chg: magical mapping with malpedia

This commit is contained in:
Christophe Vandeplas 2018-10-12 11:00:00 +02:00
parent 65eb66a739
commit f14d616e22
20 changed files with 7959 additions and 39 deletions

View file

@ -29,6 +29,15 @@
"GhostCtrl" "GhostCtrl"
] ]
}, },
"related": [
{
"dest-uuid": "3b6c1771-6d20-4177-8be0-12116e254bf5",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "a01e1d0b-5303-4d11-94dc-7db74f3d599d", "uuid": "a01e1d0b-5303-4d11-94dc-7db74f3d599d",
"value": "Andr/Dropr-FH" "value": "Andr/Dropr-FH"
}, },
@ -50,6 +59,15 @@
"https://www.bleepingcomputer.com/news/security/researchers-discover-new-android-banking-trojan/" "https://www.bleepingcomputer.com/news/security/researchers-discover-new-android-banking-trojan/"
] ]
}, },
"related": [
{
"dest-uuid": "e9aaab46-abb1-4390-b37b-d0457d05b28f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "d10f8cd5-0077-4d8f-9145-03815a68dd33", "uuid": "d10f8cd5-0077-4d8f-9145-03815a68dd33",
"value": "RedAlert2" "value": "RedAlert2"
}, },
@ -70,6 +88,15 @@
"https://www.welivesecurity.com/2017/10/13/doublelocker-innovative-android-malware/" "https://www.welivesecurity.com/2017/10/13/doublelocker-innovative-android-malware/"
] ]
}, },
"related": [
{
"dest-uuid": "10d0115a-00b4-414e-972b-8320a2bb873c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "6671bb0b-4fab-44a7-92f9-f641a887a0aa", "uuid": "6671bb0b-4fab-44a7-92f9-f641a887a0aa",
"value": "DoubleLocker" "value": "DoubleLocker"
}, },
@ -91,6 +118,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "d99c0a47-9d61-4d92-86ec-86a87b060d76",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "426ead34-b3e6-45c7-ba22-5b8f3b8214bd", "uuid": "426ead34-b3e6-45c7-ba22-5b8f3b8214bd",
@ -103,6 +137,29 @@
"https://clientsidedetection.com/lokibot___the_first_hybrid_android_malware.html" "https://clientsidedetection.com/lokibot___the_first_hybrid_android_malware.html"
] ]
}, },
"related": [
{
"dest-uuid": "a6f481fe-b6db-4507-bb3c-28f10d800e2f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "b8fa5036-813f-4887-b4d4-bb17b4a7eba0",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "4793a29b-1191-4750-810e-9301a6576fc4",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "fbda9705-677b-4c5b-9b0b-13b52eff587c", "uuid": "fbda9705-677b-4c5b-9b0b-13b52eff587c",
"value": "LokiBot" "value": "LokiBot"
}, },
@ -115,6 +172,15 @@
"https://blog.avast.com/mobile-banking-trojan-sneaks-into-google-play-targeting-wells-fargo-chase-and-citibank-customers" "https://blog.avast.com/mobile-banking-trojan-sneaks-into-google-play-targeting-wells-fargo-chase-and-citibank-customers"
] ]
}, },
"related": [
{
"dest-uuid": "85975621-5126-40cb-8083-55cbfa75121b",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "4ed03b03-a34f-4583-9db1-6c58a4bd952b", "uuid": "4ed03b03-a34f-4583-9db1-6c58a4bd952b",
"value": "BankBot" "value": "BankBot"
}, },
@ -188,6 +254,15 @@
"https://www.symantec.com/security_response/writeup.jsp?docid=2017-090410-0547-99" "https://www.symantec.com/security_response/writeup.jsp?docid=2017-090410-0547-99"
] ]
}, },
"related": [
{
"dest-uuid": "e3e90666-bc19-4741-aca8-1e4cbc2f4c9e",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "60857664-0671-4b12-ade9-86ee6ecb026a", "uuid": "60857664-0671-4b12-ade9-86ee6ecb026a",
"value": "Switcher" "value": "Switcher"
}, },
@ -259,6 +334,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "d87e2574-7b9c-4ea7-98eb-88f3e139f6ff",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "3d3aa832-8847-47c5-9e31-ef13ab7ab6fb", "uuid": "3d3aa832-8847-47c5-9e31-ef13ab7ab6fb",
@ -311,6 +393,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "8eb9d4aa-257a-45eb-8c65-95c18500171c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "ce1a9641-5bb8-4a61-990a-870e9ef36ac1", "uuid": "ce1a9641-5bb8-4a61-990a-870e9ef36ac1",
@ -762,6 +851,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "d87e2574-7b9c-4ea7-98eb-88f3e139f6ff",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "620981e8-49c8-486a-b30c-359702c8ffbc", "uuid": "620981e8-49c8-486a-b30c-359702c8ffbc",
@ -1094,6 +1190,22 @@
"https://www.symantec.com/security_response/writeup.jsp?docid=2015-071409-0636-99" "https://www.symantec.com/security_response/writeup.jsp?docid=2015-071409-0636-99"
] ]
}, },
"related": [
{
"dest-uuid": "4b2ab902-811e-4b50-8510-43454d77d027",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "c359c74e-4155-4e66-a344-b56947f75119",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "c17f6e4b-70c5-42f8-a91b-19d73485bd04", "uuid": "c17f6e4b-70c5-42f8-a91b-19d73485bd04",
"value": "Crisis" "value": "Crisis"
}, },
@ -3349,6 +3461,15 @@
"https://www.symantec.com/security_response/writeup.jsp?docid=2016-062710-0328-99" "https://www.symantec.com/security_response/writeup.jsp?docid=2016-062710-0328-99"
] ]
}, },
"related": [
{
"dest-uuid": "db3dcfd1-79d2-4c91-898f-5f2463d7c417",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "05f5a051-d7a2-4757-a2f0-d685334d9374", "uuid": "05f5a051-d7a2-4757-a2f0-d685334d9374",
"value": "Rootnik" "value": "Rootnik"
}, },
@ -3660,6 +3781,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "8eb9d4aa-257a-45eb-8c65-95c18500171c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "dadccdda-a4c2-4021-90b9-61a394e602be", "uuid": "dadccdda-a4c2-4021-90b9-61a394e602be",
@ -3714,6 +3842,20 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "d26b5518-8d7f-41a6-b539-231e4962853e",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "6bd20349-1231-4aaa-ba2a-f4b09d3b344c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729", "uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729",
@ -4482,6 +4624,15 @@
"https://www.bleepingcomputer.com/news/security/new-mysterybot-android-malware-packs-a-banking-trojan-keylogger-and-ransomware/" "https://www.bleepingcomputer.com/news/security/new-mysterybot-android-malware-packs-a-banking-trojan-keylogger-and-ransomware/"
] ]
}, },
"related": [
{
"dest-uuid": "0a53ace4-98ae-442f-be64-b8e373948bde",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "53e2e7e8-70a8-11e8-b0f8-33fcf651adaf", "uuid": "53e2e7e8-70a8-11e8-b0f8-33fcf651adaf",
"value": "MysteryBot" "value": "MysteryBot"
}, },
@ -4492,6 +4643,15 @@
"https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/" "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/"
] ]
}, },
"related": [
{
"dest-uuid": "f5fded3c-8f45-471a-a372-d8be101e1b22",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "3e19d162-9ee1-11e8-b8d7-d32141691f1f", "uuid": "3e19d162-9ee1-11e8-b8d7-d32141691f1f",
"value": "Skygofree" "value": "Skygofree"
}, },
@ -4516,5 +4676,5 @@
"value": "Triout" "value": "Triout"
} }
], ],
"version": 14 "version": 15
} }

View file

@ -16,6 +16,15 @@
"https://blog.jpcert.or.jp/2018/07/malware-wellmes-9b78.html" "https://blog.jpcert.or.jp/2018/07/malware-wellmes-9b78.html"
] ]
}, },
"related": [
{
"dest-uuid": "d84ebd91-58f6-459f-96a1-d028a1719914",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "e0e79fab-0f1d-4fc2-b424-208cb019a9cd", "uuid": "e0e79fab-0f1d-4fc2-b424-208cb019a9cd",
"value": "WellMess" "value": "WellMess"
}, },
@ -33,5 +42,5 @@
"value": "Rosenbridge" "value": "Rosenbridge"
} }
], ],
"version": 2 "version": 3
} }

