MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #319 from cvandeplas/master 

chg: [mitre] bump to latest MITRE ATT&CK dataset
pull/372/head
Christophe Vandeplas 2018-12-29 18:42:27 +01:00 committed by GitHub
parent 50c817a1fd 0ba220987d
commit 0bcf392f7e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 146 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
clusters/mitre-attack-pattern.json
View File

@ -7428,7 +7428,9 @@
"Packet capture"
],
"mitre_platforms": [
"Linux"
"Linux",
"macOS",
"Windows"
],
"refs": [
"https://attack.mitre.org/techniques/T1090",
@ -9542,7 +9544,7 @@
"value": "Forced Authentication - T1187"
},
{
"description": "Windows Background Intelligent Transfer Service (BITS) is a low-bandwidth, asynchronous file transfer mechanism exposed through Component Object Model (COM). (Citation: Microsoft COM) (Citation: Microsoft BITS) BITS is commonly used by updaters, messengers, and other applications preferred to operate in the background (using available idle bandwidth) without interrupting other networked applications. File transfer tasks are implemented as BITS jobs, which contain a queue of one or more file operations.\n\nThe interface to create and manage BITS jobs is accessible through [PowerShell](https://attack.mitre.org/techniques/T1086) (Citation: Microsoft BITS) and the [BITSAdmin](https://attack.mitre.org/software/S0190) tool. (Citation: Microsoft BITS)Admin\n\nAdversaries may abuse BITS to download, execute, and even clean up after running malicious code. BITS tasks are self-contained in the BITS job database, without new files or registry modifications, and often permitted by host firewalls. (Citation: CTU BITS Malware June 2016) (Citation: Mondok Windows PiggyBack BITS May 2007) (Citation: Symantec BITS May 2007) BITS enabled execution may also allow Persistence by creating long-standing jobs (the default maximum lifetime is 90 days and extendable) or invoking an arbitrary program when a job completes or errors (including after system reboots). (Citation: PaloAlto UBoatRAT Nov 2017) (Citation: CTU BITS Malware June 2016)\n\nBITS upload functionalities can also be used to perform [Exfiltration Over Alternative Protocol](https://attack.mitre.org/techniques/T1048). (Citation: CTU BITS Malware June 2016)",
"description": "Windows Background Intelligent Transfer Service (BITS) is a low-bandwidth, asynchronous file transfer mechanism exposed through Component Object Model (COM). (Citation: Microsoft COM) (Citation: Microsoft BITS) BITS is commonly used by updaters, messengers, and other applications preferred to operate in the background (using available idle bandwidth) without interrupting other networked applications. File transfer tasks are implemented as BITS jobs, which contain a queue of one or more file operations.\n\nThe interface to create and manage BITS jobs is accessible through [PowerShell](https://attack.mitre.org/techniques/T1086) (Citation: Microsoft BITS) and the [BITSAdmin](https://attack.mitre.org/software/S0190) tool. (Citation: Microsoft BITSAdmin)\n\nAdversaries may abuse BITS to download, execute, and even clean up after running malicious code. BITS tasks are self-contained in the BITS job database, without new files or registry modifications, and often permitted by host firewalls. (Citation: CTU BITS Malware June 2016) (Citation: Mondok Windows PiggyBack BITS May 2007) (Citation: Symantec BITS May 2007) BITS enabled execution may also allow Persistence by creating long-standing jobs (the default maximum lifetime is 90 days and extendable) or invoking an arbitrary program when a job completes or errors (including after system reboots). (Citation: PaloAlto UBoatRAT Nov 2017) (Citation: CTU BITS Malware June 2016)\n\nBITS upload functionalities can also be used to perform [Exfiltration Over Alternative Protocol](https://attack.mitre.org/techniques/T1048). (Citation: CTU BITS Malware June 2016)",
