MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #285 from cvandeplas/master 

MITRE relationships included in the respective cluster
pull/287/head
Alexandre Dulaunoy 2018-10-17 08:32:59 +02:00 committed by GitHub
parent cce1235d25 ca6c1caa8f
commit 3f92661b5f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
19 changed files with 5117 additions and 20516 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1937
clusters/mitre-enterprise-attack-course-of-action.json
View File

File diff suppressed because it is too large Load Diff

447
clusters/mitre-enterprise-attack-intrusion-set.json
View File

@ -27,6 +27,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "7ecc3b4f-5cdb-457e-b55a-df376b359446",
@ -44,6 +51,15 @@
"Group5"
]
},
"related": [
{
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "7331c66a-5601-4d3f-acf6-ad9e3035eb40",
"value": "Group5 - G0043"
},
@ -67,6 +83,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "fe98767f-9df8-42b9-83c9-004b1dec8647",
@ -91,6 +114,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "b42378e0-f147-496f-992a-26a49705395b",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "16ade1aa-0ea1-4bb7-88cc-9079df2ae756",
@ -108,6 +138,15 @@
"RTM"
]
},
"related": [
{
"dest-uuid": "92ec0cbd-2c30-44a2-b270-73f4ec949841",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "c416b28c-103b-4df1-909e-78089a7e0e5f",
"value": "RTM - G0048"
},
@ -145,6 +184,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "d1acfbb3-647b-4723-9154-800ec119006e",
@ -216,6 +262,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "f9c06633-dcff-48a1-8588-759e7cec5694",
@ -250,6 +303,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "c5947e1c-1cbc-434c-94b8-27c7e3be0fff",
@ -289,6 +349,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "a653431d-6a5e-4600-8ad3-609b5af57064",
@ -314,6 +381,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "df71bb3b-813c-45eb-a8bc-f2a419837411",
@ -340,6 +414,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "69d6f4a9-fcf0-4f51-bca7-597c51ad0bb8",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "277d2f87-2ae5-4730-a3aa-50c1fdff9656",
@ -379,6 +460,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "381fcf73-60f6-4ab2-9991-6af3cbc35192",
@ -403,6 +491,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "9422fc14-1c43-410d-ab0f-a709b76c72dc",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "2a7914cf-dff3-428d-ab0f-1014d1c28aeb",
@ -427,6 +522,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "ae41895a-243f-4a65-b99b-d85022326c31",
@ -451,6 +553,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "62a64fd3-aaf7-4d09-a375-d6f8bb118481",
@ -487,6 +596,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "4a2ce82e-1a74-468a-a6fb-bbead541383c",
@ -631,6 +747,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "a8d3d497-2da9-4797-8e0b-ed176be08654",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "025bdaa9-897d-4bad-afa6-013ba5734653",
@ -655,6 +778,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "68ba94ab-78b8-43e7-83e2-aed3466882c6",
@ -679,6 +809,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "519630c5-f03f-4882-825c-3af924935817",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "2e5d3a83-fe00-41a5-9b60-237efc84832f",
@ -721,6 +858,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "294e2560-bd48-44b2-9da2-833b5588ad11",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "fb366179-766c-4a4a-afa1-52bff1fd601c",