View file

@ -34,6 +34,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "4e8c1ab7-2841-4823-a5d1-39284fb0969a",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "f0ec2df5-2e38-4df3-970d-525352006f2e", "uuid": "f0ec2df5-2e38-4df3-970d-525352006f2e",
@ -60,6 +67,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "b662c253-5c87-4ae6-a30e-541db0845f67",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "f3813bbd-682c-400d-8165-778be6d3f91f", "uuid": "f3813bbd-682c-400d-8165-778be6d3f91f",
@ -91,6 +105,20 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "b4216929-1626-4444-bdd7-bfd4b68a766e",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "66781866-f064-467d-925d-5e5f290352f0",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "44754726-e1d5-4e5f-a113-234c4a8ca65e", "uuid": "44754726-e1d5-4e5f-a113-234c4a8ca65e",
@ -119,6 +147,20 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "75329c9e-a218-4299-87b2-8f667cd9e40c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "4f3ad937-bf2f-40cb-9695-a2bedfd41bfa",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "b9448d2a-a23c-4bf2-92a1-d860716ba2f3", "uuid": "b9448d2a-a23c-4bf2-92a1-d860716ba2f3",
@ -151,6 +193,22 @@
"https://lokalhost.pl/gozi_tree.txt" "https://lokalhost.pl/gozi_tree.txt"
] ]
}, },
"related": [
{
"dest-uuid": "a171321e-4968-4ac0-8497-3250c1f0d77d",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "0f96a666-bf26-44e0-8ad6-f2136208c924",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "ffbbbc14-1cdb-4be9-a631-ed53c5407369", "uuid": "ffbbbc14-1cdb-4be9-a631-ed53c5407369",
"value": "Gozi ISFB" "value": "Gozi ISFB"
}, },
@ -176,6 +234,22 @@
"http://archive.is/I7hi8#selection-217.0-217.6" "http://archive.is/I7hi8#selection-217.0-217.6"
] ]
}, },
"related": [
{
"dest-uuid": "a171321e-4968-4ac0-8497-3250c1f0d77d",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "ffbbbc14-1cdb-4be9-a631-ed53c5407369",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "0f96a666-bf26-44e0-8ad6-f2136208c924", "uuid": "0f96a666-bf26-44e0-8ad6-f2136208c924",
"value": "IAP" "value": "IAP"
}, },
@ -203,6 +277,15 @@
"Zeus Terdot" "Zeus Terdot"
] ]
}, },
"related": [
{
"dest-uuid": "13236f94-802b-4abc-aaa9-cb80cf4df9ed",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "2eb658ed-aff4-4253-a21f-9059b133ce17", "uuid": "2eb658ed-aff4-4253-a21f-9059b133ce17",
"value": "Zloader Zeus" "value": "Zloader Zeus"
}, },
@ -218,6 +301,15 @@
"VM Zeus" "VM Zeus"
] ]
}, },
"related": [
{
"dest-uuid": "c32740a4-db2c-4d71-80bd-7377185f4a6f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "09d1cad8-6b06-48d7-a968-5b17bbe9ca65", "uuid": "09d1cad8-6b06-48d7-a968-5b17bbe9ca65",
"value": "Zeus VM" "value": "Zeus VM"
}, },
@ -229,6 +321,15 @@
"https://securityintelligence.com/brazil-cant-catch-a-break-after-panda-comes-the-sphinx/" "https://securityintelligence.com/brazil-cant-catch-a-break-after-panda-comes-the-sphinx/"
] ]
}, },
"related": [
{
"dest-uuid": "997c20b0-0992-498a-b69d-fc16ab2fd4e4",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "8914802c-3aca-4a0d-874a-85ac7a1bc505", "uuid": "8914802c-3aca-4a0d-874a-85ac7a1bc505",
"value": "Zeus Sphinx" "value": "Zeus Sphinx"
}, },
@ -261,6 +362,15 @@
"Maple" "Maple"
] ]
}, },
"related": [
{
"dest-uuid": "07f6bbff-a09a-4580-96ea-62795a8dae11",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "bc0be3a4-89d8-4c4c-b2aa-2dddbed1f71d", "uuid": "bc0be3a4-89d8-4c4c-b2aa-2dddbed1f71d",
"value": "Zeus KINS" "value": "Zeus KINS"
}, },
@ -276,6 +386,15 @@
"Chtonic" "Chtonic"
] ]
}, },
"related": [
{
"dest-uuid": "9441a589-e23d-402d-9603-5e55e3e33971",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "6deb9f26-969b-45aa-9222-c23663fd6ef8", "uuid": "6deb9f26-969b-45aa-9222-c23663fd6ef8",
"value": "Chthonic" "value": "Chthonic"
}, },
@ -294,6 +413,22 @@
"Trickloader" "Trickloader"
] ]
}, },
"related": [
{
"dest-uuid": "a7dbd72f-8d53-48c6-a9db-d16e7648b2d4",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "c824813c-9c79-4917-829a-af72529e8329",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "07e3260b-d80c-4c86-bd28-8adc111bbec6", "uuid": "07e3260b-d80c-4c86-bd28-8adc111bbec6",
"value": "Trickbot" "value": "Trickbot"
}, },
@ -316,6 +451,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "1ecbcd20-f238-47ef-874b-08ef93266395",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "15e969e6-f031-4441-a49b-f401332e4b00", "uuid": "15e969e6-f031-4441-a49b-f401332e4b00",
@ -351,6 +493,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "5eee35b6-bd21-4b67-b198-e9320fcf2c88",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "5594b171-32ec-4145-b712-e7701effffdd", "uuid": "5594b171-32ec-4145-b712-e7701effffdd",
@ -376,6 +525,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "d29eb927-d53d-4af2-b6ce-17b3a1b34fe7",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "8e002f78-7fb8-4e70-afd7-0b4ac655be26", "uuid": "8e002f78-7fb8-4e70-afd7-0b4ac655be26",
@ -409,6 +565,27 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "b4216929-1626-4444-bdd7-bfd4b68a766e",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "66781866-f064-467d-925d-5e5f290352f0",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "16794655-c0e2-4510-9169-f862df104045",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "7ca93488-c357-44c3-b246-3f88391aca5a", "uuid": "7ca93488-c357-44c3-b246-3f88391aca5a",
@ -432,6 +609,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "542161c0-47a4-4297-baca-5ed98386d228",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "7e2288ec-e7d4-4833-9245-a2bc5ae40ee2", "uuid": "7e2288ec-e7d4-4833-9245-a2bc5ae40ee2",
@ -465,6 +649,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "2ccaccd0-8362-4224-8497-2012e7cc7549",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "b2ec1f16-2a76-4910-adc5-ecb3570e7c1a", "uuid": "b2ec1f16-2a76-4910-adc5-ecb3570e7c1a",
@ -480,6 +671,15 @@
"https://malwarebreakdown.com/2017/09/11/re-details-malspam-downloads-corebot-banking-trojan/" "https://malwarebreakdown.com/2017/09/11/re-details-malspam-downloads-corebot-banking-trojan/"
] ]
}, },
"related": [
{
"dest-uuid": "495377c4-1be5-4c65-ba66-94c221061415",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "8a3d46db-d3b4-4f89-99e2-d1f0de3f484c", "uuid": "8a3d46db-d3b4-4f89-99e2-d1f0de3f484c",
"value": "Corebot" "value": "Corebot"
}, },
@ -508,6 +708,20 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "4cfa42a3-71d9-43e2-bf23-daa79f326387",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "5a78ec38-8b93-4dde-a99e-0c9b77674838",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "e683cd91-40b4-4e1c-be25-34a27610a22e", "uuid": "e683cd91-40b4-4e1c-be25-34a27610a22e",
@ -529,6 +743,29 @@
"Werdlod" "Werdlod"
] ]
}, },
"related": [
{
"dest-uuid": "22ef1e56-7778-41d1-9b2b-737aa5bf9777",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "80acc956-d418-42e3-bddf-078695a01289",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "e159c4f8-3c22-49f9-a60a-16588a9c22b0",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "87b69cb4-8b65-47ee-91b0-9b1decdd5c5c", "uuid": "87b69cb4-8b65-47ee-91b0-9b1decdd5c5c",
"value": "Retefe" "value": "Retefe"
}, },
@ -543,6 +780,15 @@
"http://blog.trendmicro.com/trendlabs-security-intelligence/rovnix-infects-systems-with-password-protected-macros/" "http://blog.trendmicro.com/trendlabs-security-intelligence/rovnix-infects-systems-with-password-protected-macros/"
] ]
}, },
"related": [
{
"dest-uuid": "9d58d94f-6885-4a38-b086-b9978ac62c1f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "d939e802-acb2-4881-bdaf-ece1eccf5699", "uuid": "d939e802-acb2-4881-bdaf-ece1eccf5699",
"value": "ReactorBot" "value": "ReactorBot"
}, },
@ -554,6 +800,15 @@
"https://www.arbornetworks.com/blog/asert/another-banker-enters-matrix/" "https://www.arbornetworks.com/blog/asert/another-banker-enters-matrix/"
] ]
}, },
"related": [
{
"dest-uuid": "59717468-271e-4d15-859a-130681c17ddb",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "aa3fc68c-413c-4bfb-b4cd-bca7094da985", "uuid": "aa3fc68c-413c-4bfb-b4cd-bca7094da985",
"value": "Matrix Banker" "value": "Matrix Banker"
}, },
@ -592,6 +847,15 @@
"https://securityintelligence.com/cybercriminals-use-citadel-compromise-password-management-authentication-solutions/" "https://securityintelligence.com/cybercriminals-use-citadel-compromise-password-management-authentication-solutions/"
] ]
}, },
"related": [
{
"dest-uuid": "7f550cae-98b7-4a0c-bed2-d79227dc6310",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "9eb89081-3245-423a-995f-c1d78ce39619", "uuid": "9eb89081-3245-423a-995f-c1d78ce39619",
"value": "Citadel" "value": "Citadel"
}, },
@ -615,6 +879,15 @@
"https://securelist.com/ice-ix-not-cool-at-all/29111/ " "https://securelist.com/ice-ix-not-cool-at-all/29111/ "
] ]
}, },
"related": [
{
"dest-uuid": "44a1706e-f6dc-43ea-ac85-9a4f2407b9a3",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "1d4a5704-c6fb-4bbb-92b2-88dc67f86339", "uuid": "1d4a5704-c6fb-4bbb-92b2-88dc67f86339",
"value": "Ice IX" "value": "Ice IX"
}, },
@ -642,6 +915,15 @@
"Murofet" "Murofet"
] ]
}, },
"related": [
{
"dest-uuid": "f7081626-130a-48d5-83a9-759b3ef198ec",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "0b097926-2e1a-4134-8ab9-4c16d0cca0fc", "uuid": "0b097926-2e1a-4134-8ab9-4c16d0cca0fc",
"value": "Licat" "value": "Licat"
}, },
@ -666,6 +948,15 @@
"http://blog.talosintelligence.com/2018/04/icedid-banking-trojan.html" "http://blog.talosintelligence.com/2018/04/icedid-banking-trojan.html"
] ]
}, },
"related": [
{
"dest-uuid": "26f5afaf-0bd7-4741-91ab-917bdd837330",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "9d67069c-b778-486f-8158-53f5dcd05d08", "uuid": "9d67069c-b778-486f-8158-53f5dcd05d08",
"value": "IcedID" "value": "IcedID"
}, },
@ -695,6 +986,29 @@
"https://objective-see.com/blog/blog_0x25.html#Dok" "https://objective-see.com/blog/blog_0x25.html#Dok"
] ]
}, },
"related": [
{
"dest-uuid": "22ef1e56-7778-41d1-9b2b-737aa5bf9777",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "80acc956-d418-42e3-bddf-078695a01289",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "87b69cb4-8b65-47ee-91b0-9b1decdd5c5c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "e159c4f8-3c22-49f9-a60a-16588a9c22b0", "uuid": "e159c4f8-3c22-49f9-a60a-16588a9c22b0",
"value": "Dok" "value": "Dok"
}, },
@ -719,6 +1033,15 @@
"lsmo" "lsmo"
] ]
}, },
"related": [
{
"dest-uuid": "26b91007-a8ae-4e32-bd99-292e44735c3d",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "f93acc85-8d2c-41e0-b0c5-47795b8c6194", "uuid": "f93acc85-8d2c-41e0-b0c5-47795b8c6194",
"value": "Smominru" "value": "Smominru"
}, },
@ -729,6 +1052,15 @@
"https://www.proofpoint.com/us/threat-insight/post/danabot-new-banking-trojan-surfaces-down-under-0" "https://www.proofpoint.com/us/threat-insight/post/danabot-new-banking-trojan-surfaces-down-under-0"
] ]
}, },
"related": [
{
"dest-uuid": "4f7decd4-054b-4dd7-89cc-9bdb248f7c8a",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "844417c6-a404-4c4e-8e93-84db596d725b", "uuid": "844417c6-a404-4c4e-8e93-84db596d725b",
"value": "DanaBot" "value": "DanaBot"
}, },
@ -754,6 +1086,15 @@
"Shiotob" "Shiotob"
] ]
}, },
"related": [
{
"dest-uuid": "ed9f995b-1b41-4b83-a978-d956670fdfbe",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "67a1a317-9f79-42bd-a4b2-fa1867d37d27", "uuid": "67a1a317-9f79-42bd-a4b2-fa1867d37d27",
"value": "Bebloh" "value": "Bebloh"
}, },
@ -768,6 +1109,15 @@
"BackPatcher" "BackPatcher"
] ]
}, },
"related": [
{
"dest-uuid": "137cde28-5c53-489b-ad0b-d0fa2e342324",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "f68555ff-6fbd-4f5a-bc23-34996f629c52", "uuid": "f68555ff-6fbd-4f5a-bc23-34996f629c52",
"value": "Banjori" "value": "Banjori"
}, },
@ -777,6 +1127,15 @@
"https://www.countercept.com/our-thinking/decrypting-qadars-banking-trojan-c2-traffic/" "https://www.countercept.com/our-thinking/decrypting-qadars-banking-trojan-c2-traffic/"
] ]
}, },
"related": [
{
"dest-uuid": "080b2071-2d69-4b76-962e-3d0142074bcb",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "a717c873-6670-447a-ba98-90db6464c07d", "uuid": "a717c873-6670-447a-ba98-90db6464c07d",
"value": "Qadars" "value": "Qadars"
}, },
@ -795,6 +1154,15 @@
"https://www.johannesbader.ch/2016/06/the-dga-of-sisron/" "https://www.johannesbader.ch/2016/06/the-dga-of-sisron/"
] ]
}, },
"related": [
{
"dest-uuid": "5d9a27e7-3110-470a-ac0d-2bf00cac7846",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "6720f960-0382-479b-a0f8-f9e008995af4", "uuid": "6720f960-0382-479b-a0f8-f9e008995af4",
"value": "Ranbyus" "value": "Ranbyus"
}, },
@ -804,6 +1172,15 @@
"https://searchfinancialsecurity.techtarget.com/news/4500249201/Fobber-Drive-by-financial-malware-returns-with-new-tricks" "https://searchfinancialsecurity.techtarget.com/news/4500249201/Fobber-Drive-by-financial-malware-returns-with-new-tricks"
] ]
}, },
"related": [
{
"dest-uuid": "bb836040-c161-4932-8f89-bc2ca2e8c1c0",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "da124511-463c-4514-ad05-7ec8db1b38aa", "uuid": "da124511-463c-4514-ad05-7ec8db1b38aa",
"value": "Fobber" "value": "Fobber"
}, },
@ -814,6 +1191,15 @@
"https://research.checkpoint.com/banking-trojans-development/" "https://research.checkpoint.com/banking-trojans-development/"
] ]
}, },
"related": [
{
"dest-uuid": "8a01c3be-17b7-4e5a-b0b2-6c1f5ccb82cf",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "a088c428-d0bb-49c8-9ed7-dcced0c74754", "uuid": "a088c428-d0bb-49c8-9ed7-dcced0c74754",
"value": "Karius" "value": "Karius"
}, },
@ -826,6 +1212,15 @@
"https://www.bleepingcomputer.com/news/security/new-version-of-the-kronos-banking-trojan-discovered/" "https://www.bleepingcomputer.com/news/security/new-version-of-the-kronos-banking-trojan-discovered/"
] ]
}, },
"related": [
{
"dest-uuid": "62a7c823-9af0-44ee-ac05-8765806d2a17",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "5b42af8e-8fdc-11e8-bf48-f32ff64d5502", "uuid": "5b42af8e-8fdc-11e8-bf48-f32ff64d5502",
"value": "Kronos" "value": "Kronos"
}, },
@ -836,9 +1231,18 @@
"https://www.bleepingcomputer.com/news/security/new-banking-trojan-poses-as-a-security-module/ " "https://www.bleepingcomputer.com/news/security/new-banking-trojan-poses-as-a-security-module/ "
] ]
}, },
"related": [
{
"dest-uuid": "ecac83ab-cd64-4def-979a-40aeeca0400b",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "2fafe8b2-b0db-11e8-a81e-4b62ee50bd87", "uuid": "2fafe8b2-b0db-11e8-a81e-4b62ee50bd87",
"value": "CamuBot" "value": "CamuBot"
} }
], ],
"version": 13 "version": 14
} }