"meta": {
"external_id": "T1197",
"kill_chain": [
@ -9561,6 +9563,7 @@
"https://attack.mitre.org/techniques/T1197",
"https://technet.microsoft.com/library/dd939934.aspx",
"https://msdn.microsoft.com/library/windows/desktop/bb968799.aspx",
"https://msdn.microsoft.com/library/aa362813.aspx",
"https://www.secureworks.com/blog/malware-lingers-with-bits",
"https://arstechnica.com/information-technology/2007/05/malware-piggybacks-on-windows-background-intelligent-transfer-service/",
"https://www.symantec.com/connect/blogs/malware-update-windows-update",
@ -10398,5 +10401,5 @@
"value": "DNSCalc - T1324"
}
],
"version": 7
"version": 8
}

2
clusters/mitre-course-of-action.json
View File

@ -5951,5 +5951,5 @@
"value": "Attestation - M1002"
}
],
"version": 8
"version": 9
}

2
clusters/mitre-intrusion-set.json
View File

@ -11171,5 +11171,5 @@
"value": "DarkHydrus - G0079"
}
],
"version": 11
"version": 12
}

135
clusters/mitre-malware.json
View File

@ -44,6 +44,9 @@
"description": "[X-Agent for Android](https://attack.mitre.org/software/S0314) is Android malware that was placed in a repackaged version of a Ukrainian artillery targeting application. The malware reportedly retrieved general location data on where the victim device was used, and therefore could likely indicate the potential location of Ukrainian artillery. (Citation: CrowdStrike-Android) Is it tracked separately from the [Windows and Linux versions of X-Agent](https://attack.mitre.org/software/S0023).",
"meta": {
"external_id": "S0314",
"mitre_platforms": [
"Android"
],
"refs": [
"https://attack.mitre.org/software/S0314",
"https://www.crowdstrike.com/wp-content/brochures/FancyBearTracksUkrainianArtillery.pdf"
@ -103,6 +106,9 @@
"description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) is the Android version of malware that has reportedly been linked to the NSO Group. (Citation: Lookout-PegasusAndroid) (Citation: Google-Chrysaor) The iOS version is tracked separately under [Pegasus for iOS](https://attack.mitre.org/software/S0289).",
"meta": {
"external_id": "S0316",
"mitre_platforms": [
"Android"
],
"refs": [
"https://attack.mitre.org/software/S0316",
"https://blog.lookout.com/blog/2017/04/03/pegasus-android/",
@ -220,6 +226,9 @@
"description": "[Android Overlay Malware](https://attack.mitre.org/software/S0296) is malware that was used in a 2016 campaign targeting European countries. The malware attempted to trick users into providing banking credentials. (Citation: FireEye-AndroidOverlay)",
"meta": {
"external_id": "S0296",
"mitre_platforms": [
"Android"
],
"refs": [
"https://attack.mitre.org/software/S0296",
"https://www.fireeye.com/blog/threat-research/2016/06/latest-android-overlay-malware-spreading-in-europe.html"
@ -251,6 +260,9 @@
"description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) is the iOS version of malware that has reportedly been linked to the NSO Group. It has been advertised and sold to target high-value victims. (Citation: Lookout-Pegasus) (Citation: PegasusCitizenLab) The Android version is tracked separately under [Pegasus for Android](https://attack.mitre.org/software/S0316).",
"meta": {
"external_id": "S0289",
"mitre_platforms": [
"iOS"
],
"refs": [
"https://attack.mitre.org/software/S0289",
"https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf",
@ -604,6 +616,9 @@