@ -746,6 +890,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "b42378e0-f147-496f-992a-26a49705395b",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "f3bdec95-3d62-42d9-a840-29630f6cdc1a",
@ -797,6 +948,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "fbe9387f-34e6-4828-ac28-3080020c597b",
@ -840,6 +998,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "4ca1929c-7d64-4aab-b849-badbfc0c760d",
@ -864,6 +1029,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "e48df773-7c95-4a4c-ba70-ea3d15900148",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "7636484c-adc5-45d4-9bfe-c3e062fbc4a0",
@ -883,6 +1055,15 @@
"FIN5"
]
},
"related": [
{
"dest-uuid": "0e18b800-906c-4e44-a143-b11c72b3448b",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "85403903-15e0-4f9f-9be4-a259ecad4022",
"value": "FIN5 - G0053"
},
@ -900,6 +1081,15 @@
"BlackOasis"
]
},
"related": [
{
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "da49b9f1-ca99-443f-9728-0a074db66850",
"value": "BlackOasis - G0063"
},
@ -915,6 +1105,15 @@
"Taidoor"
]
},
"related": [
{
"dest-uuid": "4b74a1d4-b0e9-4ef1-93f1-14ecc6e2f5b5",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "59140a2e-d117-4206-9b2c-2a8662bd9d46",
"value": "Taidoor - G0015"
},
@ -979,6 +1178,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "5a63f900-5e7e-4928-a746-dd4558e1df71",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "2a158b0a-7ef8-43cb-9985-bf34d1e12050",
@ -996,6 +1202,15 @@
"Ke3chang"
]
},
"related": [
{
"dest-uuid": "72b74d71-8169-42aa-92e0-e7b04b9f5a08",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "6713ab67-e25b-49cc-808d-2b36d4fbc35c",
"value": "Ke3chang - G0004"
},
@ -1027,6 +1242,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "247cb30b-955f-42eb-97a5-a89fef69341e",
@ -1052,6 +1274,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "a127c32c-cbb0-4f9d-be07-881a792408ec",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "269e8108-68c6-4f99-b911-14b2e765dec2",
@ -1088,6 +1317,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "17862c7d-9e60-48a0-b48e-da4dc4c3f6b0",
@ -1127,6 +1363,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "fb261c56-b80e-43a9-8351-c84081e7213d",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "f047ee18-7985-4946-8bfb-4ed754d3a0dd",
@ -1224,6 +1467,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "3753cc21-2dae-4dfb-8481-d004e74502cc",
@ -1258,6 +1508,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "0bbdf25b-30ff-4894-a1cd-49260d0dd2d9",
@ -1282,6 +1539,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "54a649ff-439a-41a4-9856-8d144a2551ba",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "0ea72cd5-ca30-46ba-bc04-378f701c658f",
@ -1318,6 +1582,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "ffe742ed-9100-4686-9e00-c331da544787",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "c93fccb1-e8e8-42cf-ae33-2ad1d183913a",
@ -1343,6 +1614,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "0f862b01-99da-47cc-9bdb-db4a86a95bb1",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "88b7dbc2-32d3-4e31-af2f-3fc24e1582d7",
@ -1360,6 +1638,15 @@
"Equation"
]
},
"related": [
{
"dest-uuid": "10d5f3b7-6be6-4da5-9a77-0f1e2bbfcc44",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "96e239be-ad99-49eb-b127-3007b8c1bec9",
"value": "Equation - G0020"
},
@ -1375,6 +1662,15 @@
"Darkhotel"
]
},
"related": [
{
"dest-uuid": "9422fc14-1c43-410d-ab0f-a709b76c72dc",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "9e729a7e-0dd6-4097-95bf-db8d64911383",
"value": "Darkhotel - G0012"
},