View file

@ -31,6 +31,15 @@
"Lodeight" "Lodeight"
] ]
}, },
"related": [
{
"dest-uuid": "f09af1cc-cf9d-499a-9026-e783a3897508",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "d530ea76-9bbc-4276-a2e3-df04e0e5a14c", "uuid": "d530ea76-9bbc-4276-a2e3-df04e0e5a14c",
"value": "Bagle" "value": "Bagle"
}, },
@ -72,6 +81,15 @@
"Anserin" "Anserin"
] ]
}, },
"related": [
{
"dest-uuid": "ad5bcaef-1a86-4cc7-8f2e-32306b995018",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "415a3667-4ac4-4718-a6ea-617540a4abb1", "uuid": "415a3667-4ac4-4718-a6ea-617540a4abb1",
"value": "Torpig" "value": "Torpig"
}, },
@ -104,6 +122,15 @@
"Costrat" "Costrat"
] ]
}, },
"related": [
{
"dest-uuid": "76e98e04-0ab7-4000-80ee-7bcbcf9c110d",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "9bca63cc-f0c7-4704-9c5f-b5bf473a9b43", "uuid": "9bca63cc-f0c7-4704-9c5f-b5bf473a9b43",
"value": "Rustock" "value": "Rustock"
}, },
@ -117,6 +144,15 @@
"Bachsoy" "Bachsoy"
] ]
}, },
"related": [
{
"dest-uuid": "69a3e0ed-1727-4a9c-ae21-1e32322ede93",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "27a7fd9b-ec9a-4f4a-b3f5-a3b81c71970a", "uuid": "27a7fd9b-ec9a-4f4a-b3f5-a3b81c71970a",
"value": "Donbot" "value": "Donbot"
}, },
@ -132,6 +168,15 @@
"Mutant" "Mutant"
] ]
}, },
"related": [
{
"dest-uuid": "9e8655fc-5bba-4efd-b3c0-db89ee2e0e0b",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "35e25aad-7c39-4a1d-aa17-73fa638362e8", "uuid": "35e25aad-7c39-4a1d-aa17-73fa638362e8",
"value": "Cutwail" "value": "Cutwail"
}, },
@ -157,6 +202,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "2ccaccd0-8362-4224-8497-2012e7cc7549",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "6e1168e6-7768-4fa2-951f-6d6934531633", "uuid": "6e1168e6-7768-4fa2-951f-6d6934531633",
@ -185,6 +237,15 @@
"https://en.wikipedia.org/wiki/Lethic_botnet" "https://en.wikipedia.org/wiki/Lethic_botnet"
] ]
}, },
"related": [
{
"dest-uuid": "342f5c56-861c-4a06-b5db-85c3c424f51f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "a73e150f-1431-4f72-994a-4000405eff07", "uuid": "a73e150f-1431-4f72-994a-4000405eff07",
"value": "Lethic" "value": "Lethic"
}, },
@ -218,6 +279,15 @@
"Kukacka" "Kukacka"
] ]
}, },
"related": [
{
"dest-uuid": "cf752563-ad8a-4286-b2b3-9acf24a0a09a",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "6fe5f49d-48b5-4dc2-92f7-8c94397b9c96", "uuid": "6fe5f49d-48b5-4dc2-92f7-8c94397b9c96",
"value": "Sality" "value": "Sality"
}, },
@ -246,6 +316,15 @@
"Kido" "Kido"
] ]
}, },
"related": [
{
"dest-uuid": "5f638985-49e1-4059-b2eb-f2ffa397b212",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "ab49815e-8ba6-41ec-9f51-8a9587334069", "uuid": "ab49815e-8ba6-41ec-9f51-8a9587334069",
"value": "Conficker" "value": "Conficker"
}, },
@ -294,6 +373,15 @@
"Mondera" "Mondera"
] ]
}, },
"related": [
{
"dest-uuid": "53e617fc-d71e-437b-a1a1-68b815d1ff49",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "ca11e3f2-cda1-45dc-bed1-8708fa9e27a6", "uuid": "ca11e3f2-cda1-45dc-bed1-8708fa9e27a6",
"value": "Gheg" "value": "Gheg"
}, },
@ -329,6 +417,15 @@
"Hydraflux" "Hydraflux"
] ]
}, },
"related": [
{
"dest-uuid": "ba557993-f64e-4538-8f13-dafaa3c0db00",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "0d58f329-1356-468c-88ab-e21fbb64c02b", "uuid": "0d58f329-1356-468c-88ab-e21fbb64c02b",
"value": "Asprox" "value": "Asprox"
}, },
@ -480,6 +577,15 @@
"Alureon" "Alureon"
] ]
}, },
"related": [
{
"dest-uuid": "ad4e6779-59a6-4ad6-98de-6bd871ddb271",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "61a17703-7837-4cc9-b022-b5ed6b30efc1", "uuid": "61a17703-7837-4cc9-b022-b5ed6b30efc1",
"value": "TDL4" "value": "TDL4"
}, },
@ -512,6 +618,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "4e8c1ab7-2841-4823-a5d1-39284fb0969a",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "e878d24d-f122-48c4-930c-f6b6d5f0ee28", "uuid": "e878d24d-f122-48c4-930c-f6b6d5f0ee28",
@ -528,6 +641,15 @@
"Hlux" "Hlux"
] ]
}, },
"related": [
{
"dest-uuid": "7d69892e-d582-4545-8798-4a9a84a821ea",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "07b10419-e8b5-4b5f-a179-77fc9b127dc6", "uuid": "07b10419-e8b5-4b5f-a179-77fc9b127dc6",
"value": "Kelihos" "value": "Kelihos"
}, },
@ -546,6 +668,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "542161c0-47a4-4297-baca-5ed98386d228",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "8ed81090-f098-4878-b87e-2d801b170759", "uuid": "8ed81090-f098-4878-b87e-2d801b170759",
@ -605,6 +734,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "variant-of" "type": "variant-of"
},
{
"dest-uuid": "17e12216-a303-4a00-8283-d3fe92d0934c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "fcdfd4af-da35-49a8-9610-19be8a487185", "uuid": "fcdfd4af-da35-49a8-9610-19be8a487185",
@ -638,6 +774,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "9e5d83a8-1181-43fe-a77f-28c8c75ffbd0",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "e77cf495-632a-4459-aad1-cdf29d73683f", "uuid": "e77cf495-632a-4459-aad1-cdf29d73683f",
@ -647,6 +790,15 @@
"meta": { "meta": {
"date": "April 2017" "date": "April 2017"
}, },
"related": [
{
"dest-uuid": "837c5618-69dc-4817-8672-b3d7ae644f5c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "3d7c771b-b175-41c9-8ba1-904ef29715fa", "uuid": "3d7c771b-b175-41c9-8ba1-904ef29715fa",
"value": "BetaBot" "value": "BetaBot"
}, },
@ -659,6 +811,15 @@
"https://securelist.com/hajime-the-mysterious-evolving-botnet/78160/" "https://securelist.com/hajime-the-mysterious-evolving-botnet/78160/"
] ]
}, },
"related": [
{
"dest-uuid": "ff8ee85f-4175-4f5a-99e5-0cbc378f1489",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "383fd414-3805-11e8-ac12-c7b5af38ff67", "uuid": "383fd414-3805-11e8-ac12-c7b5af38ff67",
"value": "Hajime" "value": "Hajime"
}, },
@ -685,6 +846,15 @@
"Hide 'N Seek" "Hide 'N Seek"
] ]
}, },
"related": [
{
"dest-uuid": "41bf8f3e-bb6a-445d-bb74-d08aae61a94b",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "cdf1148c-5358-11e8-87e5-ab60d455597f", "uuid": "cdf1148c-5358-11e8-87e5-ab60d455597f",
"value": "Hide and Seek" "value": "Hide and Seek"
}, },
@ -727,6 +897,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "variant-of" "type": "variant-of"
},
{
"dest-uuid": "ec67f206-6464-48cf-a012-3cdfc1278488",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "f24ad5ca-04c5-4cd0-bd72-209ebce4fdbc", "uuid": "f24ad5ca-04c5-4cd0-bd72-209ebce4fdbc",
@ -797,6 +974,15 @@
"https://labs.bitdefender.com/2013/12/in-depth-analysis-of-pushdo-botnet/" "https://labs.bitdefender.com/2013/12/in-depth-analysis-of-pushdo-botnet/"
] ]
}, },
"related": [
{
"dest-uuid": "b39ffc73-db5f-4a8a-acd2-bee958d69155",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "94d12a03-6ae8-4006-a98f-80c15e6f95c0", "uuid": "94d12a03-6ae8-4006-a98f-80c15e6f95c0",
"value": "Pushdo" "value": "Pushdo"
}, },
@ -806,6 +992,15 @@
"https://www.us-cert.gov/ncas/alerts/TA15-105A" "https://www.us-cert.gov/ncas/alerts/TA15-105A"
] ]
}, },
"related": [
{
"dest-uuid": "467ee29c-317f-481a-a77c-69961eb88c4d",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "347e7a64-8ee2-487f-bcb3-ca7564fa836c", "uuid": "347e7a64-8ee2-487f-bcb3-ca7564fa836c",
"value": "Simda" "value": "Simda"
}, },
@ -815,6 +1010,15 @@
"https://en.wikipedia.org/wiki/Virut" "https://en.wikipedia.org/wiki/Virut"
] ]
}, },
"related": [
{
"dest-uuid": "2e99f27c-6791-4695-b88b-de4d4cbda8d6",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "cc1432a1-6580-4338-b119-a43236528ea1", "uuid": "cc1432a1-6580-4338-b119-a43236528ea1",
"value": "Virut" "value": "Virut"
}, },
@ -852,6 +1056,22 @@
"Bashlite" "Bashlite"
] ]
}, },
"related": [
{
"dest-uuid": "5fe338c6-723e-43ed-8165-43d95fa93689",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "81917a93-6a70-4334-afe2-56904c1fafe9",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "40795af6-b721-11e8-9fcb-570c0b384135", "uuid": "40795af6-b721-11e8-9fcb-570c0b384135",
"value": "Gafgyt" "value": "Gafgyt"
}, },
@ -899,6 +1119,15 @@
"https://www.bleepingcomputer.com/news/security/new-iot-botnet-torii-uses-six-methods-for-persistence-has-no-clear-purpose/" "https://www.bleepingcomputer.com/news/security/new-iot-botnet-torii-uses-six-methods-for-persistence-has-no-clear-purpose/"
] ]
}, },
"related": [
{
"dest-uuid": "a874575e-0ad7-464d-abb6-8f4b7964aa92",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "92f38212-94e2-4d70-9b5e-e977eb1e7b79", "uuid": "92f38212-94e2-4d70-9b5e-e977eb1e7b79",
"value": "Torii" "value": "Torii"
}, },
@ -909,9 +1138,18 @@
"https://blog.trendmicro.com/trendlabs-security-intelligence/persirai-new-internet-things-iot-botnet-targets-ip-cameras/" "https://blog.trendmicro.com/trendlabs-security-intelligence/persirai-new-internet-things-iot-botnet-targets-ip-cameras/"
] ]
}, },
"related": [
{
"dest-uuid": "2ee05352-3d4a-448b-825d-9d6c10792bf7",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "e3e91fe2-c7ce-11e8-8e85-6bc15cd2a63c", "uuid": "e3e91fe2-c7ce-11e8-8e85-6bc15cd2a63c",
"value": "Persirai" "value": "Persirai"
} }
], ],
"version": 15 "version": 16
} }

View file

@ -287,6 +287,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "5eee35b6-bd21-4b67-b198-e9320fcf2c88",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "96b2b31e-b191-43c4-9929-48ba1cbee62c", "uuid": "96b2b31e-b191-43c4-9929-48ba1cbee62c",
@ -570,6 +577,15 @@
"Neutrino-v" "Neutrino-v"
] ]
}, },
"related": [
{
"dest-uuid": "3760920e-4d1a-40d8-9e60-508079499076",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "218ae39b-2f92-4355-91c6-50cce319d26d", "uuid": "218ae39b-2f92-4355-91c6-50cce319d26d",
"value": "Neutrino" "value": "Neutrino"
}, },
@ -745,5 +761,5 @@
"value": "Unknown" "value": "Unknown"
} }
], ],
"version": 10 "version": 11
} }

File diff suppressed because it is too large Load diff

View file

@ -224,9 +224,18 @@
"Transparent Tribe" "Transparent Tribe"
] ]
}, },
"related": [
{
"dest-uuid": "acbb5cad-ffe7-4b0e-a57a-2dbc916e8905",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "2a410eea-a9da-11e8-b404-37b7060746c8", "uuid": "2a410eea-a9da-11e8-b404-37b7060746c8",
"value": "https://www.cfr.org/interactive/cyber-operations/mythic-leopard" "value": "https://www.cfr.org/interactive/cyber-operations/mythic-leopard"
} }
], ],
"version": 5 "version": 6
} }

