From 1e90cac7175f0c06a2afdba230f25e80662fccd1 Mon Sep 17 00:00:00 2001 From: Christophe Vandeplas Date: Wed, 17 Oct 2018 16:59:01 +0200 Subject: [PATCH] fix: intrusion is an actor and not a tool --- clusters/android.json | 55 +---- clusters/banker.json | 72 +------ clusters/botnet.json | 74 +------ clusters/exploit-kit.json | 25 +-- clusters/malpedia.json | 132 ++---------- ...mitre-enterprise-attack-intrusion-set.json | 93 ++++++++- clusters/mitre-enterprise-attack-malware.json | 114 ++++------- clusters/mitre-intrusion-set.json | 149 +++++++++++++- clusters/mitre-malware.json | 107 ++++------ .../mitre-mobile-attack-intrusion-set.json | 48 +---- clusters/mitre-pre-attack-intrusion-set.json | 9 +- clusters/ransomware.json | 54 +---- clusters/rat.json | 23 ++- clusters/threat-actor.json | 144 ++++++------- clusters/tool.json | 190 +++++++++++++----- tools/gen_mapping.py | 2 +- 16 files changed, 591 insertions(+), 700 deletions(-) diff --git a/clusters/android.json b/clusters/android.json index 4dadc9f..c84eeae 100644 --- a/clusters/android.json +++ b/clusters/android.json @@ -138,13 +138,6 @@ ] }, "related": [ - { - "dest-uuid": "a6f481fe-b6db-4507-bb3c-28f10d800e2f", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "b8fa5036-813f-4887-b4d4-bb17b4a7eba0", "tags": [ @@ -3802,7 +3795,7 @@ }, "related": [ { - "dest-uuid": "60c18d06-7b91-4742-bae3-647845cd9d81", + "dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], @@ -3821,41 +3814,6 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" - }, - { - "dest-uuid": "8ae43c46-57ef-47d5-a77a-eebb35628db2", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "d26b5518-8d7f-41a6-b539-231e4962853e", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "6bd20349-1231-4aaa-ba2a-f4b09d3b344c", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" } ], "uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729", @@ -4605,15 +4563,6 @@ "https://researchcenter.paloaltonetworks.com/2018/04/unit42-henbox-inside-coop/" ] }, - "related": [ - { - "dest-uuid": "36ee04f4-a9df-11e8-b92b-d7ddfd3a8896", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - } - ], "uuid": "72c37e24-4ead-11e8-8f08-db3ec8f8db86§", "value": "HenBox" }, @@ -4676,5 +4625,5 @@ "value": "Triout" } ], - "version": 15 + "version": 16 } diff --git a/clusters/banker.json b/clusters/banker.json index 8820196..0937e4f 100644 --- a/clusters/banker.json +++ b/clusters/banker.json @@ -99,26 +99,12 @@ ], "type": "similar" }, - { - "dest-uuid": "7ca93488-c357-44c3-b246-3f88391aca5a", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "b4216929-1626-4444-bdd7-bfd4b68a766e", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" - }, - { - "dest-uuid": "66781866-f064-467d-925d-5e5f290352f0", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" } ], "uuid": "44754726-e1d5-4e5f-a113-234c4a8ca65e", @@ -200,13 +186,6 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" - }, - { - "dest-uuid": "0f96a666-bf26-44e0-8ad6-f2136208c924", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" } ], "uuid": "ffbbbc14-1cdb-4be9-a631-ed53c5407369", @@ -241,13 +220,6 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" - }, - { - "dest-uuid": "ffbbbc14-1cdb-4be9-a631-ed53c5407369", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" } ], "uuid": "0f96a666-bf26-44e0-8ad6-f2136208c924", @@ -480,13 +452,6 @@ ] }, "related": [ - { - "dest-uuid": "96b2b31e-b191-43c4-9929-48ba1cbee62c", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "75f53ead-1aee-4f91-8cb9-b4170d747cfc", "tags": [ @@ -559,20 +524,6 @@ ], "type": "similar" }, - { - "dest-uuid": "44754726-e1d5-4e5f-a113-234c4a8ca65e", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "b4216929-1626-4444-bdd7-bfd4b68a766e", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "66781866-f064-467d-925d-5e5f290352f0", "tags": [ @@ -643,13 +594,6 @@ ], "type": "similar" }, - { - "dest-uuid": "6e1168e6-7768-4fa2-951f-6d6934531633", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "2ccaccd0-8362-4224-8497-2012e7cc7549", "tags": [ @@ -757,13 +701,6 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" - }, - { - "dest-uuid": "e159c4f8-3c22-49f9-a60a-16588a9c22b0", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" } ], "uuid": "87b69cb4-8b65-47ee-91b0-9b1decdd5c5c", @@ -1000,13 +937,6 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" - }, - { - "dest-uuid": "87b69cb4-8b65-47ee-91b0-9b1decdd5c5c", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" } ], "uuid": "e159c4f8-3c22-49f9-a60a-16588a9c22b0", @@ -1244,5 +1174,5 @@ "value": "CamuBot" } ], - "version": 14 + "version": 15 } diff --git a/clusters/botnet.json b/clusters/botnet.json index dee8b15..47a56be 100644 --- a/clusters/botnet.json +++ b/clusters/botnet.json @@ -195,20 +195,6 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" - }, - { - "dest-uuid": "b2ec1f16-2a76-4910-adc5-ecb3570e7c1a", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "2ccaccd0-8362-4224-8497-2012e7cc7549", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" } ], "uuid": "6e1168e6-7768-4fa2-951f-6d6934531633", @@ -721,20 +707,6 @@ ], "type": "similar" }, - { - "dest-uuid": "f24ad5ca-04c5-4cd0-bd72-209ebce4fdbc", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "variant-of" - }, - { - "dest-uuid": "025ab0ce-bffc-11e8-be19-d70ec22c5d56", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "variant-of" - }, { "dest-uuid": "17e12216-a303-4a00-8283-d3fe92d0934c", "tags": [ @@ -877,27 +849,6 @@ ] }, "related": [ - { - "dest-uuid": "fcdfd4af-da35-49a8-9610-19be8a487185", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "variant-of" - }, - { - "dest-uuid": "dcbf1aaa-1fdd-4bfc-a35e-145ffdfb5ac5", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "variant-of" - }, - { - "dest-uuid": "025ab0ce-bffc-11e8-be19-d70ec22c5d56", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "variant-of" - }, { "dest-uuid": "ec67f206-6464-48cf-a012-3cdfc1278488", "tags": [ @@ -1085,29 +1036,6 @@ "Mirai Sora" ] }, - "related": [ - { - "dest-uuid": "fcdfd4af-da35-49a8-9610-19be8a487185", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "variant-of" - }, - { - "dest-uuid": "dcbf1aaa-1fdd-4bfc-a35e-145ffdfb5ac5", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "variant-of" - }, - { - "dest-uuid": "f24ad5ca-04c5-4cd0-bd72-209ebce4fdbc", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "variant-of" - } - ], "uuid": "025ab0ce-bffc-11e8-be19-d70ec22c5d56", "value": "Sora" }, @@ -1151,5 +1079,5 @@ "value": "Persirai" } ], - "version": 16 + "version": 17 } diff --git a/clusters/exploit-kit.json b/clusters/exploit-kit.json index fb1d618..43bb6ce 100644 --- a/clusters/exploit-kit.json +++ b/clusters/exploit-kit.json @@ -53,15 +53,6 @@ "Fallout" ] }, - "related": [ - { - "dest-uuid": "5920464b-e093-4fa0-a275-438dffef228f", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "dropped" - } - ], "uuid": "1f05f646-5af6-4a95-825b-164f49616aa4", "value": "Fallout" }, @@ -280,20 +271,6 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" - }, - { - "dest-uuid": "5594b171-32ec-4145-b712-e7701effffdd", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "5eee35b6-bd21-4b67-b198-e9320fcf2c88", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" } ], "uuid": "96b2b31e-b191-43c4-9929-48ba1cbee62c", @@ -761,5 +738,5 @@ "value": "Unknown" } ], - "version": 11 + "version": 12 } diff --git a/clusters/malpedia.json b/clusters/malpedia.json index 95aadce..721cca0 100644 --- a/clusters/malpedia.json +++ b/clusters/malpedia.json @@ -495,13 +495,6 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" - }, - { - "dest-uuid": "fbda9705-677b-4c5b-9b0b-13b52eff587c", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" } ], "uuid": "a6f481fe-b6db-4507-bb3c-28f10d800e2f", @@ -2812,13 +2805,6 @@ ], "type": "similar" }, - { - "dest-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a", "tags": [ @@ -2840,26 +2826,12 @@ ], "type": "similar" }, - { - "dest-uuid": "60c18d06-7b91-4742-bae3-647845cd9d81", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "6bd20349-1231-4aaa-ba2a-f4b09d3b344c", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" - }, - { - "dest-uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" } ], "uuid": "d26b5518-8d7f-41a6-b539-231e4962853e", @@ -5280,6 +5252,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "276c2c2e-09da-44cf-a3f7-806b3feb41da", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "16794655-c0e2-4510-9169-f862df104045", @@ -7481,20 +7460,6 @@ "type": [] }, "related": [ - { - "dest-uuid": "276c2c2e-09da-44cf-a3f7-806b3feb41da", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "66781866-f064-467d-925d-5e5f290352f0", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "44754726-e1d5-4e5f-a113-234c4a8ca65e", "tags": [ @@ -7503,7 +7468,7 @@ "type": "similar" }, { - "dest-uuid": "7ca93488-c357-44c3-b246-3f88391aca5a", + "dest-uuid": "276c2c2e-09da-44cf-a3f7-806b3feb41da", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], @@ -8294,20 +8259,6 @@ ], "type": "similar" }, - { - "dest-uuid": "b4216929-1626-4444-bdd7-bfd4b68a766e", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "44754726-e1d5-4e5f-a113-234c4a8ca65e", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "7ca93488-c357-44c3-b246-3f88391aca5a", "tags": [ @@ -9558,13 +9509,6 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" - }, - { - "dest-uuid": "cd201689-4bf1-4c5b-ac4d-21c4dcc39e7d", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" } ], "uuid": "4166ab63-24b0-4448-92ea-21c8deef978d", @@ -9609,13 +9553,6 @@ "type": [] }, "related": [ - { - "dest-uuid": "083bb47b-02c8-4423-81a2-f9ef58572974", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "d7183f66-59ec-4803-be20-237b442259fc", "tags": [ @@ -10716,6 +10653,13 @@ "type": [] }, "related": [ + { + "dest-uuid": "2a16a1d4-a098-4f17-80f3-3cfc6c60b539", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "74167065-90b3-4c29-807a-79b6f098e45b", "tags": [ @@ -14000,13 +13944,6 @@ ], "type": "similar" }, - { - "dest-uuid": "4166ab63-24b0-4448-92ea-21c8deef978d", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "652b5242-b790-4695-ad0e-b79bbf78f351", "tags": [ @@ -14475,13 +14412,6 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" - }, - { - "dest-uuid": "6e1168e6-7768-4fa2-951f-6d6934531633", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" } ], "uuid": "2ccaccd0-8362-4224-8497-2012e7cc7549", @@ -16075,7 +16005,7 @@ "type": "similar" }, { - "dest-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", + "dest-uuid": "d26b5518-8d7f-41a6-b539-231e4962853e", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], @@ -16101,27 +16031,6 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" - }, - { - "dest-uuid": "60c18d06-7b91-4742-bae3-647845cd9d81", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "d26b5518-8d7f-41a6-b539-231e4962853e", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" } ], "uuid": "6bd20349-1231-4aaa-ba2a-f4b09d3b344c", @@ -17669,13 +17578,6 @@ "type": [] }, "related": [ - { - "dest-uuid": "96b2b31e-b191-43c4-9929-48ba1cbee62c", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "75f53ead-1aee-4f91-8cb9-b4170d747cfc", "tags": [ @@ -19976,5 +19878,5 @@ "value": "Zyklon" } ], - "version": 1650 + "version": 1651 } diff --git a/clusters/mitre-enterprise-attack-intrusion-set.json b/clusters/mitre-enterprise-attack-intrusion-set.json index bfacbdb..b256c4b 100644 --- a/clusters/mitre-enterprise-attack-intrusion-set.json +++ b/clusters/mitre-enterprise-attack-intrusion-set.json @@ -290,6 +290,13 @@ ] }, "related": [ + { + "dest-uuid": "99e30d89-9361-4b73-a999-9e5ff9320bcb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "24110866-cb22-4c85-a7d2-0413e126694b", "tags": [ @@ -297,6 +304,13 @@ ], "type": "similar" }, + { + "dest-uuid": "a0cb9370-e39b-44d5-9f50-ef78e412b973", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "090242d7-73fc-4738-af68-20162f7a5aae", "tags": [ @@ -350,6 +364,13 @@ ], "type": "similar" }, + { + "dest-uuid": "103ebfd8-4280-4027-b61a-69bd9967ad6c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0", "tags": [ @@ -659,6 +680,13 @@ ], "type": "similar" }, + { + "dest-uuid": "b96e02f1-4037-463f-b158-5a964352f8d9", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13", "tags": [ @@ -810,6 +838,13 @@ ], "type": "similar" }, + { + "dest-uuid": "f3bdec95-3d62-42d9-a840-29630f6cdc1a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "519630c5-f03f-4882-825c-3af924935817", "tags": [ @@ -884,6 +919,13 @@ ] }, "related": [ + { + "dest-uuid": "2e5d3a83-fe00-41a5-9b60-237efc84832f", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "a9b44750-992c-4743-8922-129880d277ea", "tags": [ @@ -1179,6 +1221,13 @@ ], "type": "similar" }, + { + "dest-uuid": "f047ee18-7985-4946-8bfb-4ed754d3a0dd", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "5a63f900-5e7e-4928-a746-dd4558e1df71", "tags": [ @@ -1343,6 +1392,13 @@ ] }, "related": [ + { + "dest-uuid": "2a158b0a-7ef8-43cb-9985-bf34d1e12050", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "2f1fd017-9df6-4759-91fb-e7039609b5ff", "tags": [ @@ -1468,6 +1524,13 @@ ], "type": "similar" }, + { + "dest-uuid": "55033a4d-3ffe-46b2-99b4-2c1541e9ce1c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9", "tags": [ @@ -2059,6 +2122,20 @@ ] }, "related": [ + { + "dest-uuid": "c5947e1c-1cbc-434c-94b8-27c7e3be0fff", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "99e30d89-9361-4b73-a999-9e5ff9320bcb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "24110866-cb22-4c85-a7d2-0413e126694b", "tags": [ @@ -2159,6 +2236,13 @@ ], "type": "similar" }, + { + "dest-uuid": "b96e02f1-4037-463f-b158-5a964352f8d9", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ @@ -2257,6 +2341,13 @@ ] }, "related": [ + { + "dest-uuid": "3753cc21-2dae-4dfb-8481-d004e74502cc", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "00220228-a5a4-4032-a30d-826bb55aa3fb", "tags": [ @@ -2460,5 +2551,5 @@ "value": "Gamaredon Group - G0047" } ], - "version": 6 + "version": 7 } diff --git a/clusters/mitre-enterprise-attack-malware.json b/clusters/mitre-enterprise-attack-malware.json index 4130409..1306a7d 100644 --- a/clusters/mitre-enterprise-attack-malware.json +++ b/clusters/mitre-enterprise-attack-malware.json @@ -370,13 +370,6 @@ ], "type": "similar" }, - { - "dest-uuid": "c04fc02e-f35a-44b6-a9b0-732bf2fc551a", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ @@ -1560,6 +1553,27 @@ ], "type": "similar" }, + { + "dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "1de47f51-1f20-403b-a2e1-5eaabe275faa", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "3948ce95-468e-4ce1-82b1-57439c6d6afd", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", "tags": [ @@ -1869,6 +1883,13 @@ ], "type": "similar" }, + { + "dest-uuid": "e336aeba-b61a-44e0-a0df-cd52a5839db5", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "7789fc1b-3cbc-4a1c-8ef0-8b06760f93e7", "tags": [ @@ -3620,6 +3641,13 @@ ], "type": "similar" }, + { + "dest-uuid": "0a52e73b-d7e9-45ae-9bda-46568f753931", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ @@ -4007,48 +4035,6 @@ ], "type": "similar" }, - { - "dest-uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "8ae43c46-57ef-47d5-a77a-eebb35628db2", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "d26b5518-8d7f-41a6-b539-231e4962853e", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "6bd20349-1231-4aaa-ba2a-f4b09d3b344c", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ @@ -4630,6 +4616,13 @@ ], "type": "similar" }, + { + "dest-uuid": "da079741-05e6-458c-b434-011263dc691c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", "tags": [ @@ -5821,13 +5814,6 @@ ] }, "related": [ - { - "dest-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a", "tags": [ @@ -5849,20 +5835,6 @@ ], "type": "similar" }, - { - "dest-uuid": "60c18d06-7b91-4742-bae3-647845cd9d81", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "d26b5518-8d7f-41a6-b539-231e4962853e", "tags": [ @@ -5913,5 +5885,5 @@ "value": "ELMER - S0064" } ], - "version": 7 + "version": 8 } diff --git a/clusters/mitre-intrusion-set.json b/clusters/mitre-intrusion-set.json index 88298f5..c71799d 100644 --- a/clusters/mitre-intrusion-set.json +++ b/clusters/mitre-intrusion-set.json @@ -177,6 +177,13 @@ "uuid": "c5947e1c-1cbc-434c-94b8-27c7e3be0fff" }, "related": [ + { + "dest-uuid": "99e30d89-9361-4b73-a999-9e5ff9320bcb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "24110866-cb22-4c85-a7d2-0413e126694b", "tags": [ @@ -184,6 +191,13 @@ ], "type": "similar" }, + { + "dest-uuid": "a0cb9370-e39b-44d5-9f50-ef78e412b973", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "090242d7-73fc-4738-af68-20162f7a5aae", "tags": [ @@ -228,6 +242,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "103ebfd8-4280-4027-b61a-69bd9967ad6c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "value": "Deep Panda" @@ -418,6 +439,13 @@ ], "type": "similar" }, + { + "dest-uuid": "b96e02f1-4037-463f-b158-5a964352f8d9", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13", "tags": [ @@ -495,6 +523,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "f3bdec95-3d62-42d9-a840-29630f6cdc1a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "value": "Moafee" @@ -555,6 +590,13 @@ "uuid": "f3bdec95-3d62-42d9-a840-29630f6cdc1a" }, "related": [ + { + "dest-uuid": "2e5d3a83-fe00-41a5-9b60-237efc84832f", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "a9b44750-992c-4743-8922-129880d277ea", "tags": [ @@ -663,6 +705,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "f047ee18-7985-4946-8bfb-4ed754d3a0dd", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "value": "Naikon" @@ -728,6 +777,13 @@ "uuid": "f047ee18-7985-4946-8bfb-4ed754d3a0dd" }, "related": [ + { + "dest-uuid": "2a158b0a-7ef8-43cb-9985-bf34d1e12050", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "2f1fd017-9df6-4759-91fb-e7039609b5ff", "tags": [ @@ -849,6 +905,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "55033a4d-3ffe-46b2-99b4-2c1541e9ce1c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "value": "FIN7" @@ -1017,6 +1080,27 @@ ], "type": "similar" }, + { + "dest-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "11e17436-6ede-4733-8547-4ce0254ea19e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "86724806-7ec9-4a48-a0a7-ecbde3bf4810", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "42be2a84-5a5c-4c6d-9864-3f09d75bb0ba", "tags": [ @@ -1024,12 +1108,54 @@ ], "type": "similar" }, + { + "dest-uuid": "d56c99fa-4710-472c-81a6-41b7a84ea4be", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "a0082cfa-32e2-42b8-92d8-5c7a7409dcf1", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "ba724df5-9aa0-45ca-8e0e-7101c208ae48", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f98bac6b-12fd-4cad-be84-c84666932232", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f873db71-3d53-41d5-b141-530675ade27a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "47204403-34c9-4d25-a006-296a0939d1a2", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "value": "OilRig" @@ -1295,6 +1421,13 @@ "uuid": "a0cb9370-e39b-44d5-9f50-ef78e412b973" }, "related": [ + { + "dest-uuid": "99e30d89-9361-4b73-a999-9e5ff9320bcb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "24110866-cb22-4c85-a7d2-0413e126694b", "tags": [ @@ -1302,6 +1435,13 @@ ], "type": "similar" }, + { + "dest-uuid": "c5947e1c-1cbc-434c-94b8-27c7e3be0fff", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "090242d7-73fc-4738-af68-20162f7a5aae", "tags": [ @@ -1326,6 +1466,13 @@ "uuid": "55033a4d-3ffe-46b2-99b4-2c1541e9ce1c" }, "related": [ + { + "dest-uuid": "3753cc21-2dae-4dfb-8481-d004e74502cc", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "00220228-a5a4-4032-a30d-826bb55aa3fb", "tags": [ @@ -1431,5 +1578,5 @@ "value": "Gamaredon Group" } ], - "version": 7 + "version": 8 } diff --git a/clusters/mitre-malware.json b/clusters/mitre-malware.json index 65d5f46..3a5e96e 100644 --- a/clusters/mitre-malware.json +++ b/clusters/mitre-malware.json @@ -263,13 +263,6 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" - }, - { - "dest-uuid": "c04fc02e-f35a-44b6-a9b0-732bf2fc551a", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" } ], "value": "Backdoor.Oldrea" @@ -458,6 +451,27 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "1de47f51-1f20-403b-a2e1-5eaabe275faa", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "3948ce95-468e-4ce1-82b1-57439c6d6afd", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "value": "Komplex" @@ -1025,6 +1039,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "e336aeba-b61a-44e0-a0df-cd52a5839db5", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "value": "PoisonIvy" @@ -1887,48 +1908,6 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" - }, - { - "dest-uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "8ae43c46-57ef-47d5-a77a-eebb35628db2", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "d26b5518-8d7f-41a6-b539-231e4962853e", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "6bd20349-1231-4aaa-ba2a-f4b09d3b344c", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" } ], "value": "CORESHELL" @@ -2172,6 +2151,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "da079741-05e6-458c-b434-011263dc691c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "value": "ComRAT" @@ -2781,13 +2767,6 @@ "uuid": "8ae43c46-57ef-47d5-a77a-eebb35628db2" }, "related": [ - { - "dest-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a", "tags": [ @@ -2809,20 +2788,6 @@ ], "type": "similar" }, - { - "dest-uuid": "60c18d06-7b91-4742-bae3-647845cd9d81", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "d26b5518-8d7f-41a6-b539-231e4962853e", "tags": [ @@ -2852,5 +2817,5 @@ "value": "ELMER" } ], - "version": 6 + "version": 7 } diff --git a/clusters/mitre-mobile-attack-intrusion-set.json b/clusters/mitre-mobile-attack-intrusion-set.json index 5ab4d71..2d563f4 100644 --- a/clusters/mitre-mobile-attack-intrusion-set.json +++ b/clusters/mitre-mobile-attack-intrusion-set.json @@ -32,56 +32,14 @@ }, "related": [ { - "dest-uuid": "8ae43c46-57ef-47d5-a77a-eebb35628db2", + "dest-uuid": "5b4ee3ea-eee3-4c8e-8323-85ae32658754", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { - "dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "1de47f51-1f20-403b-a2e1-5eaabe275faa", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "3948ce95-468e-4ce1-82b1-57439c6d6afd", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "60c18d06-7b91-4742-bae3-647845cd9d81", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "d26b5518-8d7f-41a6-b539-231e4962853e", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "6bd20349-1231-4aaa-ba2a-f4b09d3b344c", + "dest-uuid": "213cdde9-c11a-4ea9-8ce0-c868e9826fec", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], @@ -92,5 +50,5 @@ "value": "APT28 - G0007" } ], - "version": 5 + "version": 6 } diff --git a/clusters/mitre-pre-attack-intrusion-set.json b/clusters/mitre-pre-attack-intrusion-set.json index e75f561..da45a89 100644 --- a/clusters/mitre-pre-attack-intrusion-set.json +++ b/clusters/mitre-pre-attack-intrusion-set.json @@ -131,6 +131,13 @@ ], "type": "similar" }, + { + "dest-uuid": "b96e02f1-4037-463f-b158-5a964352f8d9", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13", "tags": [ @@ -326,5 +333,5 @@ "value": "APT17 - G0025" } ], - "version": 5 + "version": 6 } diff --git a/clusters/ransomware.json b/clusters/ransomware.json index 361537d..d93512c 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -3290,15 +3290,6 @@ "https://www.bleepingcomputer.com/news/security/new-bip-dharma-ransomware-variant-released/" ] }, - "related": [ - { - "dest-uuid": "15a30d84-4f5f-4b75-a162-e36107d30215", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - } - ], "uuid": "2b365b2c-4a9a-4b66-804d-3b2d2814fe7b", "value": "Dharma