@ -1398,6 +1694,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "82cb34ba-02b5-432b-b2d2-07f55cbf674d",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1",
@ -1422,6 +1725,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "1b84d551-6de8-4b96-9930-d177677c3b1d",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "5cbe0d3b-6fb1-471f-b591-4b192915116d",
@ -1446,6 +1756,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "894aab42-3371-47b1-8859-a4a074c804c8",
@ -1473,6 +1790,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "9422fc14-1c43-410d-ab0f-a709b76c72dc",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "93f52415-0fe4-4d3d-896c-fc9b8e88ab90",
@ -1497,6 +1821,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "dfb5fa9b-3051-4b97-8035-08f80aef945b",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "c5574ca0-d5a4-490a-b207-e4658e5fd1d7",
@ -1515,6 +1846,15 @@
"TG-1314"
]
},
"related": [
{
"dest-uuid": "92a78814-b191-47ca-909c-1ccfe3777414",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "d519164e-f5fa-4b8c-a1fb-cf0172ad0983",
"value": "Threat Group-1314 - G0028"
},
@ -1547,6 +1887,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "6b62e336-176f-417b-856a-8552dd8c44e1",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "7a19ecb1-3c65-4de3-a230-993516aed6a6",
@ -1576,6 +1923,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "03506554-5f37-4f8f-9ce4-0e9f01a1b484",
@ -1604,6 +1958,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "ca1a3f50-5ebd-41f8-8320-2c7d6a6e88be",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "899ce53f-13a0-479b-a0e4-67d46e241542",
@ -1636,6 +1997,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "222fbd21-fc4f-4b7e-9f85-0e6e3a76c33f",
@ -1662,6 +2030,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "7bec698a-7e20-4fd3-bb6a-12787770fb1a",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "5ce5392a-3a6c-4e07-9df3-9b6a9159ac45",
@ -1697,6 +2072,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "a0cb9370-e39b-44d5-9f50-ef78e412b973",
@ -1776,6 +2158,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13",
@ -1801,6 +2190,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "ffe742ed-9100-4686-9e00-c331da544787",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "fd19bd82-1b14-49a1-a176-6cdc46b8a826",
@ -1833,6 +2229,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "691c60e2-273d-4d56-9ce6-b67e0f8719ad",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "efed95ba-d7e8-47ff-8c53-99c42426ee7c",
@ -1860,6 +2263,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "55033a4d-3ffe-46b2-99b4-2c1541e9ce1c",
@ -1892,6 +2302,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "20138b9d-1aac-4a26-8654-a36b6bbf2bba",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "fbd29c89-18ba-4c2d-b792-51c0adee049f",
@ -1933,6 +2350,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "56fca983-1cf1-4fd1-bda0-5e170a37ab59",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "38fd6a28-3353-4f2b-bb2b-459fecd5c648",
@ -1959,6 +2383,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "e906ae4d-1d3a-4675-be23-22f7311c0da4",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "7113eaa5-ba79-4fb3-b68a-398ee9cd698e",
@ -1985,6 +2416,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "dcd81c6e-ebf7-4a16-93e0-9a97fa49c88a",
@ -2009,11 +2447,18 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "2e290bfe-93b5-48ce-97d6-edcd6d32b7cf",
"value": "Gamaredon Group - G0047"
}
],
"version": 5
"version": 6
}

1470
clusters/mitre-enterprise-attack-malware.json