View file

@ -156,6 +156,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "b376580e-aba1-4ac9-9c2d-2df429efecf6",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "4f6aa78c-c3d4-4883-9840-96ca2f5d6d47", "uuid": "4f6aa78c-c3d4-4883-9840-96ca2f5d6d47",
@ -174,6 +181,15 @@
"NetC" "NetC"
] ]
}, },
"related": [
{
"dest-uuid": "0bc03bfa-1439-4162-bb33-ec9f8f952ee5",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "fde50aaa-f5de-4cb8-989a-babb57d6a704", "uuid": "fde50aaa-f5de-4cb8-989a-babb57d6a704",
"value": "Net Crawler - S0056" "value": "Net Crawler - S0056"
}, },
@ -197,6 +213,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "82c644ab-550a-4a83-9b35-d545f4719069",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4", "uuid": "54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4",
@ -261,6 +284,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "c04fc02e-f35a-44b6-a9b0-732bf2fc551a",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "083bb47b-02c8-4423-81a2-f9ef58572974", "uuid": "083bb47b-02c8-4423-81a2-f9ef58572974",
@ -328,6 +358,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "6eee9bf9-ffce-4c88-a5ad-9d80f6fc727c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "dc5d1a33-62aa-4a0c-aa8c-589b87beb11e", "uuid": "dc5d1a33-62aa-4a0c-aa8c-589b87beb11e",
@ -376,6 +413,20 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "bab647d7-c9d6-4697-8fd2-1295c7429e1f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "2f899e3e-1a46-43ea-8e68-140603ce943d",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "73a4793a-ce55-4159-b2a6-208ef29b326f", "uuid": "73a4793a-ce55-4159-b2a6-208ef29b326f",
@ -416,6 +467,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "e6a077cb-42cc-4193-9006-9ceda8c0dff2",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "08d20cd2-f084-45ee-8558-fa6ef5a18519", "uuid": "08d20cd2-f084-45ee-8558-fa6ef5a18519",
@ -512,6 +570,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "ba91d713-c36e-4d98-9fb7-e16496a69eec",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "0c824410-58ff-49b2-9cf2-1c96b182bdf0", "uuid": "0c824410-58ff-49b2-9cf2-1c96b182bdf0",
@ -665,6 +730,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "9b0aa458-dfa9-48af-87ea-c36d1501376c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "4ab44516-ad75-4e43-a280-705dc0420e2f", "uuid": "4ab44516-ad75-4e43-a280-705dc0420e2f",
@ -738,6 +810,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "a70e93a7-3578-47e1-9926-0818979ed866",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "17b40f60-729f-4fe8-8aea-cc9ee44a95d5", "uuid": "17b40f60-729f-4fe8-8aea-cc9ee44a95d5",
@ -755,6 +834,15 @@
"WinMM" "WinMM"
] ]
}, },
"related": [
{
"dest-uuid": "6a100902-7204-4f20-b838-545ed86d4428",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "22addc7b-b39f-483d-979a-1b35147da5de", "uuid": "22addc7b-b39f-483d-979a-1b35147da5de",
"value": "WinMM - S0059" "value": "WinMM - S0059"
}, },
@ -785,6 +873,15 @@
"Sys10" "Sys10"
] ]
}, },
"related": [
{
"dest-uuid": "2ae57534-6aac-4025-8d93-888dab112b45",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "7f8730af-f683-423f-9ee1-5f6875a80481", "uuid": "7f8730af-f683-423f-9ee1-5f6875a80481",
"value": "Sys10 - S0060" "value": "Sys10 - S0060"
}, },
@ -917,6 +1014,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "438c6d0f-03f0-4b49-89d2-40bf5349c3fc",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "2f1a9fd0-3b7c-4d77-a358-78db13adbe78", "uuid": "2f1a9fd0-3b7c-4d77-a358-78db13adbe78",
@ -941,6 +1045,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "35e00ff0-704e-4e61-b9bb-9ed20a4a008f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "67fc172a-36fa-4a35-88eb-4ba730ed52a6", "uuid": "67fc172a-36fa-4a35-88eb-4ba730ed52a6",
@ -1002,6 +1113,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "036bd099-fe80-46c2-9c4c-e5c6df8dcdee",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd", "uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd",
@ -1019,6 +1137,15 @@
"Reaver" "Reaver"
] ]
}, },
"related": [
{
"dest-uuid": "826c31ca-2617-47e4-b236-205da3881182",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "65341f30-bec6-4b1d-8abf-1a5620446c29", "uuid": "65341f30-bec6-4b1d-8abf-1a5620446c29",
"value": "Reaver - S0172" "value": "Reaver - S0172"
}, },
@ -1034,6 +1161,15 @@
"Misdat" "Misdat"
] ]
}, },
"related": [
{
"dest-uuid": "d1597713-fe7a-45bd-8b59-1a13c7e097d8",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "0db09158-6e48-4e7c-8ce7-2b10b9c0c039", "uuid": "0db09158-6e48-4e7c-8ce7-2b10b9c0c039",
"value": "Misdat - S0083" "value": "Misdat - S0083"
}, },
@ -1057,6 +1193,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "d26b5518-8d7f-41a6-b539-231e4962853e",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "f108215f-3487-489d-be8b-80e346d32518", "uuid": "f108215f-3487-489d-be8b-80e346d32518",
@ -1112,6 +1255,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "8465177f-16c8-47fc-a4c8-f4c0409fe460",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "9ea525fa-b0a9-4dde-84f2-bcea0137b3c1", "uuid": "9ea525fa-b0a9-4dde-84f2-bcea0137b3c1",
@ -1144,6 +1294,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "a61fc694-a88a-484d-a648-db35b49932fd",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "326af1cd-78e7-45b7-a326-125d2f7ef8f2", "uuid": "326af1cd-78e7-45b7-a326-125d2f7ef8f2",
@ -1161,6 +1318,15 @@
"Rover" "Rover"
] ]
}, },
"related": [
{
"dest-uuid": "53e94bc9-c8d2-4fb6-9c02-00841e454050",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "6b616fc1-1505-48e3-8b2c-0d19337bff38", "uuid": "6b616fc1-1505-48e3-8b2c-0d19337bff38",
"value": "Rover - S0090" "value": "Rover - S0090"
}, },
@ -1191,6 +1357,15 @@
"PowerDuke" "PowerDuke"
] ]
}, },
"related": [
{
"dest-uuid": "c79f5876-e3b9-417a-8eaf-8f1b01a0fecd",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "00c3bfcb-99bd-4767-8c03-b08f585f5c8a", "uuid": "00c3bfcb-99bd-4767-8c03-b08f585f5c8a",
"value": "PowerDuke - S0139" "value": "PowerDuke - S0139"
}, },
@ -1267,6 +1442,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "7789fc1b-3cbc-4a1c-8ef0-8b06760f93e7",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "b42378e0-f147-496f-992a-26a49705395b", "uuid": "b42378e0-f147-496f-992a-26a49705395b",
@ -1309,6 +1491,15 @@
"Anunak" "Anunak"
] ]
}, },
"related": [
{
"dest-uuid": "8c246ec4-eaa5-42c0-b137-29f28cbb6832",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "72f54d66-675d-4587-9bd3-4ed09f9522e4", "uuid": "72f54d66-675d-4587-9bd3-4ed09f9522e4",
"value": "Carbanak - S0030" "value": "Carbanak - S0030"
}, },
@ -1437,6 +1628,15 @@
"Nioupale" "Nioupale"
] ]
}, },
"related": [
{
"dest-uuid": "70f6c71f-bc0c-4889-86e3-ef04e5b8415b",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "b6b3dfc7-9a81-43ff-ac04-698bad48973a", "uuid": "b6b3dfc7-9a81-43ff-ac04-698bad48973a",
"value": "Daserf - S0187" "value": "Daserf - S0187"
}, },
@ -1560,6 +1760,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "53089817-6d65-4802-a7d2-5ccc3d919b74",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "7343e208-7cab-45f2-a47b-41ba5e2f0fab", "uuid": "7343e208-7cab-45f2-a47b-41ba5e2f0fab",
@ -1666,6 +1873,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "e88eb9b1-dc8b-4696-8dcf-0c29924d0f8b",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "96b08451-b27a-4ff6-893f-790e26393a8e", "uuid": "96b08451-b27a-4ff6-893f-790e26393a8e",
@ -1722,6 +1936,15 @@
"NETEAGLE" "NETEAGLE"
] ]
}, },
"related": [
{
"dest-uuid": "3bb8052e-8ed2-48e3-a2cf-7358bae8c6b5",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2", "uuid": "53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2",
"value": "NETEAGLE - S0034" "value": "NETEAGLE - S0034"
}, },
@ -1818,6 +2041,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "637000f7-4363-44e0-b795-9cfb7a3dc460",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "3d8e547d-9456-4f32-a895-dc86134e282f", "uuid": "3d8e547d-9456-4f32-a895-dc86134e282f",
@ -1874,6 +2104,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "4cbe9373-6b5e-42d0-9750-e0b7fc0d58bb",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "4c59cce8-cb48-4141-b9f1-f646edfaadb0", "uuid": "4c59cce8-cb48-4141-b9f1-f646edfaadb0",
@ -1906,6 +2143,15 @@
"POWRUNER" "POWRUNER"
] ]
}, },
"related": [
{
"dest-uuid": "63f6df51-4de3-495a-864f-0a7e30c3b419",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "09b2cd76-c674-47cc-9f57-d2f2ad150a46", "uuid": "09b2cd76-c674-47cc-9f57-d2f2ad150a46",
"value": "POWRUNER - S0184" "value": "POWRUNER - S0184"
}, },
@ -1938,6 +2184,15 @@
"Pteranodon" "Pteranodon"
] ]
}, },
"related": [
{
"dest-uuid": "d5138738-846e-4466-830c-cd2bb6ad09cf",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "5f9f7648-04ba-4a9f-bb4c-2a13e74572bd", "uuid": "5f9f7648-04ba-4a9f-bb4c-2a13e74572bd",
"value": "Pteranodon - S0147" "value": "Pteranodon - S0147"
}, },
@ -2037,6 +2292,15 @@
"AIRBREAK" "AIRBREAK"
] ]
}, },
"related": [
{
"dest-uuid": "fd419da6-5c0d-461e-96ee-64397efac63b",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "06d735e7-1db1-4dbe-ab4b-acbe419f902b", "uuid": "06d735e7-1db1-4dbe-ab4b-acbe419f902b",
"value": "Orz - S0229" "value": "Orz - S0229"
}, },
@ -2067,6 +2331,15 @@
"Kasidet" "Kasidet"
] ]
}, },
"related": [
{
"dest-uuid": "3760920e-4d1a-40d8-9e60-508079499076",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "26fed817-e7bf-41f9-829a-9075ffac45c2", "uuid": "26fed817-e7bf-41f9-829a-9075ffac45c2",
"value": "Kasidet - S0088" "value": "Kasidet - S0088"
}, },
@ -2108,6 +2381,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "ccd61dfc-b03f-4689-8c18-7c97eab08472", "uuid": "ccd61dfc-b03f-4689-8c18-7c97eab08472",
@ -2126,6 +2406,15 @@
"Darkmoon" "Darkmoon"
] ]
}, },
"related": [
{
"dest-uuid": "81ca4876-b4a4-43e9-b8a9-8a88709dd3d2",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "310f437b-29e7-4844-848c-7220868d074a", "uuid": "310f437b-29e7-4844-848c-7220868d074a",
"value": "Darkmoon - S0209" "value": "Darkmoon - S0209"
}, },
@ -2156,6 +2445,15 @@
"BBSRAT" "BBSRAT"
] ]
}, },
"related": [
{
"dest-uuid": "cad1d6db-3a6c-4d67-8f6e-627d8a168d6a",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "64d76fa5-cf8f-469c-b78c-1a4f7c5bad80", "uuid": "64d76fa5-cf8f-469c-b78c-1a4f7c5bad80",
"value": "BBSRAT - S0127" "value": "BBSRAT - S0127"
}, },
@ -2180,6 +2478,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "3477a25d-e04b-475e-8330-39f66c10cc01",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "7551188b-8f91-4d34-8350-0d0c57b2b913", "uuid": "7551188b-8f91-4d34-8350-0d0c57b2b913",
@ -2252,6 +2557,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "d674ffd2-1f27-403b-8fe9-b4af6e303e5c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "80a014ba-3fef-4768-990b-37d8bd10d7f4", "uuid": "80a014ba-3fef-4768-990b-37d8bd10d7f4",
@ -2285,6 +2597,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "b376580e-aba1-4ac9-9c2d-2df429efecf6",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "17e919aa-4a49-445c-b103-dbb8df9e7351", "uuid": "17e919aa-4a49-445c-b103-dbb8df9e7351",
@ -2422,6 +2741,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "fece06b7-d4b1-42cf-b81a-5323c917546e", "uuid": "fece06b7-d4b1-42cf-b81a-5323c917546e",
@ -2462,6 +2788,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "495b6cdb-7b5a-4fbc-8d33-e7ef68806d08", "uuid": "495b6cdb-7b5a-4fbc-8d33-e7ef68806d08",
@ -2479,6 +2812,15 @@
"TDTESS" "TDTESS"
] ]
}, },
"related": [
{
"dest-uuid": "99d83ee8-6870-4af2-a3c8-cf86baff7cb3",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "0b32ec39-ba61-4864-9ebe-b4b0b73caf9a", "uuid": "0b32ec39-ba61-4864-9ebe-b4b0b73caf9a",
"value": "TDTESS - S0164" "value": "TDTESS - S0164"
}, },
@ -2519,6 +2861,15 @@
"TURNEDUP" "TURNEDUP"
] ]
}, },
"related": [
{
"dest-uuid": "fab34d66-5668-460a-bc0f-250b9417cdbf",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "db1355a7-e5c9-4e2c-8da7-eccf2ae9bf5c", "uuid": "db1355a7-e5c9-4e2c-8da7-eccf2ae9bf5c",
"value": "TURNEDUP - S0199" "value": "TURNEDUP - S0199"
}, },
@ -2644,6 +2995,15 @@
"Helminth" "Helminth"
] ]
}, },
"related": [
{
"dest-uuid": "19d89300-ff97-4281-ac42-76542e744092",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "eff1a885-6f90-42a1-901f-eef6e7a1905e", "uuid": "eff1a885-6f90-42a1-901f-eef6e7a1905e",
"value": "Helminth - S0170" "value": "Helminth - S0170"
}, },
@ -2702,6 +3062,20 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "d26b5518-8d7f-41a6-b539-231e4962853e",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "6bd20349-1231-4aaa-ba2a-f4b09d3b344c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "60c18d06-7b91-4742-bae3-647845cd9d81", "uuid": "60c18d06-7b91-4742-bae3-647845cd9d81",
@ -2726,6 +3100,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "f4cac204-3d3f-4bb6-84bd-fc27b2f5158c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "9ca488bd-9587-48ef-b923-1743523e63b2", "uuid": "9ca488bd-9587-48ef-b923-1743523e63b2",
@ -2745,6 +3126,15 @@
"ProjectSauron" "ProjectSauron"
] ]
}, },
"related": [
{
"dest-uuid": "6a3c3fbc-97ec-4938-b64e-2679e4b73db9",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "69d6f4a9-fcf0-4f51-bca7-597c51ad0bb8", "uuid": "69d6f4a9-fcf0-4f51-bca7-597c51ad0bb8",
"value": "Remsec - S0125" "value": "Remsec - S0125"
}, },
@ -2815,6 +3205,15 @@
"WhiteBear" "WhiteBear"
] ]
}, },
"related": [
{
"dest-uuid": "0a3047b3-6a38-48ff-8f9c-49a5c28e3ada",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "76abb3ef-dafd-4762-97cb-a35379429db4", "uuid": "76abb3ef-dafd-4762-97cb-a35379429db4",
"value": "Gazer - S0168" "value": "Gazer - S0168"
}, },
@ -2832,6 +3231,15 @@
"SeaDesk" "SeaDesk"
] ]
}, },
"related": [
{
"dest-uuid": "1d07212e-6292-40a4-a5e9-30aef83b6207",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "67e6d66b-1b82-4699-b47a-e2efb6268d14", "uuid": "67e6d66b-1b82-4699-b47a-e2efb6268d14",
"value": "SeaDuke - S0053" "value": "SeaDuke - S0053"
}, },
@ -2890,6 +3298,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "21ab9e14-602a-4a76-a308-dbf5d6a91d75",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "fb575479-14ef-41e9-bfab-0b7cf10bec73", "uuid": "fb575479-14ef-41e9-bfab-0b7cf10bec73",
@ -2974,6 +3389,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "3a26ee44-3224-48f3-aefb-3978c972d928",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "cafd0bf8-2b9c-46c7-ae3c-3e0f42c5062e", "uuid": "cafd0bf8-2b9c-46c7-ae3c-3e0f42c5062e",
@ -3013,6 +3435,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "1ecbcd20-f238-47ef-874b-08ef93266395",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "63c2a130-8a5b-452f-ad96-07cf0af12ffe", "uuid": "63c2a130-8a5b-452f-ad96-07cf0af12ffe",
@ -3051,6 +3480,15 @@
"FinSpy" "FinSpy"
] ]
}, },
"related": [
{
"dest-uuid": "541b64bc-87ec-4cc2-aaee-329355987853",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "a5528622-3a8a-4633-86ce-8cdaf8423858", "uuid": "a5528622-3a8a-4633-86ce-8cdaf8423858",
"value": "FinFisher - S0182" "value": "FinFisher - S0182"
}, },
@ -3074,6 +3512,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "d9cc15f7-0880-4ae4-8df4-87c58338d6b8",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "da5880b4-f7da-4869-85f2-e0aba84b8565", "uuid": "da5880b4-f7da-4869-85f2-e0aba84b8565",
@ -3098,6 +3543,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "4df1b257-c242-46b0-b120-591430066b6f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "5e595477-2e78-4ce7-ae42-e0b059b17808", "uuid": "5e595477-2e78-4ce7-ae42-e0b059b17808",
@ -3130,6 +3582,15 @@
"Felismus" "Felismus"
] ]
}, },
"related": [
{
"dest-uuid": "07a41ea7-17b2-4852-bfd7-54211c477dc0",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "196f1f32-e0c2-4d46-99cd-234d4b6befe1", "uuid": "196f1f32-e0c2-4d46-99cd-234d4b6befe1",
"value": "Felismus - S0171" "value": "Felismus - S0171"
}, },
@ -3171,6 +3632,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "7f8166e2-c7f4-4b48-a07b-681b61a8f2c1",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "d3afa961-a80c-4043-9509-282cdf69ab21", "uuid": "d3afa961-a80c-4043-9509-282cdf69ab21",
@ -3188,6 +3656,15 @@
"RTM" "RTM"
] ]
}, },
"related": [
{
"dest-uuid": "e6952b4d-e96d-4641-a88f-60074776d553",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "92ec0cbd-2c30-44a2-b270-73f4ec949841", "uuid": "92ec0cbd-2c30-44a2-b270-73f4ec949841",
"value": "RTM - S0148" "value": "RTM - S0148"
}, },
@ -3334,6 +3811,15 @@
"DownPaper" "DownPaper"
] ]
}, },
"related": [
{
"dest-uuid": "227862fd-ae83-4e3d-bb69-cc1a45a13aed",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "e48df773-7c95-4a4c-ba70-ea3d15900148", "uuid": "e48df773-7c95-4a4c-ba70-ea3d15900148",
"value": "DownPaper - S0186" "value": "DownPaper - S0186"
}, },
@ -3493,6 +3979,15 @@
"pngdowner" "pngdowner"
] ]
}, },
"related": [
{
"dest-uuid": "fb4313ea-1fb6-4766-8b5c-b41fd347e4c5",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "800bdfba-6d66-480f-9f45-15845c05cb5d", "uuid": "800bdfba-6d66-480f-9f45-15845c05cb5d",
"value": "pngdowner - S0067" "value": "pngdowner - S0067"
}, },
@ -3508,6 +4003,15 @@
"SslMM" "SslMM"
] ]
}, },
"related": [
{
"dest-uuid": "009db412-762d-4256-8df9-eb213be01ffd",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421", "uuid": "2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421",
"value": "SslMM - S0058" "value": "SslMM - S0058"
}, },
@ -3623,6 +4127,15 @@
"OnionDuke" "OnionDuke"
] ]
}, },
"related": [
{
"dest-uuid": "abd10caa-7d4c-4c22-8dae-8d32f13232d7",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "b136d088-a829-432c-ac26-5529c26d4c7e", "uuid": "b136d088-a829-432c-ac26-5529c26d4c7e",
"value": "OnionDuke - S0052" "value": "OnionDuke - S0052"
}, },
@ -3709,6 +4222,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "7ea00126-add3-407e-b69d-d4aa1b3049d5",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "94379dec-5c87-49db-b36e-66abc0b81344", "uuid": "94379dec-5c87-49db-b36e-66abc0b81344",
@ -3731,6 +4251,15 @@
"DRIFTWOOD" "DRIFTWOOD"
] ]
}, },
"related": [
{
"dest-uuid": "80f87001-ff40-4e33-bd12-12ed1a92d1d7",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "9752aef4-a1f3-4328-929f-b64eb0536090", "uuid": "9752aef4-a1f3-4328-929f-b64eb0536090",
"value": "RawPOS - S0169" "value": "RawPOS - S0169"
}, },
@ -3757,6 +4286,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "6b6cf608-cc2c-40d7-8500-afca3e35e7e4",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "6b62e336-176f-417b-856a-8552dd8c44e1", "uuid": "6b62e336-176f-417b-856a-8552dd8c44e1",
@ -3776,6 +4312,15 @@
"Enfal" "Enfal"
] ]
}, },
"related": [
{
"dest-uuid": "2a4cacb7-80a1-417e-8b9c-54b4089f35d9",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "251fbae2-78f6-4de7-84f6-194c727a64ad", "uuid": "251fbae2-78f6-4de7-84f6-194c727a64ad",
"value": "Lurid - S0010" "value": "Lurid - S0010"
}, },
@ -3865,6 +4410,20 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "d26b5518-8d7f-41a6-b539-231e4962853e",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "6bd20349-1231-4aaa-ba2a-f4b09d3b344c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "8ae43c46-57ef-47d5-a77a-eebb35628db2", "uuid": "8ae43c46-57ef-47d5-a77a-eebb35628db2",
@ -3886,5 +4445,5 @@
"value": "ELMER - S0064" "value": "ELMER - S0064"
} }
], ],
"version": 5 "version": 6
} }

View file

@ -139,6 +139,15 @@
"UACMe" "UACMe"
] ]
}, },
"related": [
{
"dest-uuid": "ccde5b0d-fe13-48e6-a6f4-4e434ce29371",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "102c3898-85e0-43ee-ae28-62a0a3ed9507", "uuid": "102c3898-85e0-43ee-ae28-62a0a3ed9507",
"value": "UACMe - S0116" "value": "UACMe - S0116"
}, },
@ -302,6 +311,15 @@
"gsecdump" "gsecdump"
] ]
}, },
"related": [
{
"dest-uuid": "8410d208-7450-407d-b56c-e5c1ced19632",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "b07c2c47-fefb-4d7c-a69e-6a3296171f54", "uuid": "b07c2c47-fefb-4d7c-a69e-6a3296171f54",
"value": "gsecdump - S0008" "value": "gsecdump - S0008"
}, },
@ -427,6 +445,15 @@
"HUC Packet Transmit Tool" "HUC Packet Transmit Tool"
] ]
}, },
"related": [
{
"dest-uuid": "3fb18a77-91ef-4c68-a9a9-fa6bdbea38e8",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "d5e96a35-7b0b-4c6a-9533-d63ecbda563e", "uuid": "d5e96a35-7b0b-4c6a-9533-d63ecbda563e",
"value": "HTRAN - S0040" "value": "HTRAN - S0040"
}, },
@ -751,6 +778,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "1a1d3ea4-972e-4c48-8d85-08d9db8f1550",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "aafea02e-ece5-4bb2-91a6-3bf8c7f38a39", "uuid": "aafea02e-ece5-4bb2-91a6-3bf8c7f38a39",
@ -772,5 +806,5 @@
"value": "Invoke-PSImage - S0231" "value": "Invoke-PSImage - S0231"
} }
], ],
"version": 5 "version": 6
} }

