
"version": 2
}
"version": 3
}

View file

@ -34,6 +34,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "4e8c1ab7-2841-4823-a5d1-39284fb0969a",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "f0ec2df5-2e38-4df3-970d-525352006f2e",
@ -60,6 +67,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "b662c253-5c87-4ae6-a30e-541db0845f67",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "f3813bbd-682c-400d-8165-778be6d3f91f",
@ -91,6 +105,20 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "b4216929-1626-4444-bdd7-bfd4b68a766e",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "66781866-f064-467d-925d-5e5f290352f0",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "44754726-e1d5-4e5f-a113-234c4a8ca65e",
@ -119,6 +147,20 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "75329c9e-a218-4299-87b2-8f667cd9e40c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "4f3ad937-bf2f-40cb-9695-a2bedfd41bfa",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "b9448d2a-a23c-4bf2-92a1-d860716ba2f3",
@ -151,6 +193,22 @@
"https://lokalhost.pl/gozi_tree.txt"
]
},
"related": [
{
"dest-uuid": "a171321e-4968-4ac0-8497-3250c1f0d77d",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "0f96a666-bf26-44e0-8ad6-f2136208c924",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "ffbbbc14-1cdb-4be9-a631-ed53c5407369",
"value": "Gozi ISFB"
},
@ -176,6 +234,22 @@
"http://archive.is/I7hi8#selection-217.0-217.6"
]
},
"related": [
{
"dest-uuid": "a171321e-4968-4ac0-8497-3250c1f0d77d",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "ffbbbc14-1cdb-4be9-a631-ed53c5407369",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "0f96a666-bf26-44e0-8ad6-f2136208c924",
"value": "IAP"
},
@ -203,6 +277,15 @@
"Zeus Terdot"
]
},
"related": [
{
"dest-uuid": "13236f94-802b-4abc-aaa9-cb80cf4df9ed",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "2eb658ed-aff4-4253-a21f-9059b133ce17",
"value": "Zloader Zeus"
},
@ -218,6 +301,15 @@
"VM Zeus"
]
},
"related": [
{
"dest-uuid": "c32740a4-db2c-4d71-80bd-7377185f4a6f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "09d1cad8-6b06-48d7-a968-5b17bbe9ca65",
"value": "Zeus VM"
},
@ -229,6 +321,15 @@
"https://securityintelligence.com/brazil-cant-catch-a-break-after-panda-comes-the-sphinx/"
]
},
"related": [
{
"dest-uuid": "997c20b0-0992-498a-b69d-fc16ab2fd4e4",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "8914802c-3aca-4a0d-874a-85ac7a1bc505",
"value": "Zeus Sphinx"
},
@ -261,6 +362,15 @@
"Maple"
]
},
"related": [
{
"dest-uuid": "07f6bbff-a09a-4580-96ea-62795a8dae11",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "bc0be3a4-89d8-4c4c-b2aa-2dddbed1f71d",
"value": "Zeus KINS"
},
@ -276,6 +386,15 @@
"Chtonic"
]
},
"related": [
{
"dest-uuid": "9441a589-e23d-402d-9603-5e55e3e33971",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "6deb9f26-969b-45aa-9222-c23663fd6ef8",
"value": "Chthonic"
},
@ -294,6 +413,22 @@
"Trickloader"
]
},
"related": [
{
"dest-uuid": "a7dbd72f-8d53-48c6-a9db-d16e7648b2d4",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "c824813c-9c79-4917-829a-af72529e8329",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "07e3260b-d80c-4c86-bd28-8adc111bbec6",
"value": "Trickbot"
},
@ -316,6 +451,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "1ecbcd20-f238-47ef-874b-08ef93266395",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "15e969e6-f031-4441-a49b-f401332e4b00",
@ -351,6 +493,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "5eee35b6-bd21-4b67-b198-e9320fcf2c88",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "5594b171-32ec-4145-b712-e7701effffdd",
@ -376,6 +525,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "d29eb927-d53d-4af2-b6ce-17b3a1b34fe7",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "8e002f78-7fb8-4e70-afd7-0b4ac655be26",
@ -409,6 +565,27 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "b4216929-1626-4444-bdd7-bfd4b68a766e",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "66781866-f064-467d-925d-5e5f290352f0",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "16794655-c0e2-4510-9169-f862df104045",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "7ca93488-c357-44c3-b246-3f88391aca5a",
@ -432,6 +609,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "542161c0-47a4-4297-baca-5ed98386d228",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "7e2288ec-e7d4-4833-9245-a2bc5ae40ee2",
@ -465,6 +649,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "2ccaccd0-8362-4224-8497-2012e7cc7549",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "b2ec1f16-2a76-4910-adc5-ecb3570e7c1a",
@ -480,6 +671,15 @@
"https://malwarebreakdown.com/2017/09/11/re-details-malspam-downloads-corebot-banking-trojan/"
]
},
"related": [
{
"dest-uuid": "495377c4-1be5-4c65-ba66-94c221061415",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "8a3d46db-d3b4-4f89-99e2-d1f0de3f484c",
"value": "Corebot"
},
@ -508,6 +708,20 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "4cfa42a3-71d9-43e2-bf23-daa79f326387",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "5a78ec38-8b93-4dde-a99e-0c9b77674838",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "e683cd91-40b4-4e1c-be25-34a27610a22e",
@ -529,6 +743,29 @@
"Werdlod"
]
},
"related": [
{
"dest-uuid": "22ef1e56-7778-41d1-9b2b-737aa5bf9777",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "80acc956-d418-42e3-bddf-078695a01289",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "e159c4f8-3c22-49f9-a60a-16588a9c22b0",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "87b69cb4-8b65-47ee-91b0-9b1decdd5c5c",
"value": "Retefe"
},
@ -543,6 +780,15 @@
"http://blog.trendmicro.com/trendlabs-security-intelligence/rovnix-infects-systems-with-password-protected-macros/"
]
},
"related": [
{
"dest-uuid": "9d58d94f-6885-4a38-b086-b9978ac62c1f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "d939e802-acb2-4881-bdaf-ece1eccf5699",
"value": "ReactorBot"
},
@ -554,6 +800,15 @@
"https://www.arbornetworks.com/blog/asert/another-banker-enters-matrix/"
]
},
"related": [
{
"dest-uuid": "59717468-271e-4d15-859a-130681c17ddb",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "aa3fc68c-413c-4bfb-b4cd-bca7094da985",
"value": "Matrix Banker"
},
@ -592,6 +847,15 @@
"https://securityintelligence.com/cybercriminals-use-citadel-compromise-password-management-authentication-solutions/"
]
},
"related": [
{
"dest-uuid": "7f550cae-98b7-4a0c-bed2-d79227dc6310",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "9eb89081-3245-423a-995f-c1d78ce39619",
"value": "Citadel"
},
@ -615,6 +879,15 @@
"https://securelist.com/ice-ix-not-cool-at-all/29111/ "
]
},
"related": [
{
"dest-uuid": "44a1706e-f6dc-43ea-ac85-9a4f2407b9a3",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "1d4a5704-c6fb-4bbb-92b2-88dc67f86339",
"value": "Ice IX"
},
@ -642,6 +915,15 @@
"Murofet"
]
},
"related": [
{
"dest-uuid": "f7081626-130a-48d5-83a9-759b3ef198ec",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "0b097926-2e1a-4134-8ab9-4c16d0cca0fc",
"value": "Licat"
},
@ -666,6 +948,15 @@
"http://blog.talosintelligence.com/2018/04/icedid-banking-trojan.html"
]
},
"related": [
{
"dest-uuid": "26f5afaf-0bd7-4741-91ab-917bdd837330",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "9d67069c-b778-486f-8158-53f5dcd05d08",
"value": "IcedID"
},
@ -695,6 +986,29 @@
"https://objective-see.com/blog/blog_0x25.html#Dok"
]
},
"related": [
{
"dest-uuid": "22ef1e56-7778-41d1-9b2b-737aa5bf9777",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "80acc956-d418-42e3-bddf-078695a01289",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "87b69cb4-8b65-47ee-91b0-9b1decdd5c5c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "e159c4f8-3c22-49f9-a60a-16588a9c22b0",
"value": "Dok"
},
@ -719,6 +1033,15 @@
"lsmo"
]
},
"related": [
{
"dest-uuid": "26b91007-a8ae-4e32-bd99-292e44735c3d",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "f93acc85-8d2c-41e0-b0c5-47795b8c6194",
"value": "Smominru"
},
@ -729,6 +1052,15 @@
"https://www.proofpoint.com/us/threat-insight/post/danabot-new-banking-trojan-surfaces-down-under-0"
]
},
"related": [
{
"dest-uuid": "4f7decd4-054b-4dd7-89cc-9bdb248f7c8a",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "844417c6-a404-4c4e-8e93-84db596d725b",
"value": "DanaBot"
},
@ -754,6 +1086,15 @@
"Shiotob"
]
},
"related": [
{
"dest-uuid": "ed9f995b-1b41-4b83-a978-d956670fdfbe",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "67a1a317-9f79-42bd-a4b2-fa1867d37d27",
"value": "Bebloh"
},
@ -768,6 +1109,15 @@
"BackPatcher"
]
},
"related": [
{
"dest-uuid": "137cde28-5c53-489b-ad0b-d0fa2e342324",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "f68555ff-6fbd-4f5a-bc23-34996f629c52",
"value": "Banjori"
},
@ -777,6 +1127,15 @@
"https://www.countercept.com/our-thinking/decrypting-qadars-banking-trojan-c2-traffic/"
]
},
"related": [
{
"dest-uuid": "080b2071-2d69-4b76-962e-3d0142074bcb",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "a717c873-6670-447a-ba98-90db6464c07d",
"value": "Qadars"
},
@ -795,6 +1154,15 @@
"https://www.johannesbader.ch/2016/06/the-dga-of-sisron/"
]
},
"related": [
{
"dest-uuid": "5d9a27e7-3110-470a-ac0d-2bf00cac7846",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "6720f960-0382-479b-a0f8-f9e008995af4",
"value": "Ranbyus"
},
@ -804,6 +1172,15 @@
"https://searchfinancialsecurity.techtarget.com/news/4500249201/Fobber-Drive-by-financial-malware-returns-with-new-tricks"
]
},
"related": [
{
"dest-uuid": "bb836040-c161-4932-8f89-bc2ca2e8c1c0",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "da124511-463c-4514-ad05-7ec8db1b38aa",
"value": "Fobber"
},
@ -814,6 +1191,15 @@
"https://research.checkpoint.com/banking-trojans-development/"
]
},
"related": [
{
"dest-uuid": "8a01c3be-17b7-4e5a-b0b2-6c1f5ccb82cf",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "a088c428-d0bb-49c8-9ed7-dcced0c74754",
"value": "Karius"
},
@ -826,6 +1212,15 @@
"https://www.bleepingcomputer.com/news/security/new-version-of-the-kronos-banking-trojan-discovered/"
]
},
"related": [
{
"dest-uuid": "62a7c823-9af0-44ee-ac05-8765806d2a17",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "5b42af8e-8fdc-11e8-bf48-f32ff64d5502",
"value": "Kronos"
},
@ -836,9 +1231,18 @@
"https://www.bleepingcomputer.com/news/security/new-banking-trojan-poses-as-a-security-module/ "
]
},
"related": [
{
"dest-uuid": "ecac83ab-cd64-4def-979a-40aeeca0400b",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "2fafe8b2-b0db-11e8-a81e-4b62ee50bd87",
"value": "CamuBot"
}
],
"version": 13
}
"version": 14
}