"description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) (Remote Access Trojan) is a family of malicious Android apps. The [SpyNote RAT](https://attack.mitre.org/software/S0305) builder tool can be used to develop malicious apps with the malware's functionality. (Citation: Zscaler-SpyNote)",
"meta": {
"external_id": "S0305",
"mitre_platforms": [
"Android"
],
"refs": [
"https://attack.mitre.org/software/S0305",
"https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app"
@ -1130,6 +1145,9 @@
"description": "[Stealth Mango](https://attack.mitre.org/software/S0328) is Android malware that has reportedly been used to successfully compromise the mobile devices of government officials, members of the military, medical professionals, and civilians. The iOS malware known as [Tangelo](https://attack.mitre.org/software/S0329) is believed to be from the same developer. (Citation: Lookout-StealthMango)",
"meta": {
"external_id": "S0328",
"mitre_platforms": [
"Android"
],
"refs": [
"https://attack.mitre.org/software/S0328",
"https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
@ -1349,6 +1367,9 @@
"description": "[Trojan-SMS.AndroidOS.FakeInst.a](https://attack.mitre.org/software/S0306) is Android malware. (Citation: Kaspersky-MobileMalware)",
"meta": {
"external_id": "S0306",
"mitre_platforms": [
"Android"
],
"refs": [
"https://attack.mitre.org/software/S0306",
"https://securelist.com/mobile-malware-evolution-2013/58335/"
@ -1373,6 +1394,9 @@
"description": "[Trojan-SMS.AndroidOS.Agent.ao](https://attack.mitre.org/software/S0307) is Android malware. (Citation: Kaspersky-MobileMalware)",
"meta": {
"external_id": "S0307",
"mitre_platforms": [
"Android"
],
"refs": [
"https://attack.mitre.org/software/S0307",
"https://securelist.com/mobile-malware-evolution-2013/58335/"
@ -1397,6 +1421,9 @@
"description": "[Trojan-SMS.AndroidOS.OpFake.a](https://attack.mitre.org/software/S0308) is Android malware. (Citation: Kaspersky-MobileMalware)",
"meta": {
"external_id": "S0308",
"mitre_platforms": [
"Android"
],
"refs": [
"https://attack.mitre.org/software/S0308",
"https://securelist.com/mobile-malware-evolution-2013/58335/"
@ -1748,6 +1775,9 @@
"description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) is Android malware that was delivered to activist groups via a spearphishing email with an attachment. (Citation: Kaspersky-WUC)",
"meta": {
"external_id": "S0304",
"mitre_platforms": [
"Android"
],
"refs": [
"https://attack.mitre.org/software/S0304",
"https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/"
@ -1855,6 +1885,9 @@
"description": "[ANDROIDOS_ANSERVER.A](https://attack.mitre.org/software/S0310) is Android malware that is unique because it uses encrypted content within a blog site for command and control. (Citation: TrendMicro-Anserver)",
"meta": {
"external_id": "S0310",
"mitre_platforms": [
"Android"
],
"refs": [
"https://attack.mitre.org/software/S0310",
"http://blog.trendmicro.com/trendlabs-security-intelligence/android-malware-uses-blog-posts-as-cc/"
@ -2547,6 +2580,9 @@
"description": "[DressCode](https://attack.mitre.org/software/S0300) is an Android malware family. (Citation: TrendMicro-DressCode)",
"meta": {
"external_id": "S0300",
"mitre_platforms": [
"Android"
],
"refs": [
"https://attack.mitre.org/software/S0300",
"http://blog.trendmicro.com/trendlabs-security-intelligence/dresscode-potential-impact-enterprises/"
@ -4049,6 +4085,9 @@
"description": "[Dendroid](https://attack.mitre.org/software/S0301) is an Android malware family. (Citation: Lookout-Dendroid)",
"meta": {
"external_id": "S0301",
"mitre_platforms": [
"Android"
],
"refs": [
"https://attack.mitre.org/software/S0301",
"https://blog.lookout.com/blog/2014/03/06/dendroid/"
@ -5732,6 +5771,9 @@