View file

@ -49,6 +49,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "f4cac204-3d3f-4bb6-84bd-fc27b2f5158c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"value": "SOUNDBITE" "value": "SOUNDBITE"
@ -139,6 +146,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "b376580e-aba1-4ac9-9c2d-2df429efecf6",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"value": "TEXTMATE" "value": "TEXTMATE"
@ -156,6 +170,15 @@
], ],
"uuid": "fde50aaa-f5de-4cb8-989a-babb57d6a704" "uuid": "fde50aaa-f5de-4cb8-989a-babb57d6a704"
}, },
"related": [
{
"dest-uuid": "0bc03bfa-1439-4162-bb33-ec9f8f952ee5",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "Net Crawler" "value": "Net Crawler"
}, },
{ {
@ -178,6 +201,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "82c644ab-550a-4a83-9b35-d545f4719069",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"value": "BlackEnergy" "value": "BlackEnergy"
@ -233,6 +263,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "c04fc02e-f35a-44b6-a9b0-732bf2fc551a",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"value": "Backdoor.Oldrea" "value": "Backdoor.Oldrea"
@ -260,6 +297,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "6eee9bf9-ffce-4c88-a5ad-9d80f6fc727c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"value": "ChChes" "value": "ChChes"
@ -333,6 +377,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "e6a077cb-42cc-4193-9006-9ceda8c0dff2",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"value": "Downdelph" "value": "Downdelph"
@ -400,6 +451,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "d26b5518-8d7f-41a6-b539-231e4962853e",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"value": "Komplex" "value": "Komplex"
@ -485,6 +543,15 @@
], ],
"uuid": "22addc7b-b39f-483d-979a-1b35147da5de" "uuid": "22addc7b-b39f-483d-979a-1b35147da5de"
}, },
"related": [
{
"dest-uuid": "6a100902-7204-4f20-b838-545ed86d4428",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "WinMM" "value": "WinMM"
}, },
{ {
@ -507,6 +574,15 @@
], ],
"uuid": "7f8730af-f683-423f-9ee1-5f6875a80481" "uuid": "7f8730af-f683-423f-9ee1-5f6875a80481"
}, },
"related": [
{
"dest-uuid": "2ae57534-6aac-4025-8d93-888dab112b45",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "Sys10" "value": "Sys10"
}, },
{ {
@ -608,6 +684,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "35e00ff0-704e-4e61-b9bb-9ed20a4a008f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"value": "BS2005" "value": "BS2005"
@ -663,6 +746,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "036bd099-fe80-46c2-9c4c-e5c6df8dcdee",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"value": "PlugX" "value": "PlugX"
@ -683,6 +773,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "4df1b257-c242-46b0-b120-591430066b6f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"value": "POSHSPY" "value": "POSHSPY"
@ -696,6 +793,15 @@
], ],
"uuid": "0db09158-6e48-4e7c-8ce7-2b10b9c0c039" "uuid": "0db09158-6e48-4e7c-8ce7-2b10b9c0c039"
}, },
"related": [
{
"dest-uuid": "d1597713-fe7a-45bd-8b59-1a13c7e097d8",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "Misdat" "value": "Misdat"
}, },
{ {
@ -741,6 +847,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "8465177f-16c8-47fc-a4c8-f4c0409fe460",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"value": "MoonWind" "value": "MoonWind"
@ -772,6 +885,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "a61fc694-a88a-484d-a648-db35b49932fd",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"value": "Crimson" "value": "Crimson"
@ -785,6 +905,15 @@
], ],
"uuid": "6b616fc1-1505-48e3-8b2c-0d19337bff38" "uuid": "6b616fc1-1505-48e3-8b2c-0d19337bff38"
}, },
"related": [
{
"dest-uuid": "53e94bc9-c8d2-4fb6-9c02-00841e454050",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "Rover" "value": "Rover"
}, },
{ {
@ -807,6 +936,15 @@
], ],
"uuid": "00c3bfcb-99bd-4767-8c03-b08f585f5c8a" "uuid": "00c3bfcb-99bd-4767-8c03-b08f585f5c8a"
}, },
"related": [
{
"dest-uuid": "c79f5876-e3b9-417a-8eaf-8f1b01a0fecd",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "PowerDuke" "value": "PowerDuke"
}, },
{ {
@ -880,6 +1018,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "7789fc1b-3cbc-4a1c-8ef0-8b06760f93e7",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"value": "PoisonIvy" "value": "PoisonIvy"
@ -897,6 +1042,15 @@
], ],
"uuid": "72f54d66-675d-4587-9bd3-4ed09f9522e4" "uuid": "72f54d66-675d-4587-9bd3-4ed09f9522e4"
}, },
"related": [
{
"dest-uuid": "8c246ec4-eaa5-42c0-b137-29f28cbb6832",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "Carbanak" "value": "Carbanak"
}, },
{ {
@ -1029,6 +1183,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "53089817-6d65-4802-a7d2-5ccc3d919b74",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"value": "XTunnel" "value": "XTunnel"
@ -1081,6 +1242,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "e88eb9b1-dc8b-4696-8dcf-0c29924d0f8b",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"value": "Sakula" "value": "Sakula"
@ -1125,6 +1293,15 @@
], ],
"uuid": "53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2" "uuid": "53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2"
}, },
"related": [
{
"dest-uuid": "3bb8052e-8ed2-48e3-a2cf-7358bae8c6b5",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "NETEAGLE" "value": "NETEAGLE"
}, },
{ {
@ -1209,6 +1386,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "4cbe9373-6b5e-42d0-9750-e0b7fc0d58bb",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"value": "Regin" "value": "Regin"
@ -1233,6 +1417,15 @@
], ],
"uuid": "5f9f7648-04ba-4a9f-bb4c-2a13e74572bd" "uuid": "5f9f7648-04ba-4a9f-bb4c-2a13e74572bd"
}, },
"related": [
{
"dest-uuid": "d5138738-846e-4466-830c-cd2bb6ad09cf",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "Pteranodon" "value": "Pteranodon"
}, },
{ {
@ -1300,6 +1493,15 @@
], ],
"uuid": "26fed817-e7bf-41f9-829a-9075ffac45c2" "uuid": "26fed817-e7bf-41f9-829a-9075ffac45c2"
}, },
"related": [
{
"dest-uuid": "3760920e-4d1a-40d8-9e60-508079499076",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "Kasidet" "value": "Kasidet"
}, },
{ {
@ -1341,6 +1543,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"value": "CHOPSTICK" "value": "CHOPSTICK"
@ -1365,6 +1574,15 @@
], ],
"uuid": "64d76fa5-cf8f-469c-b78c-1a4f7c5bad80" "uuid": "64d76fa5-cf8f-469c-b78c-1a4f7c5bad80"
}, },
"related": [
{
"dest-uuid": "cad1d6db-3a6c-4d67-8f6e-627d8a168d6a",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "BBSRAT" "value": "BBSRAT"
}, },
{ {
@ -1388,6 +1606,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "3477a25d-e04b-475e-8330-39f66c10cc01",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"value": "Elise" "value": "Elise"
@ -1428,6 +1653,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "d674ffd2-1f27-403b-8fe9-b4af6e303e5c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"value": "Uroburos" "value": "Uroburos"
@ -1460,6 +1692,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "b376580e-aba1-4ac9-9c2d-2df429efecf6",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"value": "POWERSOURCE" "value": "POWERSOURCE"
@ -1676,6 +1915,20 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "d26b5518-8d7f-41a6-b539-231e4962853e",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "6bd20349-1231-4aaa-ba2a-f4b09d3b344c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"value": "CORESHELL" "value": "CORESHELL"
@ -1694,6 +1947,15 @@
], ],
"uuid": "69d6f4a9-fcf0-4f51-bca7-597c51ad0bb8" "uuid": "69d6f4a9-fcf0-4f51-bca7-597c51ad0bb8"
}, },
"related": [
{
"dest-uuid": "6a3c3fbc-97ec-4938-b64e-2679e4b73db9",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "Remsec" "value": "Remsec"
}, },
{ {
@ -1732,6 +1994,15 @@
], ],
"uuid": "67e6d66b-1b82-4699-b47a-e2efb6268d14" "uuid": "67e6d66b-1b82-4699-b47a-e2efb6268d14"
}, },
"related": [
{
"dest-uuid": "1d07212e-6292-40a4-a5e9-30aef83b6207",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "SeaDuke" "value": "SeaDuke"
}, },
{ {
@ -1785,6 +2056,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "21ab9e14-602a-4a76-a308-dbf5d6a91d75",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"value": "ADVSTORESHELL" "value": "ADVSTORESHELL"
@ -1816,6 +2094,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "3a26ee44-3224-48f3-aefb-3978c972d928",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"value": "NetTraveler" "value": "NetTraveler"
@ -1836,6 +2121,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "1ecbcd20-f238-47ef-874b-08ef93266395",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"value": "Dyre" "value": "Dyre"
@ -1873,6 +2165,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "d9cc15f7-0880-4ae4-8df4-87c58338d6b8",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"value": "ComRAT" "value": "ComRAT"
@ -1895,6 +2194,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "7f8166e2-c7f4-4b48-a07b-681b61a8f2c1",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"value": "Winnti" "value": "Winnti"
@ -1934,6 +2240,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "a70e93a7-3578-47e1-9926-0818979ed866",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"value": "RedLeaves" "value": "RedLeaves"
@ -1947,6 +2260,15 @@
], ],
"uuid": "92ec0cbd-2c30-44a2-b270-73f4ec949841" "uuid": "92ec0cbd-2c30-44a2-b270-73f4ec949841"
}, },
"related": [
{
"dest-uuid": "e6952b4d-e96d-4641-a88f-60074776d553",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "RTM" "value": "RTM"
}, },
{ {
@ -2026,6 +2348,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "438c6d0f-03f0-4b49-89d2-40bf5349c3fc",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"value": "EvilGrab" "value": "EvilGrab"
@ -2176,6 +2505,15 @@
], ],
"uuid": "800bdfba-6d66-480f-9f45-15845c05cb5d" "uuid": "800bdfba-6d66-480f-9f45-15845c05cb5d"
}, },
"related": [
{
"dest-uuid": "fb4313ea-1fb6-4766-8b5c-b41fd347e4c5",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "pngdowner" "value": "pngdowner"
}, },
{ {
@ -2187,6 +2525,15 @@
], ],
"uuid": "2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421" "uuid": "2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421"
}, },
"related": [
{
"dest-uuid": "009db412-762d-4256-8df9-eb213be01ffd",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "SslMM" "value": "SslMM"
}, },
{ {
@ -2273,6 +2620,15 @@
], ],
"uuid": "b136d088-a829-432c-ac26-5529c26d4c7e" "uuid": "b136d088-a829-432c-ac26-5529c26d4c7e"
}, },
"related": [
{
"dest-uuid": "abd10caa-7d4c-4c22-8dae-8d32f13232d7",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "OnionDuke" "value": "OnionDuke"
}, },
{ {
@ -2315,6 +2671,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "7ea00126-add3-407e-b69d-d4aa1b3049d5",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"value": "Derusbi" "value": "Derusbi"
@ -2342,6 +2705,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "6b6cf608-cc2c-40d7-8500-afca3e35e7e4",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"value": "Epic" "value": "Epic"
@ -2360,6 +2730,15 @@
], ],
"uuid": "251fbae2-78f6-4de7-84f6-194c727a64ad" "uuid": "251fbae2-78f6-4de7-84f6-194c727a64ad"
}, },
"related": [
{
"dest-uuid": "2a4cacb7-80a1-417e-8b9c-54b4089f35d9",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "Lurid" "value": "Lurid"
}, },
{ {
@ -2443,6 +2822,20 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "d26b5518-8d7f-41a6-b539-231e4962853e",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "6bd20349-1231-4aaa-ba2a-f4b09d3b344c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"value": "JHUHUGIT" "value": "JHUHUGIT"
@ -2459,5 +2852,5 @@
"value": "ELMER" "value": "ELMER"
} }
], ],
"version": 5 "version": 6
} }

View file

@ -72,11 +72,25 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "d26b5518-8d7f-41a6-b539-231e4962853e",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "6bd20349-1231-4aaa-ba2a-f4b09d3b344c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", "uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
"value": "APT28 - G0007" "value": "APT28 - G0007"
} }
], ],
"version": 4 "version": 5
} }

View file

@ -20,6 +20,15 @@
"AndroRAT" "AndroRAT"
] ]
}, },
"related": [
{
"dest-uuid": "80447111-8085-40a4-a052-420926091ac6",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "a3dad2be-ce62-4440-953b-00fbce7aba93", "uuid": "a3dad2be-ce62-4440-953b-00fbce7aba93",
"value": "AndroRAT - MOB-S0008" "value": "AndroRAT - MOB-S0008"
}, },
@ -49,6 +58,15 @@
"DualToy" "DualToy"
] ]
}, },
"related": [
{
"dest-uuid": "8269e779-db23-4c94-aafb-36ee94879417",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "507fe748-5e4a-4b45-9e9f-8b1115f4e878", "uuid": "507fe748-5e4a-4b45-9e9f-8b1115f4e878",
"value": "DualToy - MOB-S0031" "value": "DualToy - MOB-S0031"
}, },
@ -161,6 +179,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "52acea22-7d88-433c-99e6-8fef1657e3ad",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "33d9d91d-aad9-49d5-a516-220ce101ac8a", "uuid": "33d9d91d-aad9-49d5-a516-220ce101ac8a",
@ -301,6 +326,15 @@
"WireLurker" "WireLurker"
] ]
}, },
"related": [
{
"dest-uuid": "bc32df24-8e80-44bc-80b0-6a4d55661aa5",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "326eaf7b-5784-4f08-8fc2-61fd5d5bc5fb", "uuid": "326eaf7b-5784-4f08-8fc2-61fd5d5bc5fb",
"value": "WireLurker - MOB-S0028" "value": "WireLurker - MOB-S0028"
}, },
@ -413,6 +447,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "56660521-6db4-4e5a-a927-464f22954b7c", "uuid": "56660521-6db4-4e5a-a927-464f22954b7c",
@ -550,6 +591,15 @@
"Charger" "Charger"
] ]
}, },
"related": [
{
"dest-uuid": "6e0545df-8df6-4990-971c-e96c4c60d561",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "d1c600f8-0fb6-4367-921b-85b71947d950", "uuid": "d1c600f8-0fb6-4367-921b-85b71947d950",
"value": "Charger - MOB-S0039" "value": "Charger - MOB-S0039"
}, },
@ -588,6 +638,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "52acea22-7d88-433c-99e6-8fef1657e3ad",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "93799a9d-3537-43d8-b6f4-17215de1657c", "uuid": "93799a9d-3537-43d8-b6f4-17215de1657c",
@ -610,5 +667,5 @@
"value": "XcodeGhost - MOB-S0013" "value": "XcodeGhost - MOB-S0013"
} }
], ],
"version": 4 "version": 5
} }

View file

@ -27,11 +27,25 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "4cfa42a3-71d9-43e2-bf23-daa79f326387",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "5a78ec38-8b93-4dde-a99e-0c9b77674838",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "da21929e-40c0-443d-bdf4-6b60d15448b4", "uuid": "da21929e-40c0-443d-bdf4-6b60d15448b4",
"value": "Xbot - MOB-S0014" "value": "Xbot - MOB-S0014"
} }
], ],
"version": 4 "version": 5
} }