View file

@ -31,6 +31,15 @@
"Lodeight"
]
},
"related": [
{
"dest-uuid": "f09af1cc-cf9d-499a-9026-e783a3897508",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "d530ea76-9bbc-4276-a2e3-df04e0e5a14c",
"value": "Bagle"
},
@ -72,6 +81,15 @@
"Anserin"
]
},
"related": [
{
"dest-uuid": "ad5bcaef-1a86-4cc7-8f2e-32306b995018",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "415a3667-4ac4-4718-a6ea-617540a4abb1",
"value": "Torpig"
},
@ -104,6 +122,15 @@
"Costrat"
]
},
"related": [
{
"dest-uuid": "76e98e04-0ab7-4000-80ee-7bcbcf9c110d",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "9bca63cc-f0c7-4704-9c5f-b5bf473a9b43",
"value": "Rustock"
},
@ -117,6 +144,15 @@
"Bachsoy"
]
},
"related": [
{
"dest-uuid": "69a3e0ed-1727-4a9c-ae21-1e32322ede93",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "27a7fd9b-ec9a-4f4a-b3f5-a3b81c71970a",
"value": "Donbot"
},
@ -132,6 +168,15 @@
"Mutant"
]
},
"related": [
{
"dest-uuid": "9e8655fc-5bba-4efd-b3c0-db89ee2e0e0b",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "35e25aad-7c39-4a1d-aa17-73fa638362e8",
"value": "Cutwail"
},
@ -157,6 +202,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "2ccaccd0-8362-4224-8497-2012e7cc7549",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "6e1168e6-7768-4fa2-951f-6d6934531633",
@ -185,6 +237,15 @@
"https://en.wikipedia.org/wiki/Lethic_botnet"
]
},
"related": [
{
"dest-uuid": "342f5c56-861c-4a06-b5db-85c3c424f51f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "a73e150f-1431-4f72-994a-4000405eff07",
"value": "Lethic"
},
@ -218,6 +279,15 @@
"Kukacka"
]
},
"related": [
{
"dest-uuid": "cf752563-ad8a-4286-b2b3-9acf24a0a09a",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "6fe5f49d-48b5-4dc2-92f7-8c94397b9c96",
"value": "Sality"
},
@ -246,6 +316,15 @@
"Kido"
]
},
"related": [
{
"dest-uuid": "5f638985-49e1-4059-b2eb-f2ffa397b212",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "ab49815e-8ba6-41ec-9f51-8a9587334069",
"value": "Conficker"
},
@ -294,6 +373,15 @@
"Mondera"
]
},
"related": [
{
"dest-uuid": "53e617fc-d71e-437b-a1a1-68b815d1ff49",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "ca11e3f2-cda1-45dc-bed1-8708fa9e27a6",
"value": "Gheg"
},
@ -329,6 +417,15 @@
"Hydraflux"
]
},
"related": [
{
"dest-uuid": "ba557993-f64e-4538-8f13-dafaa3c0db00",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "0d58f329-1356-468c-88ab-e21fbb64c02b",
"value": "Asprox"
},
@ -480,6 +577,15 @@
"Alureon"
]
},
"related": [
{
"dest-uuid": "ad4e6779-59a6-4ad6-98de-6bd871ddb271",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "61a17703-7837-4cc9-b022-b5ed6b30efc1",
"value": "TDL4"
},
@ -512,6 +618,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "4e8c1ab7-2841-4823-a5d1-39284fb0969a",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "e878d24d-f122-48c4-930c-f6b6d5f0ee28",
@ -528,6 +641,15 @@
"Hlux"
]
},
"related": [
{
"dest-uuid": "7d69892e-d582-4545-8798-4a9a84a821ea",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "07b10419-e8b5-4b5f-a179-77fc9b127dc6",
"value": "Kelihos"
},
@ -546,6 +668,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "542161c0-47a4-4297-baca-5ed98386d228",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "8ed81090-f098-4878-b87e-2d801b170759",
@ -605,6 +734,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "variant-of"
},
{
"dest-uuid": "17e12216-a303-4a00-8283-d3fe92d0934c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "fcdfd4af-da35-49a8-9610-19be8a487185",
@ -638,6 +774,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "9e5d83a8-1181-43fe-a77f-28c8c75ffbd0",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "e77cf495-632a-4459-aad1-cdf29d73683f",
@ -647,6 +790,15 @@
"meta": {
"date": "April 2017"
},
"related": [
{
"dest-uuid": "837c5618-69dc-4817-8672-b3d7ae644f5c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "3d7c771b-b175-41c9-8ba1-904ef29715fa",
"value": "BetaBot"
},
@ -659,6 +811,15 @@
"https://securelist.com/hajime-the-mysterious-evolving-botnet/78160/"
]
},
"related": [
{
"dest-uuid": "ff8ee85f-4175-4f5a-99e5-0cbc378f1489",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "383fd414-3805-11e8-ac12-c7b5af38ff67",
"value": "Hajime"
},
@ -685,6 +846,15 @@
"Hide 'N Seek"
]
},
"related": [
{
"dest-uuid": "41bf8f3e-bb6a-445d-bb74-d08aae61a94b",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "cdf1148c-5358-11e8-87e5-ab60d455597f",
"value": "Hide and Seek"
},
@ -727,6 +897,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "variant-of"
},
{
"dest-uuid": "ec67f206-6464-48cf-a012-3cdfc1278488",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "f24ad5ca-04c5-4cd0-bd72-209ebce4fdbc",
@ -797,6 +974,15 @@
"https://labs.bitdefender.com/2013/12/in-depth-analysis-of-pushdo-botnet/"
]
},
"related": [
{
"dest-uuid": "b39ffc73-db5f-4a8a-acd2-bee958d69155",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "94d12a03-6ae8-4006-a98f-80c15e6f95c0",
"value": "Pushdo"
},
@ -806,6 +992,15 @@
"https://www.us-cert.gov/ncas/alerts/TA15-105A"
]
},
"related": [
{
"dest-uuid": "467ee29c-317f-481a-a77c-69961eb88c4d",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "347e7a64-8ee2-487f-bcb3-ca7564fa836c",
"value": "Simda"
},
@ -815,6 +1010,15 @@
"https://en.wikipedia.org/wiki/Virut"
]
},
"related": [
{
"dest-uuid": "2e99f27c-6791-4695-b88b-de4d4cbda8d6",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "cc1432a1-6580-4338-b119-a43236528ea1",
"value": "Virut"
},
@ -852,6 +1056,22 @@
"Bashlite"
]
},
"related": [
{
"dest-uuid": "5fe338c6-723e-43ed-8165-43d95fa93689",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "81917a93-6a70-4334-afe2-56904c1fafe9",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "40795af6-b721-11e8-9fcb-570c0b384135",
"value": "Gafgyt"
},
@ -899,6 +1119,15 @@
"https://www.bleepingcomputer.com/news/security/new-iot-botnet-torii-uses-six-methods-for-persistence-has-no-clear-purpose/"
]
},
"related": [
{
"dest-uuid": "a874575e-0ad7-464d-abb6-8f4b7964aa92",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "92f38212-94e2-4d70-9b5e-e977eb1e7b79",
"value": "Torii"
},
@ -909,9 +1138,18 @@
"https://blog.trendmicro.com/trendlabs-security-intelligence/persirai-new-internet-things-iot-botnet-targets-ip-cameras/"
]
},
"related": [
{
"dest-uuid": "2ee05352-3d4a-448b-825d-9d6c10792bf7",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "e3e91fe2-c7ce-11e8-8e85-6bc15cd2a63c",
"value": "Persirai"
}
],
"version": 15
}
"version": 16
}

View file

@ -287,6 +287,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "5eee35b6-bd21-4b67-b198-e9320fcf2c88",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "96b2b31e-b191-43c4-9929-48ba1cbee62c",
@ -570,6 +577,15 @@
"Neutrino-v"
]
},
"related": [
{
"dest-uuid": "3760920e-4d1a-40d8-9e60-508079499076",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "218ae39b-2f92-4355-91c6-50cce319d26d",
"value": "Neutrino"
},
@ -745,5 +761,5 @@
"value": "Unknown"
}
],
"version": 10
}
"version": 11
}