"description": "[DroidJack RAT](https://attack.mitre.org/software/S0320) is an Android remote access tool that has been observed posing as legitimate applications including the Super Mario Run and Pokemon GO games. (Citation: Zscaler-SuperMarioRun) (Citation: Proofpoint-Droidjack)",
"meta": {
"external_id": "S0320",
"mitre_platforms": [
"Android"
],
"refs": [
"https://attack.mitre.org/software/S0320",
"https://www.zscaler.com/blogs/research/super-mario-run-malware-2--droidjack-rat",
@ -6087,6 +6129,9 @@
"description": "[Twitoor](https://attack.mitre.org/software/S0302) is an Android malware family that likely spreads by SMS or via malicious URLs. (Citation: ESET-Twitoor)",
"meta": {
"external_id": "S0302",
"mitre_platforms": [
"Android"
],
"refs": [
"https://attack.mitre.org/software/S0302",
"http://www.welivesecurity.com/2016/08/24/first-twitter-controlled-android-botnet-discovered/"
@ -7621,6 +7666,9 @@
"description": "[Gooligan](https://attack.mitre.org/software/S0290) is a malware family that runs privilege escalation exploits on Android devices and then uses its escalated privileges to steal authentication tokens that can be used to access data from many Google applications. [Gooligan](https://attack.mitre.org/software/S0290) has been described as part of the Ghost Push Android malware family. (Citation: Gooligan Citation) (Citation: Ludwig-GhostPush) (Citation: Lookout-Gooligan)",
"meta": {
"external_id": "S0290",
"mitre_platforms": [
"Android"
],
"refs": [
"https://attack.mitre.org/software/S0290",
"http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/",
@ -7662,6 +7710,9 @@
"description": "[MazarBOT](https://attack.mitre.org/software/S0303) is Android malware that was distributed via SMS in Denmark in 2016. (Citation: Tripwire-MazarBOT)",
"meta": {
"external_id": "S0303",
"mitre_platforms": [
"Android"
],
"refs": [
"https://attack.mitre.org/software/S0303",
"https://www.tripwire.com/state-of-security/security-data-protection/android-malware-sms/"
@ -8609,6 +8660,9 @@
"description": "[Adups](https://attack.mitre.org/software/S0309) is software that was pre-installed onto Android devices, including those made by BLU Products. The software was reportedly designed to help a Chinese phone manufacturer monitor user behavior, transferring sensitive data to a Chinese server. (Citation: NYTimes-BackDoor) (Citation: BankInfoSecurity-BackDoor)",
"meta": {
"external_id": "S0309",
"mitre_platforms": [
"Android"
],
"refs": [
"https://attack.mitre.org/software/S0309",
"https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html",
@ -10920,6 +10974,9 @@
"description": "[YiSpecter](https://attack.mitre.org/software/S0311) iOS malware that affects both jailbroken and non-jailbroken iOS devices. It is also unique because it abuses private APIs in the iOS system to implement functionality. (Citation: PaloAlto-YiSpecter)",
"meta": {
"external_id": "S0311",
"mitre_platforms": [
"iOS"
],
"refs": [
"https://attack.mitre.org/software/S0311",
"https://researchcenter.paloaltonetworks.com/2015/10/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
@ -11851,6 +11908,9 @@
"description": "[HummingWhale](https://attack.mitre.org/software/S0321) is an Android malware family that performs ad fraud. (Citation: ArsTechnica-HummingWhale)",
"meta": {
"external_id": "S0321",
"mitre_platforms": [
"Android"
],
"refs": [
"https://attack.mitre.org/software/S0321",
"http://arstechnica.com/security/2017/01/virulent-android-malware-returns-gets-2-million-downloads-on-google-play/"
@ -11875,6 +11935,9 @@
"description": "[WireLurker](https://attack.mitre.org/software/S0312) is a family of macOS malware that targets iOS devices connected over USB. (Citation: PaloAlto-WireLurker)",