View File

File diff suppressed because it is too large Load Diff

17277
clusters/mitre-enterprise-attack-relationship.json
View File

File diff suppressed because it is too large Load Diff

389
clusters/mitre-enterprise-attack-tool.json
View File

@ -28,6 +28,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "f44731de-ea9f-406d-9b83-30ecbb9b4392",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "96fd6cc4-a693-4118-83ec-619e5352d07d",
@ -46,6 +53,15 @@
"at.exe"
]
},
"related": [
{
"dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "0c8465c0-d0b4-4670-992e-4eee8d7ff952",
"value": "at - S0110"
},
@ -62,6 +78,15 @@
"route.exe"
]
},
"related": [
{
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "c11ac61d-50f4-444f-85d8-6f006067f0de",
"value": "route - S0103"
},
@ -77,6 +102,15 @@
"Tasklist"
]
},
"related": [
{
"dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "2e45723a-31da-4a7e-aaa6-e01998a6788f",
"value": "Tasklist - S0057"
},
@ -93,6 +127,15 @@
"WCE"
]
},
"related": [
{
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "242f3da3-4425-4d11-8f5c-b842886da966",
"value": "Windows Credential Editor - S0005"
},
@ -108,6 +151,15 @@
"Responder"
]
},
"related": [
{
"dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "a1dd2dbd-1550-44bf-abcc-1a4c52e97719",
"value": "Responder - S0174"
},
@ -124,6 +176,15 @@
"schtasks.exe"
]
},
"related": [
{
"dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "c9703cd3-141c-43a0-a926-380082be5d04",
"value": "schtasks - S0111"
},
@ -146,6 +207,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "ca1a3f50-5ebd-41f8-8320-2c7d6a6e88be",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "102c3898-85e0-43ee-ae28-62a0a3ed9507",
@ -163,6 +231,15 @@
"ifconfig"
]
},
"related": [
{
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "362dc67f-4e85-4562-9dac-1b6b7f3ec4b5",
"value": "ifconfig - S0101"
},
@ -178,6 +255,15 @@
"BITSAdmin"
]
},
"related": [
{
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "64764dc6-a032-495f-8250-1e4c06bdc163",
"value": "BITSAdmin - S0190"
},
@ -201,6 +287,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60",
@ -218,6 +311,15 @@
"xCmd"
]
},
"related": [
{
"dest-uuid": "f44731de-ea9f-406d-9b83-30ecbb9b4392",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "4fa49fc0-9162-4bdb-a37e-7aa3dcb6d38b",
"value": "xCmd - S0123"
},
@ -233,6 +335,15 @@
"MimiPenguin"
]
},
"related": [
{
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "5a33468d-844d-4b1f-98c9-0e786c556b27",
"value": "MimiPenguin - S0179"
},
@ -248,6 +359,15 @@
"SDelete"
]
},
"related": [
{
"dest-uuid": "1b84d551-6de8-4b96-9930-d177677c3b1d",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "d8d19e33-94fd-4aa3-b94a-08ee801a2153",
"value": "SDelete - S0195"
},
@ -264,6 +384,15 @@
"systeminfo.exe"
]
},
"related": [
{
"dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1",
"value": "Systeminfo - S0096"
},
@ -280,6 +409,15 @@
"netsh.exe"
]
},
"related": [
{
"dest-uuid": "241814ae-de3f-4656-b49e-f9a80764d4b7",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "5a63f900-5e7e-4928-a746-dd4558e1df71",
"value": "netsh - S0108"
},
@ -296,6 +434,15 @@
"dsquery.exe"
]
},
"related": [
{
"dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "38952eac-cb1b-4a71-bad2-ee8223a1c8fe",
"value": "dsquery - S0105"
},
@ -318,6 +465,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "b07c2c47-fefb-4d7c-a69e-6a3296171f54",
@ -336,6 +490,15 @@
"ping.exe"
]
},
"related": [
{
"dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "b77b563c-34bb-4fb8-86a3-3694338f7b47",