View file

@ -88,6 +88,15 @@
], ],
"uuid": "102c3898-85e0-43ee-ae28-62a0a3ed9507" "uuid": "102c3898-85e0-43ee-ae28-62a0a3ed9507"
}, },
"related": [
{
"dest-uuid": "ccde5b0d-fe13-48e6-a6f4-4e434ce29371",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "UACMe" "value": "UACMe"
}, },
{ {
@ -187,6 +196,15 @@
], ],
"uuid": "b07c2c47-fefb-4d7c-a69e-6a3296171f54" "uuid": "b07c2c47-fefb-4d7c-a69e-6a3296171f54"
}, },
"related": [
{
"dest-uuid": "8410d208-7450-407d-b56c-e5c1ced19632",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "gsecdump" "value": "gsecdump"
}, },
{ {
@ -319,6 +337,15 @@
], ],
"uuid": "d5e96a35-7b0b-4c6a-9533-d63ecbda563e" "uuid": "d5e96a35-7b0b-4c6a-9533-d63ecbda563e"
}, },
"related": [
{
"dest-uuid": "3fb18a77-91ef-4c68-a9a9-fa6bdbea38e8",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"value": "HTRAN" "value": "HTRAN"
}, },
{ {
@ -451,6 +478,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "1a1d3ea4-972e-4c48-8d85-08d9db8f1550",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"value": "Cobalt Strike" "value": "Cobalt Strike"
@ -472,5 +506,5 @@
"value": "Reg" "value": "Reg"
} }
], ],
"version": 5 "version": 6
} }

View file

@ -876,6 +876,15 @@
"https://www.bleepingcomputer.com/news/security/hermes-ransomware-decrypted-in-live-video-by-emsisofts-fabian-wosar/" "https://www.bleepingcomputer.com/news/security/hermes-ransomware-decrypted-in-live-video-by-emsisofts-fabian-wosar/"
] ]
}, },
"related": [
{
"dest-uuid": "4d8da0af-cfd7-4990-b211-af0e9906eca0",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "b7102922-8aad-4b29-8518-6d87c3ba45bb", "uuid": "b7102922-8aad-4b29-8518-6d87c3ba45bb",
"value": "Hermes Ransomware" "value": "Hermes Ransomware"
}, },
@ -1265,6 +1274,15 @@
"https://twitter.com/Xylit0l/status/821757718885236740" "https://twitter.com/Xylit0l/status/821757718885236740"
] ]
}, },
"related": [
{
"dest-uuid": "5639f7db-ab70-4b86-8a2f-9c4e3927ba91",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "61d8bba8-7b22-493f-b023-97ffe7f17caf", "uuid": "61d8bba8-7b22-493f-b023-97ffe7f17caf",
"value": "Satan Ransomware" "value": "Satan Ransomware"
}, },
@ -1902,6 +1920,15 @@
"https://twitter.com/JaromirHorejsi/status/815557601312329728" "https://twitter.com/JaromirHorejsi/status/815557601312329728"
] ]
}, },
"related": [
{
"dest-uuid": "cd5f5165-7bd3-4430-b0bc-2c8fa518f618",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "f762860a-5e7a-43bf-bef4-06bd27e0b023", "uuid": "f762860a-5e7a-43bf-bef4-06bd27e0b023",
"value": "Red Alert" "value": "Red Alert"
}, },
@ -2164,6 +2191,15 @@
"https://twitter.com/PolarToffee/status/812331918633172992" "https://twitter.com/PolarToffee/status/812331918633172992"
] ]
}, },
"related": [
{
"dest-uuid": "5060756f-8385-465d-a7dd-7bf09a54da92",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "dd356ed3-42b8-4587-ae53-95f933517612", "uuid": "dd356ed3-42b8-4587-ae53-95f933517612",
"value": "Alphabet Ransomware" "value": "Alphabet Ransomware"
}, },
@ -2353,6 +2389,15 @@
"Manifestus" "Manifestus"
] ]
}, },
"related": [
{
"dest-uuid": "5b75db42-b8f2-4e52-81d3-f329e49e1af2",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "52caade6-ba7b-474e-b173-63f4332aa808", "uuid": "52caade6-ba7b-474e-b173-63f4332aa808",
"value": "EnkripsiPC Ransomware" "value": "EnkripsiPC Ransomware"
}, },
@ -2473,6 +2518,15 @@
"GlobeImposter" "GlobeImposter"
] ]
}, },
"related": [
{
"dest-uuid": "73806c57-cef8-4f7b-a78b-7949ef83b2c2",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "e03873ef-9e3d-4d07-85d8-e22a55f60c19", "uuid": "e03873ef-9e3d-4d07-85d8-e22a55f60c19",
"value": "Fake Globe Ransomware" "value": "Fake Globe Ransomware"
}, },
@ -4423,6 +4477,15 @@
"WCRY" "WCRY"
] ]
}, },
"related": [
{
"dest-uuid": "ad67ff31-2a02-43f9-8b12-7df7e4fcccd6",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "d62ab8d5-4ba1-4c45-8a63-13fdb099b33c", "uuid": "d62ab8d5-4ba1-4c45-8a63-13fdb099b33c",
"value": "WannaCry" "value": "WannaCry"
}, },
@ -4484,6 +4547,15 @@
"7ev3n-HONE$T" "7ev3n-HONE$T"
] ]
}, },
"related": [
{
"dest-uuid": "ac2608e9-7851-409f-b842-e265b877a53c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "664701d6-7948-4e80-a333-1d1938103ba1", "uuid": "664701d6-7948-4e80-a333-1d1938103ba1",
"value": "7ev3n" "value": "7ev3n"
}, },
@ -4592,6 +4664,15 @@
"AlphaLocker" "AlphaLocker"
] ]
}, },
"related": [
{
"dest-uuid": "c1b9e8c5-9283-4dbe-af10-45956a446fb7",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "a27fff00-995a-4598-ba00-05921bf20e80", "uuid": "a27fff00-995a-4598-ba00-05921bf20e80",
"value": "Alpha Ransomware" "value": "Alpha Ransomware"
}, },
@ -4676,6 +4757,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "e87d9df4-b464-4458-ae1f-31cea40d5f96",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "e38b8876-5780-4574-9adf-304e9d659bdb", "uuid": "e38b8876-5780-4574-9adf-304e9d659bdb",
@ -4809,6 +4897,15 @@
"BaCrypt" "BaCrypt"
] ]
}, },
"related": [
{
"dest-uuid": "1dfd3ba6-7f82-407f-958d-c4a2ac055123",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "3cf2c880-e0b5-4311-9c4e-6293f2a566e7", "uuid": "3cf2c880-e0b5-4311-9c4e-6293f2a566e7",
"value": "Bart" "value": "Bart"
}, },
@ -5004,6 +5101,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "980ea9fa-d29d-4a44-bb87-0c050f8ddeaf",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "8ff729d9-aee5-4b85-a59d-3f57e105be40", "uuid": "8ff729d9-aee5-4b85-a59d-3f57e105be40",
@ -5041,6 +5145,15 @@
"CRBR ENCRYPTOR" "CRBR ENCRYPTOR"
] ]
}, },
"related": [
{
"dest-uuid": "79a7203a-6ea5-4c39-abd4-faa20cf8821a",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "190edf95-9cd9-4e4a-a228-b716d52a751b", "uuid": "190edf95-9cd9-4e4a-a228-b716d52a751b",
"value": "Cerber" "value": "Cerber"
}, },
@ -5181,6 +5294,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "980ea9fa-d29d-4a44-bb87-0c050f8ddeaf",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "629f6986-2c1f-4d0a-b805-e4ef3e2ce634", "uuid": "629f6986-2c1f-4d0a-b805-e4ef3e2ce634",
@ -5323,6 +5443,15 @@
"Ranscam" "Ranscam"
] ]
}, },
"related": [
{
"dest-uuid": "50c92b0b-cae3-41e7-b7d8-dffc2c88ac4b",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "383d7ebb-9b08-4874-b5d7-dc02b499c38f", "uuid": "383d7ebb-9b08-4874-b5d7-dc02b499c38f",
"value": "CryptoFinancial" "value": "CryptoFinancial"
}, },
@ -5344,6 +5473,20 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "ae4aa1ef-4da0-4952-9583-9d47f84edad9",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "7f6cd579-b021-4896-80da-fcc07c35c8b2",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "26c8b446-305c-4057-83bc-85b09630281e", "uuid": "26c8b446-305c-4057-83bc-85b09630281e",
@ -5375,6 +5518,15 @@
"ROI Locker" "ROI Locker"
] ]
}, },
"related": [
{
"dest-uuid": "54cd671e-b7e4-4dd3-9bfa-dc0ba5105944",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "dba2cf74-16a9-4ed8-8536-6542fda95999", "uuid": "dba2cf74-16a9-4ed8-8536-6542fda95999",
"value": "CryptoHost" "value": "CryptoHost"
}, },
@ -5415,6 +5567,15 @@
"https://reaqta.com/2016/04/uncovering-ransomware-distribution-operation-part-2/" "https://reaqta.com/2016/04/uncovering-ransomware-distribution-operation-part-2/"
] ]
}, },
"related": [
{
"dest-uuid": "c5a783da-9ff3-4427-84c5-428480b21cc7",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "b35b1ca2-f99c-4495-97a5-b8f30225cb90", "uuid": "b35b1ca2-f99c-4495-97a5-b8f30225cb90",
"value": "CryptoLocker" "value": "CryptoLocker"
}, },
@ -5496,6 +5657,15 @@
"Zeta" "Zeta"
] ]
}, },
"related": [
{
"dest-uuid": "55d5742e-20f5-4c9a-887a-4dbd5b37d921",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "c76110ea-15f1-4adf-a28d-c707374dbb3a", "uuid": "c76110ea-15f1-4adf-a28d-c707374dbb3a",
"value": "CryptoMix" "value": "CryptoMix"
}, },
@ -5506,6 +5676,15 @@
"https://twitter.com/malwrhunterteam/status/817672617658347521" "https://twitter.com/malwrhunterteam/status/817672617658347521"
] ]
}, },
"related": [
{
"dest-uuid": "2f65f056-6cba-4a5b-9aaf-daf31eb76fc2",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "de53f392-8794-43d1-a38b-c0b90c20a3fb", "uuid": "de53f392-8794-43d1-a38b-c0b90c20a3fb",
"value": "CryptoRansomeware" "value": "CryptoRansomeware"
}, },
@ -5822,6 +6001,15 @@
"CyberSplitter" "CyberSplitter"
] ]
}, },
"related": [
{
"dest-uuid": "8bde6075-8c5b-4ff1-be9a-4e2b1d3419aa",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "587589df-ee42-43f4-9480-c65d6e1d7e0f", "uuid": "587589df-ee42-43f4-9480-c65d6e1d7e0f",
"value": "Cyber SpLiTTer Vbs" "value": "Cyber SpLiTTer Vbs"
}, },
@ -6046,6 +6234,22 @@
"Hidden Tear" "Hidden Tear"
] ]
}, },
"related": [
{
"dest-uuid": "24fe5fef-6325-4c21-9c35-a0ecd185e254",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "b96be762-56a0-4407-be04-fcba76c1ff29",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "254f4f67-d850-4dc5-8ddb-2e955ddea287", "uuid": "254f4f67-d850-4dc5-8ddb-2e955ddea287",
"value": "HiddenTear" "value": "HiddenTear"
}, },
@ -6286,6 +6490,15 @@
"https://www.bleepingcomputer.com/news/security/firecrypt-ransomware-comes-with-a-ddos-component/" "https://www.bleepingcomputer.com/news/security/firecrypt-ransomware-comes-with-a-ddos-component/"
] ]
}, },
"related": [
{
"dest-uuid": "c4346ed0-1d74-4476-a78c-299bce0409bd",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "721ba430-fd28-454c-8512-24339ef2235f", "uuid": "721ba430-fd28-454c-8512-24339ef2235f",
"value": "FireCrypt" "value": "FireCrypt"
}, },
@ -6446,6 +6659,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "721e9af0-8a60-4b9e-9137-c23e86d75722",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "390abe30-8b9e-439e-a6d3-2ee978f05fba", "uuid": "390abe30-8b9e-439e-a6d3-2ee978f05fba",
@ -6536,6 +6756,15 @@
"Mamba" "Mamba"
] ]
}, },
"related": [
{
"dest-uuid": "df320366-7970-4af0-b1f4-9f9492dede53",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "95be4cd8-1d98-484f-a328-a5917a05e3c8", "uuid": "95be4cd8-1d98-484f-a328-a5917a05e3c8",
"value": "HDDCryptor" "value": "HDDCryptor"
}, },
@ -6574,6 +6803,15 @@
"https://blog.fortinet.com/2016/06/03/cooking-up-autumn-herbst-ransomware" "https://blog.fortinet.com/2016/06/03/cooking-up-autumn-herbst-ransomware"
] ]
}, },
"related": [
{
"dest-uuid": "ca8482d9-657b-49fe-8345-6ed962a9735a",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "6489895b-0213-4564-9cfc-777df58d84c9", "uuid": "6489895b-0213-4564-9cfc-777df58d84c9",
"value": "Herbst" "value": "Herbst"
}, },
@ -6781,6 +7019,15 @@
"CryptoHitMan" "CryptoHitMan"
] ]
}, },
"related": [
{
"dest-uuid": "910c3fd2-56e5-4f1d-8df0-2aa0b293b7d9",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "1e3384ae-4b48-4c96-b7c2-bc1cc1eda203", "uuid": "1e3384ae-4b48-4c96-b7c2-bc1cc1eda203",
"value": "Jigsaw" "value": "Jigsaw"
}, },
@ -6835,6 +7082,15 @@