"meta": {
"external_id": "S0312",
"mitre_platforms": [
"iOS"
],
"refs": [
"https://attack.mitre.org/software/S0312",
"https://researchcenter.paloaltonetworks.com/2014/11/wirelurker-new-era-os-x-ios-malware/"
@ -13935,6 +13998,9 @@
"description": "[PJApps](https://attack.mitre.org/software/S0291) is an Android malware family. (Citation: Lookout-EnterpriseApps)",
"meta": {
"external_id": "S0291",
"mitre_platforms": [
"Android"
],
"refs": [
"https://attack.mitre.org/software/S0291",
"https://blog.lookout.com/blog/2016/05/25/spoofed-apps/"
@ -13973,6 +14039,9 @@
"description": "[RuMMS](https://attack.mitre.org/software/S0313) is an Android malware family. (Citation: FireEye-RuMMS)",
"meta": {
"external_id": "S0313",
"mitre_platforms": [
"Android"
],
"refs": [
"https://attack.mitre.org/software/S0313",
"https://www.fireeye.com/blog/threat-research/2016/04/rumms-android-malware.html"
@ -14224,6 +14293,10 @@
"description": "[DualToy](https://attack.mitre.org/software/S0315) is Windows malware that installs malicious applications onto Android and iOS devices connected over USB. (Citation: PaloAlto-DualToy)",
"meta": {
"external_id": "S0315",
"mitre_platforms": [
"Android",
"iOS"
],
"refs": [
"https://attack.mitre.org/software/S0315",
"https://researchcenter.paloaltonetworks.com/2016/09/dualtoy-new-windows-trojan-sideloads-risky-apps-to-android-and-ios-devices/"
@ -14769,6 +14842,9 @@
"description": "[Marcher](https://attack.mitre.org/software/S0317) is Android malware that is used for financial fraud. (Citation: Proofpoint-Marcher)",
"meta": {
"external_id": "S0317",
"mitre_platforms": [
"Android"
],
"refs": [
"https://attack.mitre.org/software/S0317",
"https://www.proofpoint.com/us/threat-insight/post/credential-phishing-and-android-banking-trojan-combine-austrian-mobile-attacks"
@ -14864,6 +14940,9 @@
"description": "[XLoader](https://attack.mitre.org/software/S0318) is a malicious Android app that was observed targeting Japan, Korea, China, Taiwan, and Hong Kong in 2018. (Citation: TrendMicro-XLoader)",
"meta": {
"external_id": "S0318",
"mitre_platforms": [
"Android"
],
"refs": [
"https://attack.mitre.org/software/S0318",
"https://blog.trendmicro.com/trendlabs-security-intelligence/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing/"
@ -14909,6 +14988,9 @@
"description": "[Allwinner](https://attack.mitre.org/software/S0319) is a company that supplies processors used in Android tablets and other devices. A Linux kernel distributed by [Allwinner](https://attack.mitre.org/software/S0319) for use on these devices reportedly contained a backdoor. (Citation: HackerNews-Allwinner)",
"meta": {
"external_id": "S0319",
"mitre_platforms": [
"Android"
],
"refs": [
"https://attack.mitre.org/software/S0319",
"https://thehackernews.com/2016/05/android-kernal-exploit.html"
@ -17652,6 +17734,9 @@
"description": "[HummingBad](https://attack.mitre.org/software/S0322) is a family of Android malware that generates fraudulent advertising revenue and has the ability to obtain root access on older, vulnerable versions of Android. (Citation: ArsTechnica-HummingBad)",
"meta": {
"external_id": "S0322",
"mitre_platforms": [
"Android"
],
"refs": [
"https://attack.mitre.org/software/S0322",
"http://arstechnica.com/security/2016/07/virulent-auto-rooting-malware-takes-control-of-10-million-android-devices/"
@ -18079,6 +18164,9 @@
"description": "[AndroRAT](https://attack.mitre.org/software/S0292) is malware that allows a third party to control the device and collect information. (Citation: Lookout-EnterpriseApps)",
"meta": {
"external_id": "S0292",
"mitre_platforms": [
"Android"
],
"refs": [
"https://attack.mitre.org/software/S0292",