File diff suppressed because it is too large Load diff

View file

@ -224,9 +224,18 @@
"Transparent Tribe"
]
},
"related": [
{
"dest-uuid": "acbb5cad-ffe7-4b0e-a57a-2dbc916e8905",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "2a410eea-a9da-11e8-b404-37b7060746c8",
"value": "https://www.cfr.org/interactive/cyber-operations/mythic-leopard"
}
],
"version": 5
}
"version": 6
}

View file

@ -156,6 +156,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "b376580e-aba1-4ac9-9c2d-2df429efecf6",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "4f6aa78c-c3d4-4883-9840-96ca2f5d6d47",
@ -174,6 +181,15 @@
"NetC"
]
},
"related": [
{
"dest-uuid": "0bc03bfa-1439-4162-bb33-ec9f8f952ee5",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "fde50aaa-f5de-4cb8-989a-babb57d6a704",
"value": "Net Crawler - S0056"
},
@ -197,6 +213,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "82c644ab-550a-4a83-9b35-d545f4719069",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4",
@ -261,6 +284,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "c04fc02e-f35a-44b6-a9b0-732bf2fc551a",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "083bb47b-02c8-4423-81a2-f9ef58572974",
@ -328,6 +358,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "6eee9bf9-ffce-4c88-a5ad-9d80f6fc727c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "dc5d1a33-62aa-4a0c-aa8c-589b87beb11e",
@ -376,6 +413,20 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "bab647d7-c9d6-4697-8fd2-1295c7429e1f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "2f899e3e-1a46-43ea-8e68-140603ce943d",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "73a4793a-ce55-4159-b2a6-208ef29b326f",
@ -416,6 +467,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "e6a077cb-42cc-4193-9006-9ceda8c0dff2",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "08d20cd2-f084-45ee-8558-fa6ef5a18519",
@ -512,6 +570,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "ba91d713-c36e-4d98-9fb7-e16496a69eec",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "0c824410-58ff-49b2-9cf2-1c96b182bdf0",
@ -665,6 +730,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "9b0aa458-dfa9-48af-87ea-c36d1501376c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "4ab44516-ad75-4e43-a280-705dc0420e2f",
@ -738,6 +810,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "a70e93a7-3578-47e1-9926-0818979ed866",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "17b40f60-729f-4fe8-8aea-cc9ee44a95d5",
@ -755,6 +834,15 @@
"WinMM"
]
},
"related": [
{
"dest-uuid": "6a100902-7204-4f20-b838-545ed86d4428",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "22addc7b-b39f-483d-979a-1b35147da5de",
"value": "WinMM - S0059"
},
@ -785,6 +873,15 @@
"Sys10"
]
},
"related": [
{
"dest-uuid": "2ae57534-6aac-4025-8d93-888dab112b45",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "7f8730af-f683-423f-9ee1-5f6875a80481",
"value": "Sys10 - S0060"
},
@ -917,6 +1014,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "438c6d0f-03f0-4b49-89d2-40bf5349c3fc",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "2f1a9fd0-3b7c-4d77-a358-78db13adbe78",
@ -941,6 +1045,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "35e00ff0-704e-4e61-b9bb-9ed20a4a008f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "67fc172a-36fa-4a35-88eb-4ba730ed52a6",
@ -1002,6 +1113,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "036bd099-fe80-46c2-9c4c-e5c6df8dcdee",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd",
@ -1019,6 +1137,15 @@
"Reaver"
]
},
"related": [
{
"dest-uuid": "826c31ca-2617-47e4-b236-205da3881182",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "65341f30-bec6-4b1d-8abf-1a5620446c29",
"value": "Reaver - S0172"
},
@ -1034,6 +1161,15 @@
"Misdat"
]
},
"related": [
{
"dest-uuid": "d1597713-fe7a-45bd-8b59-1a13c7e097d8",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "0db09158-6e48-4e7c-8ce7-2b10b9c0c039",
"value": "Misdat - S0083"
},
@ -1057,6 +1193,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "d26b5518-8d7f-41a6-b539-231e4962853e",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "f108215f-3487-489d-be8b-80e346d32518",
@ -1112,6 +1255,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "8465177f-16c8-47fc-a4c8-f4c0409fe460",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "9ea525fa-b0a9-4dde-84f2-bcea0137b3c1",
@ -1144,6 +1294,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "a61fc694-a88a-484d-a648-db35b49932fd",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "326af1cd-78e7-45b7-a326-125d2f7ef8f2",
@ -1161,6 +1318,15 @@
"Rover"
]
},
"related": [
{
"dest-uuid": "53e94bc9-c8d2-4fb6-9c02-00841e454050",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "6b616fc1-1505-48e3-8b2c-0d19337bff38",
"value": "Rover - S0090"
},
@ -1191,6 +1357,15 @@
"PowerDuke"
]
},
"related": [
{
"dest-uuid": "c79f5876-e3b9-417a-8eaf-8f1b01a0fecd",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "00c3bfcb-99bd-4767-8c03-b08f585f5c8a",
"value": "PowerDuke - S0139"
},
@ -1267,6 +1442,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "7789fc1b-3cbc-4a1c-8ef0-8b06760f93e7",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "b42378e0-f147-496f-992a-26a49705395b",
@ -1309,6 +1491,15 @@
"Anunak"
]
},
"related": [
{
"dest-uuid": "8c246ec4-eaa5-42c0-b137-29f28cbb6832",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "72f54d66-675d-4587-9bd3-4ed09f9522e4",
"value": "Carbanak - S0030"
},
@ -1437,6 +1628,15 @@
"Nioupale"
]
},
"related": [
{
"dest-uuid": "70f6c71f-bc0c-4889-86e3-ef04e5b8415b",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "b6b3dfc7-9a81-43ff-ac04-698bad48973a",
"value": "Daserf - S0187"
},
@ -1560,6 +1760,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "53089817-6d65-4802-a7d2-5ccc3d919b74",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "7343e208-7cab-45f2-a47b-41ba5e2f0fab",
@ -1666,6 +1873,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "e88eb9b1-dc8b-4696-8dcf-0c29924d0f8b",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "96b08451-b27a-4ff6-893f-790e26393a8e",
@ -1722,6 +1936,15 @@
"NETEAGLE"
]
},
"related": [
{
"dest-uuid": "3bb8052e-8ed2-48e3-a2cf-7358bae8c6b5",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2",
"value": "NETEAGLE - S0034"
},
@ -1818,6 +2041,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "637000f7-4363-44e0-b795-9cfb7a3dc460",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "3d8e547d-9456-4f32-a895-dc86134e282f",
@ -1874,6 +2104,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "4cbe9373-6b5e-42d0-9750-e0b7fc0d58bb",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "4c59cce8-cb48-4141-b9f1-f646edfaadb0",
@ -1906,6 +2143,15 @@
"POWRUNER"
]
},
"related": [
{
"dest-uuid": "63f6df51-4de3-495a-864f-0a7e30c3b419",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "09b2cd76-c674-47cc-9f57-d2f2ad150a46",
"value": "POWRUNER - S0184"
},
@ -1938,6 +2184,15 @@
"Pteranodon"
]
},
"related": [
{
"dest-uuid": "d5138738-846e-4466-830c-cd2bb6ad09cf",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "5f9f7648-04ba-4a9f-bb4c-2a13e74572bd",
"value": "Pteranodon - S0147"
},
@ -2037,6 +2292,15 @@
"AIRBREAK"
]
},
"related": [
{
"dest-uuid": "fd419da6-5c0d-461e-96ee-64397efac63b",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "06d735e7-1db1-4dbe-ab4b-acbe419f902b",
"value": "Orz - S0229"
},
@ -2067,6 +2331,15 @@
"Kasidet"
]
},
"related": [
{