"value": "Ping - S0097"
},
@ -351,6 +514,15 @@
"Fgdump"
]
},
"related": [
{
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "4f45dfeb-fe51-4df0-8db3-edf7dd0513fe",
"value": "Fgdump - S0120"
},
@ -366,6 +538,15 @@
"Lslsass"
]
},
"related": [
{
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "2fab555f-7664-4623-b4e0-1675ae38190b",
"value": "Lslsass - S0121"
},
@ -381,6 +562,15 @@
"Pass-The-Hash Toolkit"
]
},
"related": [
{
"dest-uuid": "c23b740b-a42b-47a1-aec2-9d48ddd547ff",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "a52edc76-328d-4596-85e7-d56ef5a9eb69",
"value": "Pass-The-Hash Toolkit - S0122"
},
@ -397,6 +587,15 @@
"ftp.exe"
]
},
"related": [
{
"dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "cf23bf4a-e003-4116-bbae-1ea6c558d565",
"value": "FTP - S0095"
},
@ -413,6 +612,15 @@
"ipconfig.exe"
]
},
"related": [
{
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "294e2560-bd48-44b2-9da2-833b5588ad11",
"value": "ipconfig - S0100"
},
@ -429,6 +637,15 @@
"nbtstat.exe"
]
},
"related": [
{
"dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "b35068ec-107a-4266-bda8-eb7036267aea",
"value": "nbtstat - S0102"
},
@ -452,6 +669,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "d5e96a35-7b0b-4c6a-9533-d63ecbda563e",
@ -469,6 +693,15 @@
"Tor"
]
},
"related": [
{
"dest-uuid": "7d751199-05fa-4a72-920f-85df4506c76c",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68",
"value": "Tor - S0183"
},
@ -485,6 +718,15 @@
"netstat.exe"
]
},
"related": [
{
"dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "4664b683-f578-434f-919b-1c1aad2a1111",
"value": "netstat - S0104"
},
@ -500,6 +742,15 @@
"pwdump"
]
},
"related": [
{
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "9de2308e-7bed-43a3-8e58-f194b3586700",
"value": "pwdump - S0006"
},
@ -515,6 +766,15 @@
"Cachedump"
]
},
"related": [
{
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "c9cd7ec9-40b7-49db-80be-1399eddd9c52",
"value": "Cachedump - S0119"
},
@ -530,6 +790,15 @@
"Forfiles"
]
},
"related": [
{
"dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "90ec2b22-7061-4469-b539-0989ec4f96c2",
"value": "Forfiles - S0193"
},
@ -547,6 +816,15 @@
"net.exe"
]
},
"related": [
{
"dest-uuid": "b6075259-dba3-44e9-87c7-e954f37ec0d5",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "03342581-f790-4f03-ba41-e82e67392e23",
"value": "Net - S0039"
},
@ -570,6 +848,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "ffe742ed-9100-4686-9e00-c331da544787",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db",
@ -595,6 +880,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "0a68f1f1-da74-4d28-8d9a-696c082706cc",
@ -613,6 +905,15 @@
"arp.exe"
]
},
"related": [
{
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "30489451-5886-4c46-90c9-0dff9adc5252",
"value": "Arp - S0099"
},
@ -632,6 +933,15 @@
"cmd.exe"
]
},
"related": [
{
"dest-uuid": "56fca983-1cf1-4fd1-bda0-5e170a37ab59",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "bba595da-b73a-4354-aa6c-224d4de7cb4e",
"value": "cmd - S0106"
},
@ -647,6 +957,15 @@
"Havij"
]
},
"related": [
{
"dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "fbd727ea-c0dc-42a9-8448-9e12962d1ab5",
"value": "Havij - S0224"
},
@ -664,6 +983,15 @@
"PowerSploit"
]
},
"related": [
{
"dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "13cd9151-83b7-410d-9f98-25d0f0d1d80d",
"value": "PowerSploit - S0194"
},
@ -678,6 +1006,15 @@
"meek"
]
},
"related": [
{