"https://blog.lookout.com/blog/2016/05/25/spoofed-apps/"
@ -18251,6 +18339,9 @@
"description": "[Charger](https://attack.mitre.org/software/S0323) is Android malware that steals steals contacts and SMS messages from the user's device. It can also lock the device and demand ransom payment if it receives admin permissions. (Citation: CheckPoint-Charger)",
"meta": {
"external_id": "S0323",
"mitre_platforms": [
"Android"
],
"refs": [
"https://attack.mitre.org/software/S0323",
"http://blog.checkpoint.com/2017/01/24/charger-malware/"
@ -18490,6 +18581,9 @@
"description": "[SpyDealer](https://attack.mitre.org/software/S0324) is Android malware that exfiltrates sensitive data from Android devices. (Citation: PaloAlto-SpyDealer)",
"meta": {
"external_id": "S0324",
"mitre_platforms": [
"Android"
],
"refs": [
"https://attack.mitre.org/software/S0324",
"https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/"
@ -18731,6 +18825,9 @@
"description": "[Judy](https://attack.mitre.org/software/S0325) is auto-clicking adware that was distributed through multiple apps in the Google Play Store. (Citation: CheckPoint-Judy)",
"meta": {
"external_id": "S0325",
"mitre_platforms": [
"Android"
],
"refs": [
"https://attack.mitre.org/software/S0325",
"https://blog.checkpoint.com/2017/05/25/judy-malware-possibly-largest-malware-campaign-found-google-play/"
@ -18901,6 +18998,9 @@
"description": "[RedDrop](https://attack.mitre.org/software/S0326) is an Android malware family that exfiltrates sensitive data from devices. (Citation: Wandera-RedDrop)",
"meta": {
"external_id": "S0326",
"mitre_platforms": [
"Android"
],
"refs": [
"https://attack.mitre.org/software/S0326",
"https://www.wandera.com/reddrop-malware/"
@ -19342,6 +19442,9 @@
"description": "[Skygofree](https://attack.mitre.org/software/S0327) is Android spyware that is believed to have been developed in 2014 and used through at least 2017. (Citation: Kaspersky-Skygofree)",
"meta": {
"external_id": "S0327",
"mitre_platforms": [
"Android"
],
"refs": [
"https://attack.mitre.org/software/S0327",
"https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/"
@ -19605,6 +19708,9 @@
"description": "[BrainTest](https://attack.mitre.org/software/S0293) is a family of Android malware. (Citation: CheckPoint-BrainTest) (Citation: Lookout-BrainTest)",
"meta": {
"external_id": "S0293",
"mitre_platforms": [
"Android"
],
"refs": [
"https://attack.mitre.org/software/S0293",
"http://blog.checkpoint.com/2015/09/21/braintest-a-new-level-of-sophistication-in-mobile-malware/",
@ -19840,6 +19946,9 @@
"description": "[Tangelo](https://attack.mitre.org/software/S0329) is iOS malware that is believed to be from the same developers as the [Stealth Mango](https://attack.mitre.org/software/S0328) Android malware. It is not a mobile application, but rather a Debian package that can only run on jailbroken iOS devices. (Citation: Lookout-StealthMango)",
"meta": {
"external_id": "S0329",
"mitre_platforms": [
"iOS"
],
"refs": [
"https://attack.mitre.org/software/S0329",
"https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
@ -20830,6 +20939,9 @@
"description": "[ShiftyBug](https://attack.mitre.org/software/S0294) is an auto-rooting adware family of malware for Android. The family is very similar to the other Android families known as Shedun, Shuanet, Kemoge, though it is not believed all the families were created by the same group. (Citation: Lookout-Adware)",
"meta": {
"external_id": "S0294",
"mitre_platforms": [
"Android"
],
"refs": [
"https://attack.mitre.org/software/S0294",
"https://blog.lookout.com/blog/2015/11/04/trojanized-adware/"
@ -21488,6 +21600,9 @@