"dest-uuid": "3760920e-4d1a-40d8-9e60-508079499076",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "26fed817-e7bf-41f9-829a-9075ffac45c2",
"value": "Kasidet - S0088"
},
@ -2108,6 +2381,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "ccd61dfc-b03f-4689-8c18-7c97eab08472",
@ -2126,6 +2406,15 @@
"Darkmoon"
]
},
"related": [
{
"dest-uuid": "81ca4876-b4a4-43e9-b8a9-8a88709dd3d2",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "310f437b-29e7-4844-848c-7220868d074a",
"value": "Darkmoon - S0209"
},
@ -2156,6 +2445,15 @@
"BBSRAT"
]
},
"related": [
{
"dest-uuid": "cad1d6db-3a6c-4d67-8f6e-627d8a168d6a",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "64d76fa5-cf8f-469c-b78c-1a4f7c5bad80",
"value": "BBSRAT - S0127"
},
@ -2180,6 +2478,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "3477a25d-e04b-475e-8330-39f66c10cc01",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "7551188b-8f91-4d34-8350-0d0c57b2b913",
@ -2252,6 +2557,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "d674ffd2-1f27-403b-8fe9-b4af6e303e5c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "80a014ba-3fef-4768-990b-37d8bd10d7f4",
@ -2285,6 +2597,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "b376580e-aba1-4ac9-9c2d-2df429efecf6",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "17e919aa-4a49-445c-b103-dbb8df9e7351",
@ -2422,6 +2741,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "fece06b7-d4b1-42cf-b81a-5323c917546e",
@ -2462,6 +2788,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "495b6cdb-7b5a-4fbc-8d33-e7ef68806d08",
@ -2479,6 +2812,15 @@
"TDTESS"
]
},
"related": [
{
"dest-uuid": "99d83ee8-6870-4af2-a3c8-cf86baff7cb3",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "0b32ec39-ba61-4864-9ebe-b4b0b73caf9a",
"value": "TDTESS - S0164"
},
@ -2519,6 +2861,15 @@
"TURNEDUP"
]
},
"related": [
{
"dest-uuid": "fab34d66-5668-460a-bc0f-250b9417cdbf",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "db1355a7-e5c9-4e2c-8da7-eccf2ae9bf5c",
"value": "TURNEDUP - S0199"
},
@ -2644,6 +2995,15 @@
"Helminth"
]
},
"related": [
{
"dest-uuid": "19d89300-ff97-4281-ac42-76542e744092",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "eff1a885-6f90-42a1-901f-eef6e7a1905e",
"value": "Helminth - S0170"
},
@ -2702,6 +3062,20 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "d26b5518-8d7f-41a6-b539-231e4962853e",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "6bd20349-1231-4aaa-ba2a-f4b09d3b344c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "60c18d06-7b91-4742-bae3-647845cd9d81",
@ -2726,6 +3100,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "f4cac204-3d3f-4bb6-84bd-fc27b2f5158c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "9ca488bd-9587-48ef-b923-1743523e63b2",
@ -2745,6 +3126,15 @@
"ProjectSauron"
]
},
"related": [
{
"dest-uuid": "6a3c3fbc-97ec-4938-b64e-2679e4b73db9",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "69d6f4a9-fcf0-4f51-bca7-597c51ad0bb8",
"value": "Remsec - S0125"
},
@ -2815,6 +3205,15 @@
"WhiteBear"
]
},
"related": [
{
"dest-uuid": "0a3047b3-6a38-48ff-8f9c-49a5c28e3ada",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "76abb3ef-dafd-4762-97cb-a35379429db4",
"value": "Gazer - S0168"
},
@ -2832,6 +3231,15 @@
"SeaDesk"
]
},
"related": [
{
"dest-uuid": "1d07212e-6292-40a4-a5e9-30aef83b6207",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "67e6d66b-1b82-4699-b47a-e2efb6268d14",
"value": "SeaDuke - S0053"
},
@ -2890,6 +3298,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "21ab9e14-602a-4a76-a308-dbf5d6a91d75",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "fb575479-14ef-41e9-bfab-0b7cf10bec73",
@ -2974,6 +3389,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "3a26ee44-3224-48f3-aefb-3978c972d928",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "cafd0bf8-2b9c-46c7-ae3c-3e0f42c5062e",
@ -3013,6 +3435,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "1ecbcd20-f238-47ef-874b-08ef93266395",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "63c2a130-8a5b-452f-ad96-07cf0af12ffe",
@ -3051,6 +3480,15 @@
"FinSpy"
]
},
"related": [
{
"dest-uuid": "541b64bc-87ec-4cc2-aaee-329355987853",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "a5528622-3a8a-4633-86ce-8cdaf8423858",
"value": "FinFisher - S0182"
},
@ -3074,6 +3512,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "d9cc15f7-0880-4ae4-8df4-87c58338d6b8",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "da5880b4-f7da-4869-85f2-e0aba84b8565",
@ -3098,6 +3543,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "4df1b257-c242-46b0-b120-591430066b6f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "5e595477-2e78-4ce7-ae42-e0b059b17808",
@ -3130,6 +3582,15 @@
"Felismus"
]
},
"related": [
{
"dest-uuid": "07a41ea7-17b2-4852-bfd7-54211c477dc0",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "196f1f32-e0c2-4d46-99cd-234d4b6befe1",
"value": "Felismus - S0171"
},
@ -3171,6 +3632,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "7f8166e2-c7f4-4b48-a07b-681b61a8f2c1",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "d3afa961-a80c-4043-9509-282cdf69ab21",
@ -3188,6 +3656,15 @@
"RTM"
]
},
"related": [
{
"dest-uuid": "e6952b4d-e96d-4641-a88f-60074776d553",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "92ec0cbd-2c30-44a2-b270-73f4ec949841",
"value": "RTM - S0148"
},
@ -3334,6 +3811,15 @@
"DownPaper"
]
},
"related": [
{
"dest-uuid": "227862fd-ae83-4e3d-bb69-cc1a45a13aed",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "e48df773-7c95-4a4c-ba70-ea3d15900148",
"value": "DownPaper - S0186"
},
@ -3493,6 +3979,15 @@
"pngdowner"
]
},
"related": [
{
"dest-uuid": "fb4313ea-1fb6-4766-8b5c-b41fd347e4c5",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "800bdfba-6d66-480f-9f45-15845c05cb5d",
"value": "pngdowner - S0067"
},
@ -3508,6 +4003,15 @@
"SslMM"
]
},
"related": [
{
"dest-uuid": "009db412-762d-4256-8df9-eb213be01ffd",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421",
"value": "SslMM - S0058"
},
@ -3623,6 +4127,15 @@
"OnionDuke"
]
},
"related": [
{
"dest-uuid": "abd10caa-7d4c-4c22-8dae-8d32f13232d7",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "b136d088-a829-432c-ac26-5529c26d4c7e",
"value": "OnionDuke - S0052"
},
@ -3709,6 +4222,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "7ea00126-add3-407e-b69d-d4aa1b3049d5",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "94379dec-5c87-49db-b36e-66abc0b81344",
@ -3731,6 +4251,15 @@
"DRIFTWOOD"
]
},
"related": [
{
"dest-uuid": "80f87001-ff40-4e33-bd12-12ed1a92d1d7",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "9752aef4-a1f3-4328-929f-b64eb0536090",
"value": "RawPOS - S0169"
},
@ -3757,6 +4286,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "6b6cf608-cc2c-40d7-8500-afca3e35e7e4",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "6b62e336-176f-417b-856a-8552dd8c44e1",
@ -3776,6 +4312,15 @@
"Enfal"
]
},
"related": [
{
"dest-uuid": "2a4cacb7-80a1-417e-8b9c-54b4089f35d9",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "251fbae2-78f6-4de7-84f6-194c727a64ad",
"value": "Lurid - S0010"
},
@ -3865,6 +4410,20 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "d26b5518-8d7f-41a6-b539-231e4962853e",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "6bd20349-1231-4aaa-ba2a-f4b09d3b344c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "8ae43c46-57ef-47d5-a77a-eebb35628db2",
@ -3886,5 +4445,5 @@
"value": "ELMER - S0064"
}
],
"version": 5
}
"version": 6
}