"dest-uuid": "1ce03c65-5946-4ac9-9d4d-66db87e024bd",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "65370d0b-3bd4-4653-8cf9-daf56f6be830",
"value": "meek - S0175"
},
@ -695,6 +1032,15 @@
"reg.exe"
]
},
"related": [
{
"dest-uuid": "2edd9d6a-5674-4326-a600-ba56de467286",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "cde2d700-9ed1-46cf-9bce-07364fe8b24f",
"value": "Reg - S0075"
},
@ -710,6 +1056,15 @@
"spwebmember"
]
},
"related": [
{
"dest-uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "33b9e38f-103c-412d-bdcf-904a91fff1e4",
"value": "spwebmember - S0227"
},
@ -732,6 +1087,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "cb69b20d-56d0-41ab-8440-4a4b251614d4",
@ -749,6 +1111,15 @@
"sqlmap"
]
},
"related": [
{
"dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "9a2640c2-9f43-46fe-b13f-bde881e55555",
"value": "sqlmap - S0225"
},
@ -785,6 +1156,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "aafea02e-ece5-4bb2-91a6-3bf8c7f38a39",
@ -802,9 +1180,18 @@
"Invoke-PSImage"
]
},
"related": [
{
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "b52d6583-14a2-4ddc-8527-87fd2142558f",
"value": "Invoke-PSImage - S0231"
}
],
"version": 6
"version": 7
}

128
clusters/mitre-mobile-attack-course-of-action.json
View File

@ -13,6 +13,15 @@
"meta": {
"external_id": "MOB-M1010"
},
"related": [
{
"dest-uuid": "9d7c32f4-ab39-49dc-8055-8106bc2294a1",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
}
],
"uuid": "cf2cccb1-cab8-431a-8ecf-f7874d05f433",
"value": "Deploy Compromised Device Detection Method - MOB-M1010"
},
@ -21,6 +30,15 @@
"meta": {
"external_id": "MOB-M1014"
},
"related": [
{
"dest-uuid": "fb3fa94a-3aee-4ab0-b7e7-abdf0a51286d",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
}
],
"uuid": "e829ee51-1caf-4665-ba15-7f8979634124",
"value": "Interconnection Filtering - MOB-M1014"
},
@ -29,6 +47,15 @@
"meta": {
"external_id": "MOB-M1008"
},
"related": [
{
"dest-uuid": "702055ac-4e54-4ae9-9527-e23a38e0b160",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
}
],
"uuid": "d2a199d2-dfea-4d0c-987d-6195ed17be9c",
"value": "Use Device-Provided Credential Storage - MOB-M1008"
},
@ -37,6 +64,15 @@
"meta": {
"external_id": "MOB-M1006"
},
"related": [
{
"dest-uuid": "a0464539-e1b7-4455-a355-12495987c300",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
}
],
"uuid": "0beabf44-e8d8-4ae4-9122-ef56369a2564",
"value": "Use Recent OS Version - MOB-M1006"
},
@ -45,6 +81,15 @@
"meta": {
"external_id": "MOB-M1001"
},
"related": [
{
"dest-uuid": "f296fc9c-2ff5-43ee-941e-6b49c438270a",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
}
],
"uuid": "bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
"value": "Security Updates - MOB-M1001"
},
@ -53,6 +98,15 @@
"meta": {
"external_id": "MOB-M1003"
},
"related": [
{
"dest-uuid": "46d818a5-67fa-4585-a7fc-ecf15376c8d5",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
}
],
"uuid": "8ccd428d-39da-4e8f-a55b-d48ea1d56e58",
"value": "Lock Bootloader - MOB-M1003"
},
@ -61,6 +115,15 @@
"meta": {
"external_id": "MOB-M1004"
},
"related": [
{
"dest-uuid": "c5089859-b21f-40a3-8be4-63e381b8b1c0",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
}
],
"uuid": "7b1cf46f-784b-405a-a8dd-4624c19d8321",
"value": "System Partition Integrity - MOB-M1004"
},
@ -69,6 +132,15 @@
"meta": {
"external_id": "MOB-M1002"
},
"related": [
{
"dest-uuid": "46d818a5-67fa-4585-a7fc-ecf15376c8d5",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
}
],
"uuid": "ff4821f6-5afb-481b-8c0f-26c28c0d666c",
"value": "Attestation - MOB-M1002"
},
@ -77,6 +149,15 @@
"meta": {
"external_id": "MOB-M1007"
},