"description": "[OldBoot](https://attack.mitre.org/software/S0285) is an Android malware family. (Citation: HackerNews-OldBoot)",
"meta": {
"external_id": "S0285",
"mitre_platforms": [
"Android"
],
"refs": [
"https://attack.mitre.org/software/S0285",
"http://thehackernews.com/2014/01/first-widely-distributed-android.html"
@ -21574,6 +21689,9 @@
"description": "[RCSAndroid](https://attack.mitre.org/software/S0295) is Android malware. (Citation: TrendMicro-RCSAndroid)",
"meta": {
"external_id": "S0295",
"mitre_platforms": [
"Android"
],
"refs": [
"https://attack.mitre.org/software/S0295",
"http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/"
@ -22071,6 +22189,9 @@
"description": "OBAD is an Android malware family. (Citation: TrendMicro-Obad)",
"meta": {
"external_id": "S0286",
"mitre_platforms": [
"Android"
],
"refs": [
"https://attack.mitre.org/software/S0286",
"http://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-improve-android-malware-stealth-routines-with-obad/"
@ -22421,6 +22542,9 @@
"description": "[ZergHelper](https://attack.mitre.org/software/S0287) is iOS riskware that was unique due to its apparent evasion of Apple's App Store review process. No malicious functionality was identified in the app, but it presents security risks. (Citation: Xiao-ZergHelper)",
"meta": {
"external_id": "S0287",
"mitre_platforms": [
"iOS"
],
"refs": [
"https://attack.mitre.org/software/S0287",
"http://researchcenter.paloaltonetworks.com/2016/02/pirated-ios-app-stores-client-successfully-evaded-apple-ios-code-review/"
@ -22536,6 +22660,9 @@
"description": "[XcodeGhost](https://attack.mitre.org/software/S0297) is iOS malware that infected at least 39 iOS apps in 2015 and potentially affected millions of users. (Citation: PaloAlto-XcodeGhost1) (Citation: PaloAlto-XcodeGhost)",
"meta": {
"external_id": "S0297",
"mitre_platforms": [
"iOS"
],
"refs": [
"https://attack.mitre.org/software/S0297",
"http://researchcenter.paloaltonetworks.com/2015/09/novel-malware-xcodeghost-modifies-xcode-infects-apple-ios-apps-and-hits-app-store/",
@ -22686,6 +22813,9 @@
"description": "[KeyRaider](https://attack.mitre.org/software/S0288) is malware that steals Apple account credentials and other data from jailbroken iOS devices. It also has ransomware functionality. (Citation: Xiao-KeyRaider)",
"meta": {
"external_id": "S0288",
"mitre_platforms": [
"iOS"
],
"refs": [
"https://attack.mitre.org/software/S0288",
"http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-over-225000-apple-accounts-to-create-free-app-utopia/"
@ -22724,6 +22854,9 @@
"description": "[NotCompatible](https://attack.mitre.org/software/S0299) is an Android malware family that was used between at least 2014 and 2016. It has multiple variants that have become more sophisticated over time. (Citation: Lookout-NotCompatible)",
"meta": {
"external_id": "S0299",
"mitre_platforms": [
"Android"
],
"refs": [
"https://attack.mitre.org/software/S0299",
"https://blog.lookout.com/blog/2014/11/19/notcompatible/"
@ -22745,5 +22878,5 @@
"value": "NotCompatible - S0299"
}
],
"version": 10
"version": 11
}

5
clusters/mitre-tool.json
View File

@ -2542,6 +2542,9 @@
"description": "[Xbot](https://attack.mitre.org/software/S0298) is an Android malware family that was observed in 2016 primarily targeting Android users in Russia and Australia. (Citation: PaloAlto-Xbot)",
"meta": {
"external_id": "S0298",
"mitre_platforms": [
"Android"
],
"refs": [
"https://attack.mitre.org/software/S0298",
"http://researchcenter.paloaltonetworks.com/2016/02/new-android-trojan-xbot-phishes-credit-cards-and-bank-accounts-encrypts-devices-for-ransom/"
@ -2605,5 +2608,5 @@
"value": "Xbot - S0298"
}
],
"version": 9
"version": 10
}