View file

@ -139,6 +139,15 @@
"UACMe"
]
},
"related": [
{
"dest-uuid": "ccde5b0d-fe13-48e6-a6f4-4e434ce29371",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "102c3898-85e0-43ee-ae28-62a0a3ed9507",
"value": "UACMe - S0116"
},
@ -302,6 +311,15 @@
"gsecdump"
]
},
"related": [
{
"dest-uuid": "8410d208-7450-407d-b56c-e5c1ced19632",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "b07c2c47-fefb-4d7c-a69e-6a3296171f54",
"value": "gsecdump - S0008"
},
@ -427,6 +445,15 @@
"HUC Packet Transmit Tool"
]
},
"related": [
{
"dest-uuid": "3fb18a77-91ef-4c68-a9a9-fa6bdbea38e8",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "d5e96a35-7b0b-4c6a-9533-d63ecbda563e",
"value": "HTRAN - S0040"
},
@ -751,6 +778,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "1a1d3ea4-972e-4c48-8d85-08d9db8f1550",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "aafea02e-ece5-4bb2-91a6-3bf8c7f38a39",
@ -772,5 +806,5 @@
"value": "Invoke-PSImage - S0231"
}
],
"version": 5
}
"version": 6
}

View file

@ -49,6 +49,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "f4cac204-3d3f-4bb6-84bd-fc27b2f5158c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "SOUNDBITE"
@ -139,6 +146,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "b376580e-aba1-4ac9-9c2d-2df429efecf6",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "TEXTMATE"
@ -156,6 +170,15 @@
],
"uuid": "fde50aaa-f5de-4cb8-989a-babb57d6a704"
},
"related": [
{
"dest-uuid": "0bc03bfa-1439-4162-bb33-ec9f8f952ee5",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "Net Crawler"
},
{
@ -178,6 +201,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "82c644ab-550a-4a83-9b35-d545f4719069",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "BlackEnergy"
@ -233,6 +263,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "c04fc02e-f35a-44b6-a9b0-732bf2fc551a",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "Backdoor.Oldrea"
@ -260,6 +297,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "6eee9bf9-ffce-4c88-a5ad-9d80f6fc727c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "ChChes"
@ -333,6 +377,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "e6a077cb-42cc-4193-9006-9ceda8c0dff2",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "Downdelph"
@ -400,6 +451,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "d26b5518-8d7f-41a6-b539-231e4962853e",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "Komplex"
@ -485,6 +543,15 @@
],
"uuid": "22addc7b-b39f-483d-979a-1b35147da5de"
},
"related": [
{
"dest-uuid": "6a100902-7204-4f20-b838-545ed86d4428",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "WinMM"
},
{
@ -507,6 +574,15 @@
],
"uuid": "7f8730af-f683-423f-9ee1-5f6875a80481"
},
"related": [
{
"dest-uuid": "2ae57534-6aac-4025-8d93-888dab112b45",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "Sys10"
},
{
@ -608,6 +684,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "35e00ff0-704e-4e61-b9bb-9ed20a4a008f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "BS2005"
@ -663,6 +746,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "036bd099-fe80-46c2-9c4c-e5c6df8dcdee",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "PlugX"
@ -683,6 +773,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "4df1b257-c242-46b0-b120-591430066b6f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "POSHSPY"
@ -696,6 +793,15 @@
],
"uuid": "0db09158-6e48-4e7c-8ce7-2b10b9c0c039"
},
"related": [
{
"dest-uuid": "d1597713-fe7a-45bd-8b59-1a13c7e097d8",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "Misdat"
},
{
@ -741,6 +847,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "8465177f-16c8-47fc-a4c8-f4c0409fe460",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "MoonWind"
@ -772,6 +885,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "a61fc694-a88a-484d-a648-db35b49932fd",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "Crimson"
@ -785,6 +905,15 @@
],
"uuid": "6b616fc1-1505-48e3-8b2c-0d19337bff38"
},
"related": [
{
"dest-uuid": "53e94bc9-c8d2-4fb6-9c02-00841e454050",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "Rover"
},
{
@ -807,6 +936,15 @@
],
"uuid": "00c3bfcb-99bd-4767-8c03-b08f585f5c8a"
},
"related": [
{
"dest-uuid": "c79f5876-e3b9-417a-8eaf-8f1b01a0fecd",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "PowerDuke"
},
{
@ -880,6 +1018,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "7789fc1b-3cbc-4a1c-8ef0-8b06760f93e7",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "PoisonIvy"
@ -897,6 +1042,15 @@
],
"uuid": "72f54d66-675d-4587-9bd3-4ed09f9522e4"
},
"related": [
{
"dest-uuid": "8c246ec4-eaa5-42c0-b137-29f28cbb6832",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "Carbanak"
},
{
@ -1029,6 +1183,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "53089817-6d65-4802-a7d2-5ccc3d919b74",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "XTunnel"
@ -1081,6 +1242,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "e88eb9b1-dc8b-4696-8dcf-0c29924d0f8b",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "Sakula"
@ -1125,6 +1293,15 @@
],
"uuid": "53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2"
},
"related": [
{
"dest-uuid": "3bb8052e-8ed2-48e3-a2cf-7358bae8c6b5",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "NETEAGLE"
},
{
@ -1209,6 +1386,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "4cbe9373-6b5e-42d0-9750-e0b7fc0d58bb",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "Regin"
@ -1233,6 +1417,15 @@
],
"uuid": "5f9f7648-04ba-4a9f-bb4c-2a13e74572bd"
},
"related": [
{
"dest-uuid": "d5138738-846e-4466-830c-cd2bb6ad09cf",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "Pteranodon"
},
{
@ -1300,6 +1493,15 @@
],
"uuid": "26fed817-e7bf-41f9-829a-9075ffac45c2"
},
"related": [
{
"dest-uuid": "3760920e-4d1a-40d8-9e60-508079499076",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "Kasidet"
},
{
@ -1341,6 +1543,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "CHOPSTICK"
@ -1365,6 +1574,15 @@
],
"uuid": "64d76fa5-cf8f-469c-b78c-1a4f7c5bad80"
},
"related": [
{
"dest-uuid": "cad1d6db-3a6c-4d67-8f6e-627d8a168d6a",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "BBSRAT"
},
{
@ -1388,6 +1606,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "3477a25d-e04b-475e-8330-39f66c10cc01",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "Elise"
@ -1428,6 +1653,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "d674ffd2-1f27-403b-8fe9-b4af6e303e5c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "Uroburos"
@ -1460,6 +1692,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "b376580e-aba1-4ac9-9c2d-2df429efecf6",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "POWERSOURCE"
@ -1676,6 +1915,20 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "d26b5518-8d7f-41a6-b539-231e4962853e",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "6bd20349-1231-4aaa-ba2a-f4b09d3b344c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "CORESHELL"
@ -1694,6 +1947,15 @@
],
"uuid": "69d6f4a9-fcf0-4f51-bca7-597c51ad0bb8"
},
"related": [
{
"dest-uuid": "6a3c3fbc-97ec-4938-b64e-2679e4b73db9",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "Remsec"
},
{
@ -1732,6 +1994,15 @@
],
"uuid": "67e6d66b-1b82-4699-b47a-e2efb6268d14"
},
"related": [
{
"dest-uuid": "1d07212e-6292-40a4-a5e9-30aef83b6207",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "SeaDuke"
},
{
@ -1785,6 +2056,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "21ab9e14-602a-4a76-a308-dbf5d6a91d75",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "ADVSTORESHELL"
@ -1816,6 +2094,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "3a26ee44-3224-48f3-aefb-3978c972d928",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "NetTraveler"
@ -1836,6 +2121,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "1ecbcd20-f238-47ef-874b-08ef93266395",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "Dyre"
@ -1873,6 +2165,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "d9cc15f7-0880-4ae4-8df4-87c58338d6b8",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "ComRAT"
@ -1895,6 +2194,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "7f8166e2-c7f4-4b48-a07b-681b61a8f2c1",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "Winnti"
@ -1934,6 +2240,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "a70e93a7-3578-47e1-9926-0818979ed866",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "RedLeaves"
@ -1947,6 +2260,15 @@
],
"uuid": "92ec0cbd-2c30-44a2-b270-73f4ec949841"
},
"related": [
{
"dest-uuid": "e6952b4d-e96d-4641-a88f-60074776d553",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "RTM"
},
{
@ -2026,6 +2348,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "438c6d0f-03f0-4b49-89d2-40bf5349c3fc",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "EvilGrab"
@ -2176,6 +2505,15 @@
],
"uuid": "800bdfba-6d66-480f-9f45-15845c05cb5d"
},
"related": [
{
"dest-uuid": "fb4313ea-1fb6-4766-8b5c-b41fd347e4c5",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "pngdowner"
},
{
@ -2187,6 +2525,15 @@
],
"uuid": "2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421"
},
"related": [
{
"dest-uuid": "009db412-762d-4256-8df9-eb213be01ffd",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "SslMM"
},
{
@ -2273,6 +2620,15 @@
],
"uuid": "b136d088-a829-432c-ac26-5529c26d4c7e"
},
"related": [
{
"dest-uuid": "abd10caa-7d4c-4c22-8dae-8d32f13232d7",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "OnionDuke"
},
{
@ -2315,6 +2671,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "7ea00126-add3-407e-b69d-d4aa1b3049d5",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "Derusbi"
@ -2342,6 +2705,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "6b6cf608-cc2c-40d7-8500-afca3e35e7e4",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "Epic"
@ -2360,6 +2730,15 @@
],
"uuid": "251fbae2-78f6-4de7-84f6-194c727a64ad"
},
"related": [
{
"dest-uuid": "2a4cacb7-80a1-417e-8b9c-54b4089f35d9",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "Lurid"
},
{
@ -2443,6 +2822,20 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "d26b5518-8d7f-41a6-b539-231e4962853e",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "6bd20349-1231-4aaa-ba2a-f4b09d3b344c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "JHUHUGIT"
@ -2459,5 +2852,5 @@
"value": "ELMER"
}
],
"version": 5
}
"version": 6
}

View file

@ -72,11 +72,25 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "d26b5518-8d7f-41a6-b539-231e4962853e",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "6bd20349-1231-4aaa-ba2a-f4b09d3b344c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
"value": "APT28 - G0007"
}
],
"version": 4
}
"version": 5
}

View file

@ -20,6 +20,15 @@
"AndroRAT"
]
},
"related": [
{
"dest-uuid": "80447111-8085-40a4-a052-420926091ac6",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "a3dad2be-ce62-4440-953b-00fbce7aba93",
"value": "AndroRAT - MOB-S0008"
},
@ -49,6 +58,15 @@
"DualToy"
]
},
"related": [
{
"dest-uuid": "8269e779-db23-4c94-aafb-36ee94879417",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "507fe748-5e4a-4b45-9e9f-8b1115f4e878",
"value": "DualToy - MOB-S0031"
},
@ -161,6 +179,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "52acea22-7d88-433c-99e6-8fef1657e3ad",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "33d9d91d-aad9-49d5-a516-220ce101ac8a",
@ -301,6 +326,15 @@
"WireLurker"
]
},
"related": [
{
"dest-uuid": "bc32df24-8e80-44bc-80b0-6a4d55661aa5",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "326eaf7b-5784-4f08-8fc2-61fd5d5bc5fb",
"value": "WireLurker - MOB-S0028"
},
@ -413,6 +447,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "56660521-6db4-4e5a-a927-464f22954b7c",
@ -550,6 +591,15 @@
"Charger"
]
},
"related": [
{
"dest-uuid": "6e0545df-8df6-4990-971c-e96c4c60d561",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "d1c600f8-0fb6-4367-921b-85b71947d950",
"value": "Charger - MOB-S0039"
},
@ -588,6 +638,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "52acea22-7d88-433c-99e6-8fef1657e3ad",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "93799a9d-3537-43d8-b6f4-17215de1657c",
@ -610,5 +667,5 @@
"value": "XcodeGhost - MOB-S0013"
}
],
"version": 4
}
"version": 5
}

View file

@ -27,11 +27,25 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "4cfa42a3-71d9-43e2-bf23-daa79f326387",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "5a78ec38-8b93-4dde-a99e-0c9b77674838",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "da21929e-40c0-443d-bdf4-6b60d15448b4",
"value": "Xbot - MOB-S0014"
}
],
"version": 4
}
"version": 5
}

View file

@ -88,6 +88,15 @@
],
"uuid": "102c3898-85e0-43ee-ae28-62a0a3ed9507"
},
"related": [
{
"dest-uuid": "ccde5b0d-fe13-48e6-a6f4-4e434ce29371",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "UACMe"
},
{
@ -187,6 +196,15 @@
],
"uuid": "b07c2c47-fefb-4d7c-a69e-6a3296171f54"
},
"related": [
{
"dest-uuid": "8410d208-7450-407d-b56c-e5c1ced19632",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "gsecdump"
},
{
@ -319,6 +337,15 @@
],
"uuid": "d5e96a35-7b0b-4c6a-9533-d63ecbda563e"
},
"related": [
{
"dest-uuid": "3fb18a77-91ef-4c68-a9a9-fa6bdbea38e8",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "HTRAN"
},
{
@ -451,6 +478,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "1a1d3ea4-972e-4c48-8d85-08d9db8f1550",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "Cobalt Strike"
@ -472,5 +506,5 @@
"value": "Reg"
}
],
"version": 5
}
"version": 6
}