"related": [
{
"dest-uuid": "8e27551a-5080-4148-a584-c64348212e4f",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
}
],
"uuid": "e944670c-d03a-4e93-a21c-b3d4c53ec4c9",
"value": "Caution with Device Administrator Access - MOB-M1007"
},
@ -85,6 +166,15 @@
"meta": {
"external_id": "MOB-M1013"
},
"related": [
{
"dest-uuid": "29e07491-8947-43a3-8d4e-9a787c45f3d3",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
}
],
"uuid": "25dc1ce8-eb55-4333-ae30-a7cb4f5894a1",
"value": "Application Developer Guidance - MOB-M1013"
},
@ -93,6 +183,15 @@
"meta": {
"external_id": "MOB-M1005"
},
"related": [
{
"dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
}
],
"uuid": "1553b156-6767-47f7-9eb4-2a692505666d",
"value": "Application Vetting - MOB-M1005"
},
@ -101,6 +200,15 @@
"meta": {
"external_id": "MOB-M1011"
},
"related": [
{
"dest-uuid": "a0464539-e1b7-4455-a355-12495987c300",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
}
],
"uuid": "653492e3-27be-4a0e-b08c-938dd2b7e0e1",
"value": "User Guidance - MOB-M1011"
},
@ -109,6 +217,15 @@
"meta": {
"external_id": "MOB-M1012"
},
"related": [
{
"dest-uuid": "51aedbd6-2837-4d15-aeb0-cb09f2bf22ac",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
}
],
"uuid": "649f7268-4c12-483b-ac84-4b7bca9fe2ee",
"value": "Enterprise Policy - MOB-M1012"
},
@ -117,9 +234,18 @@
"meta": {
"external_id": "MOB-M1009"
},
"related": [
{
"dest-uuid": "393e8c12-a416-4575-ba90-19cc85656796",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
}
],
"uuid": "8220b57e-c400-4525-bf69-f8edc6b389a8",
"value": "Encrypt Network Traffic - MOB-M1009"
}
],
"version": 3
"version": 4
}

297
clusters/mitre-mobile-attack-malware.json
View File

@ -27,6 +27,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "a3dad2be-ce62-4440-953b-00fbce7aba93",
@ -44,6 +51,15 @@
"Trojan-SMS.AndroidOS.Agent.ao"
]
},
"related": [
{
"dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "a1867c56-8c86-455a-96ad-b0d5f7e2bc17",
"value": "Trojan-SMS.AndroidOS.Agent.ao - MOB-S0023"
},
@ -65,6 +81,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "667e5707-3843-4da8-bd34-88b922526f0d",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "507fe748-5e4a-4b45-9e9f-8b1115f4e878",
@ -82,6 +105,15 @@
"KeyRaider"
]
},
"related": [
{
"dest-uuid": "3b0b604f-10db-41a0-b54c-493124d455b9",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "3bc1f0ad-ef11-4afc-83c0-fcffe08d4e50",
"value": "KeyRaider - MOB-S0004"
},
@ -98,6 +130,15 @@
"BrainTest"
]
},
"related": [
{
"dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "e13d084c-382f-40fd-aa9a-98d69e20301e",
"value": "BrainTest - MOB-S0009"
},
@ -123,6 +164,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "c80a6bef-b3ce-44d0-b113-946e93124898",
@ -140,6 +188,15 @@
"DressCode"
]
},
"related": [
{
"dest-uuid": "22379609-a99f-4a01-bd7e-70f3e105859d",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "ff742eeb-1f90-4f5a-8b92-9d40fffd99ca",
"value": "DressCode - MOB-S0016"
},
@ -156,6 +213,15 @@
"Adups"
]
},
"related": [
{
"dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "f6ac21b6-2592-400c-8472-10d0e2f1bfaf",
"value": "Adups - MOB-S0025"
},
@ -186,6 +252,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "33d9d91d-aad9-49d5-a516-220ce101ac8a",
@ -203,6 +276,15 @@
"RuMMS"
]
},
"related": [
{
"dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "936be60d-90eb-4c36-9247-4b31128432c4",
"value": "RuMMS - MOB-S0029"
},
@ -225,6 +307,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "f981d199-2720-467e-9dc9-eea04dbe05cf",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "c8770c81-c29f-40d2-a140-38544206b2b4",