"http://www.welivesecurity.com/2016/03/07/new-mac-ransomware-appears-keranger-spread-via-transmission-app/" "http://www.welivesecurity.com/2016/03/07/new-mac-ransomware-appears-keranger-spread-via-transmission-app/"
] ]
}, },
"related": [
{
"dest-uuid": "01643bc9-bd61-42e8-b9f1-5fbf83dcd786",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "63292b32-9867-4fb2-9e59-d4983d4fd5d1", "uuid": "63292b32-9867-4fb2-9e59-d4983d4fd5d1",
"value": "KeRanger" "value": "KeRanger"
}, },
@ -7122,6 +7378,15 @@
"https://www.bleepingcomputer.com/news/security/locky-ransomware-switches-to-egyptian-mythology-with-the-osiris-extension/" "https://www.bleepingcomputer.com/news/security/locky-ransomware-switches-to-egyptian-mythology-with-the-osiris-extension/"
] ]
}, },
"related": [
{
"dest-uuid": "24c9bb9f-1f9a-4e01-95d8-86c51733e11c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "8d51a22e-3485-4480-af96-8ed0305a7aa6", "uuid": "8d51a22e-3485-4480-af96-8ed0305a7aa6",
"value": "Locky" "value": "Locky"
}, },
@ -7406,6 +7671,15 @@
"http://github.com/Cyberclues/nanolocker-decryptor" "http://github.com/Cyberclues/nanolocker-decryptor"
] ]
}, },
"related": [
{
"dest-uuid": "00e1373c-fddf-4b06-9770-e980cc0ada6b",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "03a91686-c607-49a8-a4e2-2054833c0013", "uuid": "03a91686-c607-49a8-a4e2-2054833c0013",
"value": "NanoLocker" "value": "NanoLocker"
}, },
@ -7570,6 +7844,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "32fa6c53-b4fc-47f8-894c-1ea74180e02f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "3c51fc0e-42d8-4ff0-b1bd-5c8c20271a39", "uuid": "3c51fc0e-42d8-4ff0-b1bd-5c8c20271a39",
@ -7589,6 +7870,15 @@
"GPCode" "GPCode"
] ]
}, },
"related": [
{
"dest-uuid": "127c3d76-6323-4363-93e0-cd06ade0dd52",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "7914f9c9-3257-464c-b918-3754c4d018af", "uuid": "7914f9c9-3257-464c-b918-3754c4d018af",
"value": "OMG! Ransomware" "value": "OMG! Ransomware"
}, },
@ -7622,6 +7912,15 @@
"CryptoWire" "CryptoWire"
] ]
}, },
"related": [
{
"dest-uuid": "bc0c1e48-102c-4e6b-9b86-c442c4798159",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "4bb11db7-17a0-4536-b817-419ae6299004", "uuid": "4bb11db7-17a0-4536-b817-419ae6299004",
"value": "Owl" "value": "Owl"
}, },
@ -7640,6 +7939,15 @@
"https://twitter.com/malwrhunterteam/status/798141978810732544" "https://twitter.com/malwrhunterteam/status/798141978810732544"
] ]
}, },
"related": [
{
"dest-uuid": "c21335f5-b145-4029-b1bc-161362c7ce80",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "57c5df76-e72f-41b9-be29-89395f83a77c", "uuid": "57c5df76-e72f-41b9-be29-89395f83a77c",
"value": "PadCrypt" "value": "PadCrypt"
}, },
@ -7674,6 +7982,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "bad1057c-4f92-4747-a0ec-31bcc062dab8",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "e211ea8d-5042-48ae-86c6-15186d1f8dba", "uuid": "e211ea8d-5042-48ae-86c6-15186d1f8dba",
@ -7696,6 +8011,15 @@
"Goldeneye" "Goldeneye"
] ]
}, },
"related": [
{
"dest-uuid": "34c9dbaa-97ac-4e1e-9eca-b7c492d67efc",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "7c5a1e93-7ab2-4b08-ada9-e82c4feaed0a", "uuid": "7c5a1e93-7ab2-4b08-ada9-e82c4feaed0a",
"value": "Petya" "value": "Petya"
}, },
@ -7752,6 +8076,15 @@
"https://securelist.com/blog/research/76182/polyglot-the-fake-ctb-locker/" "https://securelist.com/blog/research/76182/polyglot-the-fake-ctb-locker/"
] ]
}, },
"related": [
{
"dest-uuid": "5ee77368-5e09-4016-ae73-82b99e830832",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "b22cafb4-ccef-4935-82f4-631a6e539b8e", "uuid": "b22cafb4-ccef-4935-82f4-631a6e539b8e",
"value": "Polyglot" "value": "Polyglot"
}, },
@ -7772,6 +8105,15 @@
"PoshCoder" "PoshCoder"
] ]
}, },
"related": [
{
"dest-uuid": "5c5beab9-614c-4c86-b369-086234ddb43c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "9fa93bb7-2997-4864-aa0e-0e667990dec8", "uuid": "9fa93bb7-2997-4864-aa0e-0e667990dec8",
"value": "PowerWare" "value": "PowerWare"
}, },
@ -7907,6 +8249,15 @@
"http://www.nyxbone.com/malware/radamant.html" "http://www.nyxbone.com/malware/radamant.html"
] ]
}, },
"related": [
{
"dest-uuid": "98bcb2b9-bc3a-4ffb-859a-94bd03c1cc3c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "674c3bf6-2e16-427d-ab0f-b91676a460cd", "uuid": "674c3bf6-2e16-427d-ab0f-b91676a460cd",
"value": "Radamant" "value": "Radamant"
}, },
@ -8025,6 +8376,15 @@
"https://www.bleepingcomputer.com/news/security/ransoc-ransomware-extorts-users-who-accessed-questionable-content/" "https://www.bleepingcomputer.com/news/security/ransoc-ransomware-extorts-users-who-accessed-questionable-content/"
] ]
}, },
"related": [
{
"dest-uuid": "5310903e-0704-4ca4-ab1b-52d243dddb06",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "f0fcbac5-6216-4c3c-adcb-3aa06ab23340", "uuid": "f0fcbac5-6216-4c3c-adcb-3aa06ab23340",
"value": "Ransoc" "value": "Ransoc"
}, },
@ -8136,6 +8496,15 @@
"https://blog.malwarebytes.org/threat-analysis/2016/04/rokku-ransomware/" "https://blog.malwarebytes.org/threat-analysis/2016/04/rokku-ransomware/"
] ]
}, },
"related": [
{
"dest-uuid": "38f57823-ccc2-424b-8140-8ba30325af9c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "61184aea-e87b-467d-b36e-cfc75ccb242f", "uuid": "61184aea-e87b-467d-b36e-cfc75ccb242f",
"value": "Rokku" "value": "Rokku"
}, },
@ -8266,6 +8635,15 @@
"Samsam" "Samsam"
] ]
}, },
"related": [
{
"dest-uuid": "696d78cb-1716-4ca0-b678-c03c7cfec19a",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "731e4a5e-35f2-47b1-80ba-150b95fdc14d", "uuid": "731e4a5e-35f2-47b1-80ba-150b95fdc14d",
"value": "Samas-Samsam" "value": "Samas-Samsam"
}, },
@ -8327,6 +8705,15 @@
"https://blog.kaspersky.com/satana-ransomware/12558/" "https://blog.kaspersky.com/satana-ransomware/12558/"
] ]
}, },
"related": [
{
"dest-uuid": "09b555be-8bac-44b2-8741-922ee0b87880",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "a127a59e-9e4c-4c2b-b833-cabd076c3016", "uuid": "a127a59e-9e4c-4c2b-b833-cabd076c3016",
"value": "Satana" "value": "Satana"
}, },
@ -8348,6 +8735,15 @@
"http://www.nyxbone.com/malware/Serpico.html" "http://www.nyxbone.com/malware/Serpico.html"
] ]
}, },
"related": [
{
"dest-uuid": "0d4ca924-7e7e-4385-b14d-f504b4d206e5",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "bd4bfbab-c21d-4971-b70c-b180bcf40630", "uuid": "bd4bfbab-c21d-4971-b70c-b180bcf40630",
"value": "Serpico" "value": "Serpico"
}, },
@ -8409,6 +8805,15 @@
"KinCrypt" "KinCrypt"
] ]
}, },
"related": [
{
"dest-uuid": "77c20bd9-5403-4f99-bae5-c54f3f38a6b6",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "b9963d52-a391-4e9c-92e7-d2a147d5451f", "uuid": "b9963d52-a391-4e9c-92e7-d2a147d5451f",
"value": "Shujin" "value": "Shujin"
}, },
@ -8760,6 +9165,20 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "ae4aa1ef-4da0-4952-9583-9d47f84edad9",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "7f6cd579-b021-4896-80da-fcc07c35c8b2",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "b817ce63-f1c3-49de-bd8b-fd56c3f956c9", "uuid": "b817ce63-f1c3-49de-bd8b-fd56c3f956c9",
@ -9240,6 +9659,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "721e9af0-8a60-4b9e-9137-c23e86d75722",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "78ef77ac-a570-4fb9-af80-d04c09dff9ab", "uuid": "78ef77ac-a570-4fb9-af80-d04c09dff9ab",
@ -9273,6 +9699,15 @@
"https://www.bleepingcomputer.com/news/security/jaff-ransomware-distributed-via-necurs-malspam-and-asking-for-a-3-700-ransom/" "https://www.bleepingcomputer.com/news/security/jaff-ransomware-distributed-via-necurs-malspam-and-asking-for-a-3-700-ransom/"
] ]
}, },
"related": [
{
"dest-uuid": "2c51a717-726b-4813-9fcc-1265694b128e",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "8e3d44d0-6768-4b54-88b0-2e004a7f2297", "uuid": "8e3d44d0-6768-4b54-88b0-2e004a7f2297",
"value": "Jaff" "value": "Jaff"
}, },
@ -9400,6 +9835,15 @@
"Syn Ack" "Syn Ack"
] ]
}, },
"related": [
{
"dest-uuid": "a396a0bb-6dc5-424a-bdbd-f8ba808ca2c2",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "04585cd8-54ae-420f-9191-8ddb9b88a80c", "uuid": "04585cd8-54ae-420f-9191-8ddb9b88a80c",
"value": "SynAck" "value": "SynAck"
}, },
@ -9417,6 +9861,15 @@
"https://www.bleepingcomputer.com/news/security/synccrypt-ransomware-hides-inside-jpg-files-appends-kk-extension/" "https://www.bleepingcomputer.com/news/security/synccrypt-ransomware-hides-inside-jpg-files-appends-kk-extension/"
] ]
}, },
"related": [
{
"dest-uuid": "e717a26d-17aa-4cd7-88de-dc75aa365232",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "83d10b83-9038-4dd6-b305-f14c21478588", "uuid": "83d10b83-9038-4dd6-b305-f14c21478588",
"value": "SyncCrypt" "value": "SyncCrypt"
}, },
@ -9431,6 +9884,15 @@
"Bad-Rabbit" "Bad-Rabbit"
] ]
}, },
"related": [
{
"dest-uuid": "6f736038-4f74-435b-8904-6870ee0e23ba",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "e8af6388-6575-4812-94a8-9df1567294c5", "uuid": "e8af6388-6575-4812-94a8-9df1567294c5",
"value": "Bad Rabbit" "value": "Bad Rabbit"
}, },
@ -9573,6 +10035,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "bad1057c-4f92-4747-a0ec-31bcc062dab8",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "091c9923-5939-4bde-9db5-56abfb51f1a2", "uuid": "091c9923-5939-4bde-9db5-56abfb51f1a2",
@ -9586,6 +10055,15 @@
"https://objective-see.com/blog/blog_0x25.html" "https://objective-see.com/blog/blog_0x25.html"
] ]
}, },
"related": [
{
"dest-uuid": "66862f1a-5823-4a9a-bd80-439aaafc1d8b",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "7574c7f1-5075-4230-aca9-d6c0956f1fac", "uuid": "7574c7f1-5075-4230-aca9-d6c0956f1fac",
"value": "MacRansom" "value": "MacRansom"
}, },
@ -9659,6 +10137,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "32fa6c53-b4fc-47f8-894c-1ea74180e02f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "4f3e494e-0e37-4894-94b2-741a8100f07a", "uuid": "4f3e494e-0e37-4894-94b2-741a8100f07a",
@ -9675,6 +10160,15 @@
"https://www.eclecticiq.com/resources/thanatos--ransomware-first-ransomware-ask-payment-bitcoin-cash?type=intel-report" "https://www.eclecticiq.com/resources/thanatos--ransomware-first-ransomware-ask-payment-bitcoin-cash?type=intel-report"
] ]
}, },
"related": [
{
"dest-uuid": "24fabbe0-27a2-4c93-a6a6-c14767efaa25",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "361d7a90-2fde-4fc7-91ed-fdce26eb790f", "uuid": "361d7a90-2fde-4fc7-91ed-fdce26eb790f",
"value": "Thanatos" "value": "Thanatos"
}, },
@ -10322,6 +10816,15 @@
"https://www.johannesbader.ch/2015/03/the-dga-of-dircrypt/" "https://www.johannesbader.ch/2015/03/the-dga-of-dircrypt/"
] ]
}, },
"related": [
{
"dest-uuid": "61b2dd12-2381-429d-bb64-e3210804a462",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "cdcc59a0-955e-412d-b481-8dff4bce6fdf", "uuid": "cdcc59a0-955e-412d-b481-8dff4bce6fdf",
"value": "DirCrypt" "value": "DirCrypt"
}, },
@ -10616,5 +11119,5 @@
"value": "SAVEfiles" "value": "SAVEfiles"
} }
], ],
"version": 37 "version": 38
} }