View file

@ -876,6 +876,15 @@
"https://www.bleepingcomputer.com/news/security/hermes-ransomware-decrypted-in-live-video-by-emsisofts-fabian-wosar/"
]
},
"related": [
{
"dest-uuid": "4d8da0af-cfd7-4990-b211-af0e9906eca0",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "b7102922-8aad-4b29-8518-6d87c3ba45bb",
"value": "Hermes Ransomware"
},
@ -1265,6 +1274,15 @@
"https://twitter.com/Xylit0l/status/821757718885236740"
]
},
"related": [
{
"dest-uuid": "5639f7db-ab70-4b86-8a2f-9c4e3927ba91",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "61d8bba8-7b22-493f-b023-97ffe7f17caf",
"value": "Satan Ransomware"
},
@ -1902,6 +1920,15 @@
"https://twitter.com/JaromirHorejsi/status/815557601312329728"
]
},
"related": [
{
"dest-uuid": "cd5f5165-7bd3-4430-b0bc-2c8fa518f618",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "f762860a-5e7a-43bf-bef4-06bd27e0b023",
"value": "Red Alert"
},
@ -2164,6 +2191,15 @@
"https://twitter.com/PolarToffee/status/812331918633172992"
]
},
"related": [
{
"dest-uuid": "5060756f-8385-465d-a7dd-7bf09a54da92",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "dd356ed3-42b8-4587-ae53-95f933517612",
"value": "Alphabet Ransomware"
},
@ -2353,6 +2389,15 @@
"Manifestus"
]
},
"related": [
{
"dest-uuid": "5b75db42-b8f2-4e52-81d3-f329e49e1af2",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "52caade6-ba7b-474e-b173-63f4332aa808",
"value": "EnkripsiPC Ransomware"
},
@ -2473,6 +2518,15 @@
"GlobeImposter"
]
},
"related": [
{
"dest-uuid": "73806c57-cef8-4f7b-a78b-7949ef83b2c2",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "e03873ef-9e3d-4d07-85d8-e22a55f60c19",
"value": "Fake Globe Ransomware"
},
@ -4423,6 +4477,15 @@
"WCRY"
]
},
"related": [
{
"dest-uuid": "ad67ff31-2a02-43f9-8b12-7df7e4fcccd6",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "d62ab8d5-4ba1-4c45-8a63-13fdb099b33c",
"value": "WannaCry"
},
@ -4484,6 +4547,15 @@
"7ev3n-HONE$T"
]
},
"related": [
{
"dest-uuid": "ac2608e9-7851-409f-b842-e265b877a53c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "664701d6-7948-4e80-a333-1d1938103ba1",
"value": "7ev3n"
},
@ -4592,6 +4664,15 @@
"AlphaLocker"
]
},
"related": [
{
"dest-uuid": "c1b9e8c5-9283-4dbe-af10-45956a446fb7",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "a27fff00-995a-4598-ba00-05921bf20e80",
"value": "Alpha Ransomware"
},
@ -4676,6 +4757,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "e87d9df4-b464-4458-ae1f-31cea40d5f96",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "e38b8876-5780-4574-9adf-304e9d659bdb",
@ -4809,6 +4897,15 @@
"BaCrypt"
]
},
"related": [
{
"dest-uuid": "1dfd3ba6-7f82-407f-958d-c4a2ac055123",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "3cf2c880-e0b5-4311-9c4e-6293f2a566e7",
"value": "Bart"
},
@ -5004,6 +5101,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "980ea9fa-d29d-4a44-bb87-0c050f8ddeaf",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "8ff729d9-aee5-4b85-a59d-3f57e105be40",
@ -5041,6 +5145,15 @@
"CRBR ENCRYPTOR"
]
},
"related": [
{
"dest-uuid": "79a7203a-6ea5-4c39-abd4-faa20cf8821a",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "190edf95-9cd9-4e4a-a228-b716d52a751b",
"value": "Cerber"
},
@ -5181,6 +5294,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "980ea9fa-d29d-4a44-bb87-0c050f8ddeaf",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "629f6986-2c1f-4d0a-b805-e4ef3e2ce634",
@ -5323,6 +5443,15 @@
"Ranscam"
]
},
"related": [
{
"dest-uuid": "50c92b0b-cae3-41e7-b7d8-dffc2c88ac4b",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "383d7ebb-9b08-4874-b5d7-dc02b499c38f",
"value": "CryptoFinancial"
},
@ -5344,6 +5473,20 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "ae4aa1ef-4da0-4952-9583-9d47f84edad9",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "7f6cd579-b021-4896-80da-fcc07c35c8b2",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "26c8b446-305c-4057-83bc-85b09630281e",
@ -5375,6 +5518,15 @@
"ROI Locker"
]
},
"related": [
{
"dest-uuid": "54cd671e-b7e4-4dd3-9bfa-dc0ba5105944",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "dba2cf74-16a9-4ed8-8536-6542fda95999",
"value": "CryptoHost"
},
@ -5415,6 +5567,15 @@
"https://reaqta.com/2016/04/uncovering-ransomware-distribution-operation-part-2/"
]
},
"related": [
{
"dest-uuid": "c5a783da-9ff3-4427-84c5-428480b21cc7",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "b35b1ca2-f99c-4495-97a5-b8f30225cb90",
"value": "CryptoLocker"
},
@ -5496,6 +5657,15 @@
"Zeta"
]
},
"related": [
{
"dest-uuid": "55d5742e-20f5-4c9a-887a-4dbd5b37d921",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "c76110ea-15f1-4adf-a28d-c707374dbb3a",
"value": "CryptoMix"
},
@ -5506,6 +5676,15 @@
"https://twitter.com/malwrhunterteam/status/817672617658347521"
]
},
"related": [
{
"dest-uuid": "2f65f056-6cba-4a5b-9aaf-daf31eb76fc2",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "de53f392-8794-43d1-a38b-c0b90c20a3fb",
"value": "CryptoRansomeware"
},
@ -5822,6 +6001,15 @@
"CyberSplitter"
]
},
"related": [
{
"dest-uuid": "8bde6075-8c5b-4ff1-be9a-4e2b1d3419aa",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "587589df-ee42-43f4-9480-c65d6e1d7e0f",
"value": "Cyber SpLiTTer Vbs"
},
@ -6046,6 +6234,22 @@
"Hidden Tear"
]
},
"related": [
{
"dest-uuid": "24fe5fef-6325-4c21-9c35-a0ecd185e254",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "b96be762-56a0-4407-be04-fcba76c1ff29",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "254f4f67-d850-4dc5-8ddb-2e955ddea287",
"value": "HiddenTear"
},
@ -6286,6 +6490,15 @@
"https://www.bleepingcomputer.com/news/security/firecrypt-ransomware-comes-with-a-ddos-component/"
]
},
"related": [
{
"dest-uuid": "c4346ed0-1d74-4476-a78c-299bce0409bd",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "721ba430-fd28-454c-8512-24339ef2235f",
"value": "FireCrypt"
},
@ -6446,6 +6659,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "721e9af0-8a60-4b9e-9137-c23e86d75722",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "390abe30-8b9e-439e-a6d3-2ee978f05fba",
@ -6536,6 +6756,15 @@
"Mamba"
]
},
"related": [
{
"dest-uuid": "df320366-7970-4af0-b1f4-9f9492dede53",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "95be4cd8-1d98-484f-a328-a5917a05e3c8",
"value": "HDDCryptor"
},
@ -6574,6 +6803,15 @@
"https://blog.fortinet.com/2016/06/03/cooking-up-autumn-herbst-ransomware"
]
},
"related": [
{
"dest-uuid": "ca8482d9-657b-49fe-8345-6ed962a9735a",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "6489895b-0213-4564-9cfc-777df58d84c9",
"value": "Herbst"
},
@ -6781,6 +7019,15 @@
"CryptoHitMan"
]
},
"related": [
{
"dest-uuid": "910c3fd2-56e5-4f1d-8df0-2aa0b293b7d9",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "1e3384ae-4b48-4c96-b7c2-bc1cc1eda203",
"value": "Jigsaw"
},
@ -6835,6 +7082,15 @@
"http://www.welivesecurity.com/2016/03/07/new-mac-ransomware-appears-keranger-spread-via-transmission-app/"
]
},
"related": [
{
"dest-uuid": "01643bc9-bd61-42e8-b9f1-5fbf83dcd786",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "63292b32-9867-4fb2-9e59-d4983d4fd5d1",
"value": "KeRanger"
},
@ -7122,6 +7378,15 @@
"https://www.bleepingcomputer.com/news/security/locky-ransomware-switches-to-egyptian-mythology-with-the-osiris-extension/"