Ransomware" }, @@ -5543,15 +5534,6 @@ "crjoker.html" ] }, - "related": [ - { - "dest-uuid": "10f92054-b028-11e8-a51f-2f82236ac72d", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - } - ], "uuid": "2fb307a2-8752-4521-8973-75b68703030d", "value": "CryptoJoker" }, @@ -9483,15 +9465,6 @@ "CrySiS" ] }, - "related": [ - { - "dest-uuid": "2b365b2c-4a9a-4b66-804d-3b2d2814fe7b", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - } - ], "uuid": "15a30d84-4f5f-4b75-a162-e36107d30215", "value": "Virus-Encoder" }, @@ -9891,6 +9864,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "00c31914-bc0e-11e8-8241-3ff3b5e4671d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "e8af6388-6575-4812-94a8-9df1567294c5", @@ -10094,15 +10074,6 @@ "https://www.bleepingcomputer.com/news/security/gandcrab-v5-ransomware-utilizing-the-alpc-task-scheduler-exploit/" ] }, - "related": [ - { - "dest-uuid": "1f05f646-5af6-4a95-825b-164f49616aa4", - "tags": [ - "estimative-language:likelihood-probability=\"almost-certain\"" - ], - "type": "dropped-by" - } - ], "uuid": "5920464b-e093-4fa0-a275-438dffef228f", "value": "GandCrab" }, @@ -10947,15 +10918,6 @@ "https://twitter.com/malwrhunterteam/status/1034492151541977088" ] }, - "related": [ - { - "dest-uuid": "2fb307a2-8752-4521-8973-75b68703030d", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - } - ], "uuid": "10f92054-b028-11e8-a51f-2f82236ac72d", "value": "CryptoNar" }, @@ -11119,5 +11081,5 @@ "value": "SAVEfiles" } ], - "version": 38 + "version": 39 } diff --git a/clusters/rat.json b/clusters/rat.json index 8645936..469c940 100644 --- a/clusters/rat.json +++ b/clusters/rat.json @@ -105,6 +105,13 @@ ], "type": "similar" }, + { + "dest-uuid": "e336aeba-b61a-44e0-a0df-cd52a5839db5", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "7789fc1b-3cbc-4a1c-8ef0-8b06760f93e7", "tags": [ @@ -1827,6 +1834,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "da079741-05e6-458c-b434-011263dc691c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "9223bf17-7e32-4833-9574-9ffd8c929765", @@ -3034,6 +3048,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "0a52e73b-d7e9-45ae-9bda-46568f753931", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "e0bea149-2def-484f-b658-f782a4f94815", @@ -3255,5 +3276,5 @@ "value": "NukeSped" } ], - "version": 19 + "version": 20 } diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index b14dbfb..08db97f 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -127,6 +127,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "a653431d-6a5e-4600-8ad3-609b5af57064", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "103ebfd8-4280-4027-b61a-69bd9967ad6c", @@ -476,7 +483,14 @@ "type": "similar" }, { - "dest-uuid": "9cebfaa8-a797-11e8-99e0-3ffa312b9a10", + "dest-uuid": "c5947e1c-1cbc-434c-94b8-27c7e3be0fff", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "a0cb9370-e39b-44d5-9f50-ef78e412b973", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], @@ -628,13 +642,6 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" - }, - { - "dest-uuid": "9cebfaa8-a797-11e8-99e0-3ffa312b9a10", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" } ], "uuid": "24110866-cb22-4c85-a7d2-0413e126694b", @@ -1111,15 +1118,6 @@ "Royal APT" ] }, - "related": [ - { - "dest-uuid": "9cebfaa8-a797-11e8-99e0-3ffa312b9a10", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - } - ], "uuid": "3501fbf2-098f-47e7-be6a-6b0ff5742ce8", "value": "Mirage" }, @@ -1542,6 +1540,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "b96e02f1-4037-463f-b158-5a964352f8d9", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "ba724df5-9aa0-45ca-8e0e-7101c208ae48", @@ -1613,6 +1618,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "b96e02f1-4037-463f-b158-5a964352f8d9", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "11e17436-6ede-4733-8547-4ce0254ea19e", @@ -1718,6 +1730,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "b96e02f1-4037-463f-b158-5a964352f8d9", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "f98bac6b-12fd-4cad-be84-c84666932232", @@ -1815,7 +1834,7 @@ { "dest-uuid": "ba724df5-9aa0-45ca-8e0e-7101c208ae48", "tags": [ - "estimative-language:likelihood-probability=\"very-likely\"" + "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, @@ -1867,6 +1886,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "b96e02f1-4037-463f-b158-5a964352f8d9", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "f873db71-3d53-41d5-b141-530675ade27a", @@ -1955,6 +1981,13 @@ ], "type": "similar" }, + { + "dest-uuid": "b96e02f1-4037-463f-b158-5a964352f8d9", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13", "tags": [ @@ -3634,6 +3667,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "b96e02f1-4037-463f-b158-5a964352f8d9", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "47204403-34c9-4d25-a006-296a0939d1a2", @@ -4580,6 +4620,13 @@ ], "type": "similar" }, + { + "dest-uuid": "b96e02f1-4037-463f-b158-5a964352f8d9", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13", "tags": [ @@ -5603,29 +5650,6 @@ "https://www.cfr.org/interactive/cyber-operations/winnti-umbrella" ] }, - "related": [ - { - "dest-uuid": "24110866-cb22-4c85-a7d2-0413e126694b", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "99e30d89-9361-4b73-a999-9e5ff9320bcb", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "3501fbf2-098f-47e7-be6a-6b0ff5742ce8", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - } - ], "uuid": "9cebfaa8-a797-11e8-99e0-3ffa312b9a10", "value": "Winnti Umbrella" }, @@ -5645,15 +5669,6 @@ "https://www.cfr.org/interactive/cyber-operations/henbox" ] }, - "related": [ - { - "dest-uuid": "72c37e24-4ead-11e8-8f08-db3ec8f8db86§", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - } - ], "uuid": "36ee04f4-a9df-11e8-b92b-d7ddfd3a8896", "value": "HenBox" }, @@ -5812,15 +5827,6 @@ "the Rocra" ] }, - "related": [ - { - "dest-uuid": "1572f618-bcb3-11e8-841b-1fd7f9cfe126", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "same-as" - } - ], "uuid": "358b8982-bcaa-11e8-8a5b-4b618197c5b0", "value": "Red October" }, @@ -5844,15 +5850,6 @@ "https://www.cfr.org/interactive/cyber-operations/cloud-atlas" ] }, - "related": [ - { - "dest-uuid": "358b8982-bcaa-11e8-8a5b-4b618197c5b0", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "same-as" - } - ], "uuid": "1572f618-bcb3-11e8-841b-1fd7f9cfe126", "value": "Cloud Atlas" }, @@ -5916,18 +5913,9 @@ }, { "description": "Treasury has identified a sophisticated cyber-enabled ATM cash out campaign we are calling FASTCash. FASTCash has been active since late 2016 targeting banks in Africa and Asia to remotely compromise payment switch application servers within banks to facilitate fraudulent transactions, primarily involving ATMs, to steal cash equivalent to tens of millions of dollars. FBI has attributed malware used in this campaign to the North Korean government. We expect FASTCash to continue targeting retail payment systems vulnerable to remote exploitation.", - "related": [ - { - "dest-uuid": "e306fe62-c708-11e8-89f2-073e396e5403", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - } - ], "uuid": "e38d32a2-c708-11e8-8785-472c4cfccd85", "value": "FASTCash" } ], - "version": 70 + "version": 71 } diff --git a/clusters/tool.json b/clusters/tool.json index e3b5b0e..e094d14 100644 --- a/clusters/tool.json +++ b/clusters/tool.json @@ -160,6 +160,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "e336aeba-b61a-44e0-a0df-cd52a5839db5", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "2abe89de-46dd-4dae-ae22-b49a593aff54", @@ -833,6 +840,20 @@ ] }, "related": [ + { + "dest-uuid": "9223bf17-7e32-4833-9574-9ffd8c929765", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "da5880b4-f7da-4869-85f2-e0aba84b8565", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "d9cc15f7-0880-4ae4-8df4-87c58338d6b8", "tags": [ @@ -1167,7 +1188,7 @@ "type": "similar" }, { - "dest-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", + "dest-uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], @@ -1188,14 +1209,14 @@ "type": "similar" }, { - "dest-uuid": "60c18d06-7b91-4742-bae3-647845cd9d81", + "dest-uuid": "75c79f95-4c84-4650-9158-510f0ce4831d", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { - "dest-uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729", + "dest-uuid": "f108215f-3487-489d-be8b-80e346d32518", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], @@ -1259,14 +1280,21 @@ "type": "similar" }, { - "dest-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", + "dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { - "dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a", + "dest-uuid": "75c79f95-4c84-4650-9158-510f0ce4831d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f108215f-3487-489d-be8b-80e346d32518", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], @@ -1358,14 +1386,21 @@ "type": "similar" }, { - "dest-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", + "dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { - "dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a", + "dest-uuid": "75c79f95-4c84-4650-9158-510f0ce4831d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f108215f-3487-489d-be8b-80e346d32518", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], @@ -2231,6 +2266,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "652b5242-b790-4695-ad0e-b79bbf78f351", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "ff0404a1-465f-4dd5-8b66-ee773628ca64", @@ -2659,6 +2701,13 @@ ], "type": "similar" }, + { + "dest-uuid": "b4216929-1626-4444-bdd7-bfd4b68a766e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "7ca93488-c357-44c3-b246-3f88391aca5a", "tags": [ @@ -2667,7 +2716,7 @@ "type": "similar" }, { - "dest-uuid": "b4216929-1626-4444-bdd7-bfd4b68a766e", + "dest-uuid": "16794655-c0e2-4510-9169-f862df104045", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], @@ -2692,6 +2741,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "ff0404a1-465f-4dd5-8b66-ee773628ca64", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "652b5242-b790-4695-ad0e-b79bbf78f351", @@ -2890,6 +2946,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "2a16a1d4-a098-4f17-80f3-3cfc6c60b539", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "74167065-90b3-4c29-807a-79b6f098e45b", @@ -2906,12 +2969,26 @@ ] }, "related": [ + { + "dest-uuid": "28c13455-7f95-40a5-9568-1e8732503507", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "a673b4fb-a864-4a5b-94ab-3fc4f5606cc8", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "74167065-90b3-4c29-807a-79b6f098e45b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "2a16a1d4-a098-4f17-80f3-3cfc6c60b539", @@ -2940,20 +3017,6 @@ ], "type": "similar" }, - { - "dest-uuid": "f24ad5ca-04c5-4cd0-bd72-209ebce4fdbc", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "variant-of" - }, - { - "dest-uuid": "025ab0ce-bffc-11e8-be19-d70ec22c5d56", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "variant-of" - }, { "dest-uuid": "17e12216-a303-4a00-8283-d3fe92d0934c", "tags": [ @@ -3107,13 +3170,6 @@ ] }, "related": [ - { - "dest-uuid": "e6085ce0-af6d-41f7-8bcb-7f2eed246941", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "6e668c0c-7085-4951-87d4-0334b6a5cdb3", "tags": [ @@ -3132,15 +3188,6 @@ "https://securityintelligence.com/tag/shiz-trojan-malware/" ] }, - "related": [ - { - "dest-uuid": "67d712c8-d254-4820-83fa-9a892b87923b", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - } - ], "uuid": "e6085ce0-af6d-41f7-8bcb-7f2eed246941", "value": "Shiz" }, @@ -3530,12 +3577,33 @@ ] }, "related": [ + { + "dest-uuid": "4e104fef-8a2c-4679-b497-6e86d7d47db0", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "b42378e0-f147-496f-992a-26a49705395b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "7789fc1b-3cbc-4a1c-8ef0-8b06760f93e7", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "2abe89de-46dd-4dae-ae22-b49a593aff54", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "e336aeba-b61a-44e0-a0df-cd52a5839db5", @@ -5163,6 +5231,20 @@ ], "type": "similar" }, + { + "dest-uuid": "e0bea149-2def-484f-b658-f782a4f94815", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "fece06b7-d4b1-42cf-b81a-5323c917546e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f", "tags": [ @@ -5693,6 +5775,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "d1482c9e-6af3-11e8-aa8e-279274bd10c7", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "a71ed71f-b8f4-416d-9c57-910a42e59430", @@ -6434,6 +6523,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "a71ed71f-b8f4-416d-9c57-910a42e59430", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "d1482c9e-6af3-11e8-aa8e-279274bd10c7", @@ -6910,6 +7006,13 @@ ] }, "related": [ + { + "dest-uuid": "e8af6388-6575-4812-94a8-9df1567294c5", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, { "dest-uuid": "6f736038-4f74-435b-8904-6870ee0e23ba", "tags": [ @@ -6963,15 +7066,6 @@ }, { "description": "Treasury has identified a sophisticated cyber-enabled ATM cash out campaign we are calling FASTCash. FASTCash has been active since late 2016 targeting banks in Africa and Asia to remotely compromise payment switch application servers within banks to facilitate fraudulent transactions, primarily involving ATMs, to steal cash equivalent to tens of millions of dollars. FBI has attributed malware used in this campaign to the North Korean government. We expect FASTCash to continue targeting retail payment systems vulnerable to remote exploitation.", - "related": [ - { - "dest-uuid": "e38d32a2-c708-11e8-8785-472c4cfccd85", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - } - ], "uuid": "e306fe62-c708-11e8-89f2-073e396e5403", "value": "FASTCash" }, @@ -6995,5 +7089,5 @@ "value": "CoalaBot" } ], - "version": 94 + "version": 95 } diff --git a/tools/gen_mapping.py b/tools/gen_mapping.py index 6a50eb7..ce2beac 100755 --- a/tools/gen_mapping.py +++ b/tools/gen_mapping.py @@ -36,7 +36,7 @@ type_mapping = { 'mitre-mobile-attack-tool': 'tool', 'backdoor': 'tool', # 'mitre-pre-attack-attack-pattern': '', - 'mitre-mobile-attack-intrusion-set': 'tool', + 'mitre-mobile-attack-intrusion-set': 'actor', 'mitre-tool': 'tool', # 'mitre-mobile-attack-attack-pattern': '', 'mitre-mobile-attack-malware': 'tool',