View file

@ -36,6 +36,15 @@
"https://www.cfr.org/interactive/cyber-operations/jaderat" "https://www.cfr.org/interactive/cyber-operations/jaderat"
] ]
}, },
"related": [
{
"dest-uuid": "8804e02c-a139-4c3d-8901-03302ca1faa0",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "1cc8963b-5ad4-4e19-8e9a-57b0ff1ef926", "uuid": "1cc8963b-5ad4-4e19-8e9a-57b0ff1ef926",
"value": "JadeRAT" "value": "JadeRAT"
}, },
@ -95,6 +104,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "7789fc1b-3cbc-4a1c-8ef0-8b06760f93e7",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "4e104fef-8a2c-4679-b497-6e86d7d47db0", "uuid": "4e104fef-8a2c-4679-b497-6e86d7d47db0",
@ -177,6 +193,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "5086a6e0-53b2-4d96-9eb3-a0237da2e591",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "8a21ae06-d257-48a0-989b-1c9aebedabc2", "uuid": "8a21ae06-d257-48a0-989b-1c9aebedabc2",
@ -288,6 +311,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "8eb9d4aa-257a-45eb-8c65-95c18500171c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "b76d9845-815c-4e77-9538-6b737269da2f", "uuid": "b76d9845-815c-4e77-9538-6b737269da2f",
@ -343,6 +373,15 @@
"https://www.fireeye.com/blog/threat-research/2013/10/know-your-enemy-tracking-a-rapidly-evolving-apt-actor.html" "https://www.fireeye.com/blog/threat-research/2013/10/know-your-enemy-tracking-a-rapidly-evolving-apt-actor.html"
] ]
}, },
"related": [
{
"dest-uuid": "f9d0e934-879c-4668-b959-6bf7bdc96f5d",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "41f45758-0376-42a8-bc07-8f2ffbee3ad2", "uuid": "41f45758-0376-42a8-bc07-8f2ffbee3ad2",
"value": "Bozok" "value": "Bozok"
}, },
@ -366,6 +405,15 @@
"http://www.nbcnews.com/id/41584097/ns/technology_and_science-security/t/cybergate-leaked-e-mails-hint-corporate-hacking-conspiracy/" "http://www.nbcnews.com/id/41584097/ns/technology_and_science-security/t/cybergate-leaked-e-mails-hint-corporate-hacking-conspiracy/"
] ]
}, },
"related": [
{
"dest-uuid": "062d8577-d6e6-4c97-bcac-eb6eb1a50a8d",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "c3cf4e88-704b-4d7c-8185-ee780804f3d3", "uuid": "c3cf4e88-704b-4d7c-8185-ee780804f3d3",
"value": "CyberGate" "value": "CyberGate"
}, },
@ -425,6 +473,15 @@
"JacksBot" "JacksBot"
] ]
}, },
"related": [
{
"dest-uuid": "f2a9f583-b4dd-4669-8808-49c8bbacc376",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "1df62d96-88f8-473c-94a2-252eb360ba62", "uuid": "1df62d96-88f8-473c-94a2-252eb360ba62",
"value": "jRAT" "value": "jRAT"
}, },
@ -436,6 +493,15 @@
"https://leakforums.net/thread-479505" "https://leakforums.net/thread-479505"
] ]
}, },
"related": [
{
"dest-uuid": "ff24997d-1f17-4f00-b9b8-b3392146540f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "669a0e4d-9760-49fc-bdf5-0471f84e0c76", "uuid": "669a0e4d-9760-49fc-bdf5-0471f84e0c76",
"value": "jSpy" "value": "jSpy"
}, },
@ -494,6 +560,15 @@
"PredatorPain" "PredatorPain"
] ]
}, },
"related": [
{
"dest-uuid": "31615066-dbff-4134-b467-d97a337b408b",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "42a97a5d-ee33-492a-b20f-758ecdbf1aed", "uuid": "42a97a5d-ee33-492a-b20f-758ecdbf1aed",
"value": "Predator Pain" "value": "Predator Pain"
}, },
@ -583,6 +658,15 @@
"https://www.volexity.com/blog/2017/03/23/have-you-been-haunted-by-the-gh0st-rat-today/" "https://www.volexity.com/blog/2017/03/23/have-you-been-haunted-by-the-gh0st-rat-today/"
] ]
}, },
"related": [
{
"dest-uuid": "225fa6cf-dc9c-4b86-873b-cdf1d9dd3738",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "255a59a7-db2d-44fc-9ca9-5859b65817c3", "uuid": "255a59a7-db2d-44fc-9ca9-5859b65817c3",
"value": "Gh0st RAT" "value": "Gh0st RAT"
}, },
@ -635,6 +719,15 @@
"https://researchcenter.paloaltonetworks.com/2017/10/unit42-tracking-subaat-targeted-phishing-attacks-point-leader-threat-actors-repository/" "https://researchcenter.paloaltonetworks.com/2017/10/unit42-tracking-subaat-targeted-phishing-attacks-point-leader-threat-actors-repository/"
] ]
}, },
"related": [
{
"dest-uuid": "05252643-093b-4070-b62f-d5836683a9fa",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "6efa425c-3731-44fd-9224-2a62df061a2d", "uuid": "6efa425c-3731-44fd-9224-2a62df061a2d",
"value": "Quasar RAT" "value": "Quasar RAT"
}, },
@ -667,6 +760,15 @@
"https://github.com/shotskeber/Ratty" "https://github.com/shotskeber/Ratty"
] ]
}, },
"related": [
{
"dest-uuid": "da032a95-b02a-4af2-b563-69f686653af4",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "a51f07ae-ab2c-45ee-aa9c-1db7873e7bb4", "uuid": "a51f07ae-ab2c-45ee-aa9c-1db7873e7bb4",
"value": "Ratty" "value": "Ratty"
}, },
@ -964,6 +1066,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "e87d9df4-b464-4458-ae1f-31cea40d5f96",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "d5d3f9de-21b5-482e-b716-5f2f13182990", "uuid": "d5d3f9de-21b5-482e-b716-5f2f13182990",
@ -1231,6 +1340,15 @@
"https://www.rekings.com/spynote-v4-android-rat/" "https://www.rekings.com/spynote-v4-android-rat/"
] ]
}, },
"related": [
{
"dest-uuid": "31592c69-d540-4617-8253-71ae0c45526c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "ea727e26-b3de-44f8-86c5-11a912c7a8aa", "uuid": "ea727e26-b3de-44f8-86c5-11a912c7a8aa",
"value": "SpyNote" "value": "SpyNote"
}, },
@ -1530,6 +1648,15 @@
"https://www.zscaler.com/blogs/research/cobian-rat-backdoored-rat" "https://www.zscaler.com/blogs/research/cobian-rat-backdoored-rat"
] ]
}, },
"related": [
{
"dest-uuid": "aa553bbd-f6e4-4774-9ec5-4607aa2004b8",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "8c49da10-2b59-42c4-81e6-75556decdecb", "uuid": "8c49da10-2b59-42c4-81e6-75556decdecb",
"value": "Cobian RAT" "value": "Cobian RAT"
}, },
@ -1693,6 +1820,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "d9cc15f7-0880-4ae4-8df4-87c58338d6b8",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "9223bf17-7e32-4833-9574-9ffd8c929765", "uuid": "9223bf17-7e32-4833-9574-9ffd8c929765",
@ -1786,6 +1920,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "036bd099-fe80-46c2-9c4c-e5c6df8dcdee",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "663f8ef9-4c50-499a-b765-f377d23c1070", "uuid": "663f8ef9-4c50-499a-b765-f377d23c1070",
@ -1872,6 +2013,15 @@
"meta": { "meta": {
"date": "2010" "date": "2010"
}, },
"related": [
{
"dest-uuid": "479353aa-c6d7-47a7-b5f0-3f97fd904864",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "ee73e375-3ac2-4ce0-b24b-74fd82d52864", "uuid": "ee73e375-3ac2-4ce0-b24b-74fd82d52864",
"value": "Erebus" "value": "Erebus"
}, },
@ -2044,6 +2194,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "1a1d3ea4-972e-4c48-8d85-08d9db8f1550",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "ca44dd5e-fd9e-48b5-99cb-0b2629b9265f", "uuid": "ca44dd5e-fd9e-48b5-99cb-0b2629b9265f",
@ -2075,6 +2232,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "e88eb9b1-dc8b-4696-8dcf-0c29924d0f8b",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "3eca2d5f-41bf-4ad4-847f-df18befcdc44", "uuid": "3eca2d5f-41bf-4ad4-847f-df18befcdc44",
@ -2121,6 +2285,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "a61fc694-a88a-484d-a648-db35b49932fd",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "8d8efbc6-d1b7-4ec8-bab3-591edba337d0", "uuid": "8d8efbc6-d1b7-4ec8-bab3-591edba337d0",
@ -2231,6 +2402,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "f982fa2d-f78f-4fe1-a86d-d10471a3ebcf",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "5b930a23-7d88-481f-8791-abc7b3dd93d2", "uuid": "5b930a23-7d88-481f-8791-abc7b3dd93d2",
@ -2271,6 +2449,15 @@
"http://securityaffairs.co/wordpress/51202/cyber-crime/govrat-2-0-attacks.html" "http://securityaffairs.co/wordpress/51202/cyber-crime/govrat-2-0-attacks.html"
] ]
}, },
"related": [
{
"dest-uuid": "9fbb5822-1660-4651-9f57-b6f83a881786",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "b6ddc2c6-5890-4c60-9b10-4274d1a9cc22", "uuid": "b6ddc2c6-5890-4c60-9b10-4274d1a9cc22",
"value": "GovRAT" "value": "GovRAT"
}, },
@ -2352,6 +2539,15 @@
"https://omnirat.eu/en/" "https://omnirat.eu/en/"
] ]
}, },
"related": [
{
"dest-uuid": "ec936d58-6607-4e33-aa97-0e587bbbdda5",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "f091dfcb-07f4-4414-849e-c644e7327d94", "uuid": "f091dfcb-07f4-4414-849e-c644e7327d94",
"value": "OmniRAT" "value": "OmniRAT"
}, },
@ -2512,6 +2708,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "8465177f-16c8-47fc-a4c8-f4c0409fe460",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "f266754c-d0aa-4918-95a3-73b28eaa66e3", "uuid": "f266754c-d0aa-4918-95a3-73b28eaa66e3",
@ -2526,6 +2729,15 @@
"https://blog.talosintelligence.com/2018/08/picking-apart-remcos.html" "https://blog.talosintelligence.com/2018/08/picking-apart-remcos.html"
] ]
}, },
"related": [
{
"dest-uuid": "2894aee2-e0ec-417a-811e-74a68ab967b2",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "f647cca0-7416-47e9-8342-94b84dd436cc", "uuid": "f647cca0-7416-47e9-8342-94b84dd436cc",
"value": "Remcos" "value": "Remcos"
}, },
@ -2537,6 +2749,15 @@
"https://securityintelligence.com/client-maximus-new-remote-overlay-malware-highlights-rising-malcode-sophistication-in-brazil/" "https://securityintelligence.com/client-maximus-new-remote-overlay-malware-highlights-rising-malcode-sophistication-in-brazil/"
] ]
}, },
"related": [
{
"dest-uuid": "c2bd0771-55d6-4242-986d-4bfd735998ba",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "d840e5af-3e6b-49af-ab82-fb4f8740bf55", "uuid": "d840e5af-3e6b-49af-ab82-fb4f8740bf55",
"value": "Client Maximus" "value": "Client Maximus"
}, },
@ -2580,6 +2801,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "a70e93a7-3578-47e1-9926-0818979ed866",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "ad6a1b4a-6d79-40d4-adb7-1d7ca697347e", "uuid": "ad6a1b4a-6d79-40d4-adb7-1d7ca697347e",
@ -2593,6 +2821,15 @@
"http://www.securityweek.com/rurktar-malware-espionage-tool-development" "http://www.securityweek.com/rurktar-malware-espionage-tool-development"
] ]
}, },
"related": [
{
"dest-uuid": "512e0b13-a52b-45ef-9230-7172f5e976d4",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "40bce827-4049-46e4-8323-3ab58f0f00bc", "uuid": "40bce827-4049-46e4-8323-3ab58f0f00bc",
"value": "Rurktar" "value": "Rurktar"
}, },
@ -2667,6 +2904,15 @@
"https://objective-see.com/blog/blog_0x25.html" "https://objective-see.com/blog/blog_0x25.html"
] ]
}, },
"related": [
{
"dest-uuid": "c9915d41-d1fb-45bc-997e-5cd9c573d8e7",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "b7cea5fe-d3fe-47cf-ba82-104c90e130ff", "uuid": "b7cea5fe-d3fe-47cf-ba82-104c90e130ff",
"value": "MacSpy" "value": "MacSpy"
}, },
@ -2692,6 +2938,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "b376580e-aba1-4ac9-9c2d-2df429efecf6",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "ee8ccb36-2596-43a3-a044-b8721dbeb2ab", "uuid": "ee8ccb36-2596-43a3-a044-b8721dbeb2ab",
@ -2747,6 +3000,15 @@
"https://cdn.riskiq.com/wp-content/uploads/2017/10/RiskIQ-htpRAT-Malware-Attacks.pdf?_ga=2.159415805.1155855406.1509033001-1017609577.1507615928" "https://cdn.riskiq.com/wp-content/uploads/2017/10/RiskIQ-htpRAT-Malware-Attacks.pdf?_ga=2.159415805.1155855406.1509033001-1017609577.1507615928"
] ]
}, },
"related": [
{
"dest-uuid": "e8d1a1f3-3170-4562-9a18-cadf000e48d0",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "7362581a-a7d1-4060-b225-e227f2df2b60", "uuid": "7362581a-a7d1-4060-b225-e227f2df2b60",
"value": "htpRAT" "value": "htpRAT"
}, },
@ -2765,6 +3027,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "e0bea149-2def-484f-b658-f782a4f94815", "uuid": "e0bea149-2def-484f-b658-f782a4f94815",
@ -2839,6 +3108,15 @@
"https://www.flashpoint-intel.com/blog/meet-ars-vbs-loader/" "https://www.flashpoint-intel.com/blog/meet-ars-vbs-loader/"
] ]
}, },
"related": [
{
"dest-uuid": "1a4f99cc-c078-41f8-9749-e1dc524fc795",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "cd6527d1-17a7-4825-8b4b-56e113d0efb1", "uuid": "cd6527d1-17a7-4825-8b4b-56e113d0efb1",
"value": "ARS VBS Loader" "value": "ARS VBS Loader"
}, },
@ -2850,6 +3128,15 @@
"https://labs.bitdefender.com/wp-content/uploads/downloads/radrat-an-all-in-one-toolkit-for-complex-espionage-ops/" "https://labs.bitdefender.com/wp-content/uploads/downloads/radrat-an-all-in-one-toolkit-for-complex-espionage-ops/"
] ]
}, },
"related": [
{
"dest-uuid": "271752e3-67ca-48bc-ade2-30eec11defca",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "5a3df9d7-82de-445e-a218-406b970600d7", "uuid": "5a3df9d7-82de-445e-a218-406b970600d7",
"value": "RadRAT" "value": "RadRAT"
}, },
@ -2860,6 +3147,15 @@
"https://www.proofpoint.com/us/threat-insight/post/leaked-source-code-ammyy-admin-turned-flawedammyy-rat" "https://www.proofpoint.com/us/threat-insight/post/leaked-source-code-ammyy-admin-turned-flawedammyy-rat"
] ]
}, },
"related": [
{
"dest-uuid": "18419355-fd28-41a6-bffe-2df68a7166c4",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "3c1003a2-8364-467a-b9b8-fcc19724a9b5", "uuid": "3c1003a2-8364-467a-b9b8-fcc19724a9b5",
"value": "FlawedAmmyy" "value": "FlawedAmmyy"
}, },
@ -2881,6 +3177,15 @@
"https://blog.talosintelligence.com/2018/05/navrat.html" "https://blog.talosintelligence.com/2018/05/navrat.html"
] ]
}, },
"related": [
{
"dest-uuid": "ec0cad2c-0c13-491a-a869-1dc1758c8872",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "6ea032a0-d54a-463b-b016-2b7b9b9a5b7e", "uuid": "6ea032a0-d54a-463b-b016-2b7b9b9a5b7e",
"value": "NavRAT" "value": "NavRAT"
}, },
@ -2901,6 +3206,15 @@
"https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/june/cve-2017-8750-rtf-and-the-sisfader-rat/" "https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/june/cve-2017-8750-rtf-and-the-sisfader-rat/"
] ]
}, },
"related": [
{
"dest-uuid": "0fba78fc-47a1-45e1-b5df-71bcabd23b5d",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "b533439d-b060-4c90-80e0-9dce67b0c6fb", "uuid": "b533439d-b060-4c90-80e0-9dce67b0c6fb",
"value": "Sisfader" "value": "Sisfader"
}, },
@ -2941,5 +3255,5 @@
"value": "NukeSped" "value": "NukeSped"
} }
], ],
"version": 18 "version": 19
} }

View file

@ -16,6 +16,15 @@
"https://www.proofpoint.com/us/threat-insight/post/thief-night-new-nocturnal-stealer-grabs-data-cheap" "https://www.proofpoint.com/us/threat-insight/post/thief-night-new-nocturnal-stealer-grabs-data-cheap"
] ]
}, },
"related": [
{
"dest-uuid": "94793dbc-3649-40a4-9ccc-1b32846ecb3a",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "e7080bce-99b5-4615-a798-a192ed89bd5a", "uuid": "e7080bce-99b5-4615-a798-a192ed89bd5a",
"value": "Nocturnal Stealer" "value": "Nocturnal Stealer"
}, },
@ -44,5 +53,5 @@
"value": "AZORult" "value": "AZORult"
} }
], ],
"version": 2 "version": 3
} }

View file

@ -2751,6 +2751,15 @@
"Mythic Leopard" "Mythic Leopard"
] ]
}, },
"related": [
{
"dest-uuid": "2a410eea-a9da-11e8-b404-37b7060746c8",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "acbb5cad-ffe7-4b0e-a57a-2dbc916e8905", "uuid": "acbb5cad-ffe7-4b0e-a57a-2dbc916e8905",
"value": "Operation C-Major" "value": "Operation C-Major"
}, },
@ -5920,5 +5929,5 @@
"value": "FASTCash" "value": "FASTCash"
} }
], ],
"version": 69 "version": 70
} }

File diff suppressed because it is too large Load diff

View file

@ -54,7 +54,8 @@ type_mapping = {
# 'mitre-mobile-attack-course-of-action': '', # 'mitre-mobile-attack-course-of-action': '',
'mitre-pre-attack-intrusion-set': 'actor', 'mitre-pre-attack-intrusion-set': 'actor',
# 'mitre-enterprise-attack-relationship': '', # 'mitre-enterprise-attack-relationship': '',
'tds': 'tool' 'tds': 'tool',
'malpedia': 'tool'
} }
@ -103,6 +104,7 @@ if __name__ == '__main__':
# ignore the galaxies that are not relevant for us # ignore the galaxies that are not relevant for us
if galaxy not in type_mapping: if galaxy not in type_mapping:
print("Ignoring galaxy '{}' as it is not in the mapping.".format(galaxy))
continue continue
# process the entries in each cluster # process the entries in each cluster