]
},
"related": [
{
"dest-uuid": "24c9bb9f-1f9a-4e01-95d8-86c51733e11c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "8d51a22e-3485-4480-af96-8ed0305a7aa6",
"value": "Locky"
},
@ -7406,6 +7671,15 @@
"http://github.com/Cyberclues/nanolocker-decryptor"
]
},
"related": [
{
"dest-uuid": "00e1373c-fddf-4b06-9770-e980cc0ada6b",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "03a91686-c607-49a8-a4e2-2054833c0013",
"value": "NanoLocker"
},
@ -7570,6 +7844,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "32fa6c53-b4fc-47f8-894c-1ea74180e02f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "3c51fc0e-42d8-4ff0-b1bd-5c8c20271a39",
@ -7589,6 +7870,15 @@
"GPCode"
]
},
"related": [
{
"dest-uuid": "127c3d76-6323-4363-93e0-cd06ade0dd52",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "7914f9c9-3257-464c-b918-3754c4d018af",
"value": "OMG! Ransomware"
},
@ -7622,6 +7912,15 @@
"CryptoWire"
]
},
"related": [
{
"dest-uuid": "bc0c1e48-102c-4e6b-9b86-c442c4798159",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "4bb11db7-17a0-4536-b817-419ae6299004",
"value": "Owl"
},
@ -7640,6 +7939,15 @@
"https://twitter.com/malwrhunterteam/status/798141978810732544"
]
},
"related": [
{
"dest-uuid": "c21335f5-b145-4029-b1bc-161362c7ce80",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "57c5df76-e72f-41b9-be29-89395f83a77c",
"value": "PadCrypt"
},
@ -7674,6 +7982,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "bad1057c-4f92-4747-a0ec-31bcc062dab8",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "e211ea8d-5042-48ae-86c6-15186d1f8dba",
@ -7696,6 +8011,15 @@
"Goldeneye"
]
},
"related": [
{
"dest-uuid": "34c9dbaa-97ac-4e1e-9eca-b7c492d67efc",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "7c5a1e93-7ab2-4b08-ada9-e82c4feaed0a",
"value": "Petya"
},
@ -7752,6 +8076,15 @@
"https://securelist.com/blog/research/76182/polyglot-the-fake-ctb-locker/"
]
},
"related": [
{
"dest-uuid": "5ee77368-5e09-4016-ae73-82b99e830832",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "b22cafb4-ccef-4935-82f4-631a6e539b8e",
"value": "Polyglot"
},
@ -7772,6 +8105,15 @@
"PoshCoder"
]
},
"related": [
{
"dest-uuid": "5c5beab9-614c-4c86-b369-086234ddb43c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "9fa93bb7-2997-4864-aa0e-0e667990dec8",
"value": "PowerWare"
},
@ -7907,6 +8249,15 @@
"http://www.nyxbone.com/malware/radamant.html"
]
},
"related": [
{
"dest-uuid": "98bcb2b9-bc3a-4ffb-859a-94bd03c1cc3c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "674c3bf6-2e16-427d-ab0f-b91676a460cd",
"value": "Radamant"
},
@ -8025,6 +8376,15 @@
"https://www.bleepingcomputer.com/news/security/ransoc-ransomware-extorts-users-who-accessed-questionable-content/"
]
},
"related": [
{
"dest-uuid": "5310903e-0704-4ca4-ab1b-52d243dddb06",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "f0fcbac5-6216-4c3c-adcb-3aa06ab23340",
"value": "Ransoc"
},
@ -8136,6 +8496,15 @@
"https://blog.malwarebytes.org/threat-analysis/2016/04/rokku-ransomware/"
]
},
"related": [
{
"dest-uuid": "38f57823-ccc2-424b-8140-8ba30325af9c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "61184aea-e87b-467d-b36e-cfc75ccb242f",
"value": "Rokku"
},
@ -8266,6 +8635,15 @@
"Samsam"
]
},
"related": [
{
"dest-uuid": "696d78cb-1716-4ca0-b678-c03c7cfec19a",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "731e4a5e-35f2-47b1-80ba-150b95fdc14d",
"value": "Samas-Samsam"
},
@ -8327,6 +8705,15 @@
"https://blog.kaspersky.com/satana-ransomware/12558/"
]
},
"related": [
{
"dest-uuid": "09b555be-8bac-44b2-8741-922ee0b87880",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "a127a59e-9e4c-4c2b-b833-cabd076c3016",
"value": "Satana"
},
@ -8348,6 +8735,15 @@
"http://www.nyxbone.com/malware/Serpico.html"
]
},
"related": [
{
"dest-uuid": "0d4ca924-7e7e-4385-b14d-f504b4d206e5",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "bd4bfbab-c21d-4971-b70c-b180bcf40630",
"value": "Serpico"
},
@ -8409,6 +8805,15 @@
"KinCrypt"
]
},
"related": [
{
"dest-uuid": "77c20bd9-5403-4f99-bae5-c54f3f38a6b6",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "b9963d52-a391-4e9c-92e7-d2a147d5451f",
"value": "Shujin"
},
@ -8760,6 +9165,20 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "ae4aa1ef-4da0-4952-9583-9d47f84edad9",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "7f6cd579-b021-4896-80da-fcc07c35c8b2",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "b817ce63-f1c3-49de-bd8b-fd56c3f956c9",
@ -9240,6 +9659,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "721e9af0-8a60-4b9e-9137-c23e86d75722",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "78ef77ac-a570-4fb9-af80-d04c09dff9ab",
@ -9273,6 +9699,15 @@
"https://www.bleepingcomputer.com/news/security/jaff-ransomware-distributed-via-necurs-malspam-and-asking-for-a-3-700-ransom/"
]
},
"related": [
{
"dest-uuid": "2c51a717-726b-4813-9fcc-1265694b128e",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "8e3d44d0-6768-4b54-88b0-2e004a7f2297",
"value": "Jaff"
},
@ -9400,6 +9835,15 @@
"Syn Ack"
]
},
"related": [
{
"dest-uuid": "a396a0bb-6dc5-424a-bdbd-f8ba808ca2c2",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "04585cd8-54ae-420f-9191-8ddb9b88a80c",
"value": "SynAck"
},
@ -9417,6 +9861,15 @@
"https://www.bleepingcomputer.com/news/security/synccrypt-ransomware-hides-inside-jpg-files-appends-kk-extension/"
]
},
"related": [
{
"dest-uuid": "e717a26d-17aa-4cd7-88de-dc75aa365232",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "83d10b83-9038-4dd6-b305-f14c21478588",
"value": "SyncCrypt"
},
@ -9431,6 +9884,15 @@
"Bad-Rabbit"
]
},
"related": [
{
"dest-uuid": "6f736038-4f74-435b-8904-6870ee0e23ba",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "e8af6388-6575-4812-94a8-9df1567294c5",
"value": "Bad Rabbit"
},
@ -9573,6 +10035,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "bad1057c-4f92-4747-a0ec-31bcc062dab8",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "091c9923-5939-4bde-9db5-56abfb51f1a2",
@ -9586,6 +10055,15 @@
"https://objective-see.com/blog/blog_0x25.html"
]
},
"related": [
{
"dest-uuid": "66862f1a-5823-4a9a-bd80-439aaafc1d8b",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "7574c7f1-5075-4230-aca9-d6c0956f1fac",
"value": "MacRansom"
},
@ -9659,6 +10137,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "32fa6c53-b4fc-47f8-894c-1ea74180e02f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "4f3e494e-0e37-4894-94b2-741a8100f07a",
@ -9675,6 +10160,15 @@
"https://www.eclecticiq.com/resources/thanatos--ransomware-first-ransomware-ask-payment-bitcoin-cash?type=intel-report"
]
},
"related": [
{
"dest-uuid": "24fabbe0-27a2-4c93-a6a6-c14767efaa25",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "361d7a90-2fde-4fc7-91ed-fdce26eb790f",
"value": "Thanatos"
},
@ -10322,6 +10816,15 @@
"https://www.johannesbader.ch/2015/03/the-dga-of-dircrypt/"
]
},
"related": [
{
"dest-uuid": "61b2dd12-2381-429d-bb64-e3210804a462",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "cdcc59a0-955e-412d-b481-8dff4bce6fdf",
"value": "DirCrypt"
},
@ -10616,5 +11119,5 @@
"value": "SAVEfiles"
}
],
"version": 37
}
"version": 38
}

View file

@ -36,6 +36,15 @@
"https://www.cfr.org/interactive/cyber-operations/jaderat"
]
},
"related": [
{
"dest-uuid": "8804e02c-a139-4c3d-8901-03302ca1faa0",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "1cc8963b-5ad4-4e19-8e9a-57b0ff1ef926",
"value": "JadeRAT"
},
@ -95,6 +104,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "7789fc1b-3cbc-4a1c-8ef0-8b06760f93e7",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "4e104fef-8a2c-4679-b497-6e86d7d47db0",
@ -177,6 +193,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "5086a6e0-53b2-4d96-9eb3-a0237da2e591",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "8a21ae06-d257-48a0-989b-1c9aebedabc2",
@ -288,6 +311,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "8eb9d4aa-257a-45eb-8c65-95c18500171c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "b76d9845-815c-4e77-9538-6b737269da2f",
@ -343,6 +373,15 @@
"https://www.fireeye.com/blog/threat-research/2013/10/know-your-enemy-tracking-a-rapidly-evolving-apt-actor.html"
]
},
"related": [
{
"dest-uuid": "f9d0e934-879c-4668-b959-6bf7bdc96f5d",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "41f45758-0376-42a8-bc07-8f2ffbee3ad2",
"value": "Bozok"
},
@ -366,6 +405,15 @@
"http://www.nbcnews.com/id/41584097/ns/technology_and_science-security/t/cybergate-leaked-e-mails-hint-corporate-hacking-conspiracy/"
]
},
"related": [
{
"dest-uuid": "062d8577-d6e6-4c97-bcac-eb6eb1a50a8d",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "c3cf4e88-704b-4d7c-8185-ee780804f3d3",
"value": "CyberGate"
},
@ -425,6 +473,15 @@
"JacksBot"
]
},
"related": [
{
"dest-uuid": "f2a9f583-b4dd-4669-8808-49c8bbacc376",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "1df62d96-88f8-473c-94a2-252eb360ba62",
"value": "jRAT"
},
@ -436,6 +493,15 @@
"https://leakforums.net/thread-479505"
]
},
"related": [
{
"dest-uuid": "ff24997d-1f17-4f00-b9b8-b3392146540f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "669a0e4d-9760-49fc-bdf5-0471f84e0c76",
"value": "jSpy"
},
@ -494,6 +560,15 @@
"PredatorPain"
]
},
"related": [
{
"dest-uuid": "31615066-dbff-4134-b467-d97a337b408b",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "42a97a5d-ee33-492a-b20f-758ecdbf1aed",
"value": "Predator Pain"
},
@ -583,6 +658,15 @@
"https://www.volexity.com/blog/2017/03/23/have-you-been-haunted-by-the-gh0st-rat-today/"
]
},
"related": [
{
"dest-uuid": "225fa6cf-dc9c-4b86-873b-cdf1d9dd3738",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "255a59a7-db2d-44fc-9ca9-5859b65817c3",
"value": "Gh0st RAT"
},
@ -635,6 +719,15 @@
"https://researchcenter.paloaltonetworks.com/2017/10/unit42-tracking-subaat-targeted-phishing-attacks-point-leader-threat-actors-repository/"
]
},
"related": [
{
"dest-uuid": "05252643-093b-4070-b62f-d5836683a9fa",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "6efa425c-3731-44fd-9224-2a62df061a2d",
"value": "Quasar RAT"
},
@ -667,6 +760,15 @@
"https://github.com/shotskeber/Ratty"
]
},
"related": [
{
"dest-uuid": "da032a95-b02a-4af2-b563-69f686653af4",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "a51f07ae-ab2c-45ee-aa9c-1db7873e7bb4",
"value": "Ratty"
},
@ -964,6 +1066,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "e87d9df4-b464-4458-ae1f-31cea40d5f96",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "d5d3f9de-21b5-482e-b716-5f2f13182990",
@ -1231,6 +1340,15 @@
"https://www.rekings.com/spynote-v4-android-rat/"
]
},
"related": [
{
"dest-uuid": "31592c69-d540-4617-8253-71ae0c45526c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "ea727e26-b3de-44f8-86c5-11a912c7a8aa",
"value": "SpyNote"
},
@ -1530,6 +1648,15 @@
"https://www.zscaler.com/blogs/research/cobian-rat-backdoored-rat"
]
},
"related": [
{
"dest-uuid": "aa553bbd-f6e4-4774-9ec5-4607aa2004b8",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "8c49da10-2b59-42c4-81e6-75556decdecb",
"value": "Cobian RAT"
},
@ -1693,6 +1820,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "d9cc15f7-0880-4ae4-8df4-87c58338d6b8",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "9223bf17-7e32-4833-9574-9ffd8c929765",
@ -1786,6 +1920,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "036bd099-fe80-46c2-9c4c-e5c6df8dcdee",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "663f8ef9-4c50-499a-b765-f377d23c1070",
@ -1872,6 +2013,15 @@
"meta": {
"date": "2010"
},
"related": [
{
"dest-uuid": "479353aa-c6d7-47a7-b5f0-3f97fd904864",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "ee73e375-3ac2-4ce0-b24b-74fd82d52864",
"value": "Erebus"
},
@ -2044,6 +2194,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "1a1d3ea4-972e-4c48-8d85-08d9db8f1550",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "ca44dd5e-fd9e-48b5-99cb-0b2629b9265f",
@ -2075,6 +2232,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "e88eb9b1-dc8b-4696-8dcf-0c29924d0f8b",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "3eca2d5f-41bf-4ad4-847f-df18befcdc44",
@ -2121,6 +2285,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "a61fc694-a88a-484d-a648-db35b49932fd",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "8d8efbc6-d1b7-4ec8-bab3-591edba337d0",
@ -2231,6 +2402,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "f982fa2d-f78f-4fe1-a86d-d10471a3ebcf",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "5b930a23-7d88-481f-8791-abc7b3dd93d2",
@ -2271,6 +2449,15 @@
"http://securityaffairs.co/wordpress/51202/cyber-crime/govrat-2-0-attacks.html"
]
},
"related": [
{
"dest-uuid": "9fbb5822-1660-4651-9f57-b6f83a881786",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "b6ddc2c6-5890-4c60-9b10-4274d1a9cc22",
"value": "GovRAT"
},
@ -2352,6 +2539,15 @@
"https://omnirat.eu/en/"
]
},
"related": [
{
"dest-uuid": "ec936d58-6607-4e33-aa97-0e587bbbdda5",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "f091dfcb-07f4-4414-849e-c644e7327d94",
"value": "OmniRAT"
},
@ -2512,6 +2708,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "8465177f-16c8-47fc-a4c8-f4c0409fe460",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "f266754c-d0aa-4918-95a3-73b28eaa66e3",
@ -2526,6 +2729,15 @@
"https://blog.talosintelligence.com/2018/08/picking-apart-remcos.html"
]
},
"related": [
{
"dest-uuid": "2894aee2-e0ec-417a-811e-74a68ab967b2",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "f647cca0-7416-47e9-8342-94b84dd436cc",
"value": "Remcos"
},
@ -2537,6 +2749,15 @@
"https://securityintelligence.com/client-maximus-new-remote-overlay-malware-highlights-rising-malcode-sophistication-in-brazil/"
]
},
"related": [
{
"dest-uuid": "c2bd0771-55d6-4242-986d-4bfd735998ba",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "d840e5af-3e6b-49af-ab82-fb4f8740bf55",
"value": "Client Maximus"
},
@ -2580,6 +2801,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "a70e93a7-3578-47e1-9926-0818979ed866",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "ad6a1b4a-6d79-40d4-adb7-1d7ca697347e",
@ -2593,6 +2821,15 @@
"http://www.securityweek.com/rurktar-malware-espionage-tool-development"
]
},
"related": [
{
"dest-uuid": "512e0b13-a52b-45ef-9230-7172f5e976d4",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "40bce827-4049-46e4-8323-3ab58f0f00bc",
"value": "Rurktar"
},
@ -2667,6 +2904,15 @@
"https://objective-see.com/blog/blog_0x25.html"
]
},
"related": [
{
"dest-uuid": "c9915d41-d1fb-45bc-997e-5cd9c573d8e7",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "b7cea5fe-d3fe-47cf-ba82-104c90e130ff",
"value": "MacSpy"
},
@ -2692,6 +2938,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "b376580e-aba1-4ac9-9c2d-2df429efecf6",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "ee8ccb36-2596-43a3-a044-b8721dbeb2ab",
@ -2747,6 +3000,15 @@
"https://cdn.riskiq.com/wp-content/uploads/2017/10/RiskIQ-htpRAT-Malware-Attacks.pdf?_ga=2.159415805.1155855406.1509033001-1017609577.1507615928"
]
},
"related": [
{
"dest-uuid": "e8d1a1f3-3170-4562-9a18-cadf000e48d0",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "7362581a-a7d1-4060-b225-e227f2df2b60",
"value": "htpRAT"
},
@ -2765,6 +3027,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "e0bea149-2def-484f-b658-f782a4f94815",
@ -2839,6 +3108,15 @@
"https://www.flashpoint-intel.com/blog/meet-ars-vbs-loader/"
]
},
"related": [
{
"dest-uuid": "1a4f99cc-c078-41f8-9749-e1dc524fc795",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "cd6527d1-17a7-4825-8b4b-56e113d0efb1",
"value": "ARS VBS Loader"
},
@ -2850,6 +3128,15 @@
"https://labs.bitdefender.com/wp-content/uploads/downloads/radrat-an-all-in-one-toolkit-for-complex-espionage-ops/"
]
},
"related": [
{
"dest-uuid": "271752e3-67ca-48bc-ade2-30eec11defca",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "5a3df9d7-82de-445e-a218-406b970600d7",
"value": "RadRAT"
},
@ -2860,6 +3147,15 @@
"https://www.proofpoint.com/us/threat-insight/post/leaked-source-code-ammyy-admin-turned-flawedammyy-rat"
]
},
"related": [
{
"dest-uuid": "18419355-fd28-41a6-bffe-2df68a7166c4",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "3c1003a2-8364-467a-b9b8-fcc19724a9b5",
"value": "FlawedAmmyy"
},
@ -2881,6 +3177,15 @@
"https://blog.talosintelligence.com/2018/05/navrat.html"
]
},
"related": [
{
"dest-uuid": "ec0cad2c-0c13-491a-a869-1dc1758c8872",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "6ea032a0-d54a-463b-b016-2b7b9b9a5b7e",
"value": "NavRAT"
},
@ -2901,6 +3206,15 @@
"https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/june/cve-2017-8750-rtf-and-the-sisfader-rat/"
]
},
"related": [
{
"dest-uuid": "0fba78fc-47a1-45e1-b5df-71bcabd23b5d",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "b533439d-b060-4c90-80e0-9dce67b0c6fb",
"value": "Sisfader"
},
@ -2941,5 +3255,5 @@
"value": "NukeSped"
}
],
"version": 18
}
"version": 19
}

View file

@ -16,6 +16,15 @@
"https://www.proofpoint.com/us/threat-insight/post/thief-night-new-nocturnal-stealer-grabs-data-cheap"
]
},
"related": [
{
"dest-uuid": "94793dbc-3649-40a4-9ccc-1b32846ecb3a",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "e7080bce-99b5-4615-a798-a192ed89bd5a",
"value": "Nocturnal Stealer"
},
@ -44,5 +53,5 @@
"value": "AZORult"
}
],
"version": 2
}
"version": 3
}

View file

@ -2751,6 +2751,15 @@
"Mythic Leopard"
]
},
"related": [
{
"dest-uuid": "2a410eea-a9da-11e8-b404-37b7060746c8",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "acbb5cad-ffe7-4b0e-a57a-2dbc916e8905",
"value": "Operation C-Major"
},
@ -5920,5 +5929,5 @@
"value": "FASTCash"
}
],
"version": 69
}
"version": 70
}

File diff suppressed because it is too large Load diff

View file

@ -54,7 +54,8 @@ type_mapping = {
# 'mitre-mobile-attack-course-of-action': '',
'mitre-pre-attack-intrusion-set': 'actor',
# 'mitre-enterprise-attack-relationship': '',
'tds': 'tool'
'tds': 'tool',
'malpedia': 'tool'
}
@ -103,6 +104,7 @@ if __name__ == '__main__':
# ignore the galaxies that are not relevant for us
if galaxy not in type_mapping:
print("Ignoring galaxy '{}' as it is not in the mapping.".format(galaxy))
continue
# process the entries in each cluster