@ -242,6 +331,15 @@
"Trojan-SMS.AndroidOS.OpFake.a"
]
},
"related": [
{
"dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "d89c132d-7752-4c7f-9372-954a71522985",
"value": "Trojan-SMS.AndroidOS.OpFake.a - MOB-S0024"
},
@ -264,6 +362,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "317a2c10-d489-431e-b6b2-f0251fddc88e",
@ -281,6 +386,15 @@
"MazarBOT"
]
},
"related": [
{
"dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "5ddf81ea-2c06-497b-8c30-5f1ab89a40f9",
"value": "MazarBOT - MOB-S0019"
},
@ -297,6 +411,15 @@
"Gooligan"
]
},
"related": [
{
"dest-uuid": "702055ac-4e54-4ae9-9527-e23a38e0b160",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "20d56cd6-8dff-4871-9889-d32d254816de",
"value": "Gooligan - MOB-S0006"
},
@ -312,6 +435,15 @@
"OldBoot"
]
},
"related": [
{
"dest-uuid": "46d818a5-67fa-4585-a7fc-ecf15376c8d5",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "2074b2ad-612e-4758-adce-7901c1b49bbc",
"value": "OldBoot - MOB-S0001"
},
@ -333,6 +465,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "326eaf7b-5784-4f08-8fc2-61fd5d5bc5fb",
@ -351,6 +490,15 @@
"DroidJack RAT"
]
},
"related": [
{
"dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1",
"value": "DroidJack RAT - MOB-S0036"
},
@ -366,6 +514,15 @@
"HummingWhale"
]
},
"related": [
{
"dest-uuid": "f981d199-2720-467e-9dc9-eea04dbe05cf",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "6447e3a1-ef4d-44b1-99d5-6b1c4888674f",
"value": "HummingWhale - MOB-S0037"
},
@ -381,6 +538,15 @@
"ANDROIDOS_ANSERVER.A"
]
},
"related": [
{
"dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "4bf6ba32-4165-42c1-b911-9c36165891c8",
"value": "ANDROIDOS_ANSERVER.A - MOB-S0026"
},
@ -396,6 +562,15 @@
"Trojan-SMS.AndroidOS.FakeInst.a"
]
},
"related": [
{
"dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "28e39395-91e7-4f02-b694-5e079c964da9",
"value": "Trojan-SMS.AndroidOS.FakeInst.a - MOB-S0022"
},
@ -411,6 +586,15 @@
"NotCompatible"
]
},
"related": [
{
"dest-uuid": "22379609-a99f-4a01-bd7e-70f3e105859d",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "23040c15-e7d8-47b5-8c16-8fd3e0e297fe",
"value": "NotCompatible - MOB-S0015"
},
@ -454,6 +638,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "56660521-6db4-4e5a-a927-464f22954b7c",
@ -471,6 +662,15 @@
"Twitoor"
]
},
"related": [
{
"dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "41e3fd01-7b83-471f-835d-d2b1dc9a770c",
"value": "Twitoor - MOB-S0018"
},
@ -486,6 +686,15 @@
"OBAD"
]
},
"related": [
{
"dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "ca4f63b9-a358-4214-bb26-8c912318cfde",
"value": "OBAD - MOB-S0002"
},
@ -501,6 +710,15 @@
"Android/Chuli.A"
]
},
"related": [
{
"dest-uuid": "1f96d624-8409-4472-ad8a-30618ee6b2e2",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "d05f7357-4cbe-47ea-bf83-b8604226d533",
"value": "Android/Chuli.A - MOB-S0020"
},
@ -516,6 +734,15 @@
"PJApps"
]
},
"related": [
{
"dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "c709da93-20c3-4d17-ab68-48cba76b2137",
"value": "PJApps - MOB-S0007"
},
@ -531,6 +758,15 @@
"AndroidOverlayMalware"
]
},
"related": [
{
"dest-uuid": "3dd58c80-4c2e-458c-9503-1b2cd273c4d2",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "b6d3657a-2d6a-400f-8b7e-4d60391aa1f7",
"value": "AndroidOverlayMalware - MOB-S0012"
},
@ -546,6 +782,15 @@
"ZergHelper"
]
},
"related": [
{
"dest-uuid": "b765efd1-02e6-4e67-aebf-0fef5c37e54b",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "3c3b55a6-c3e9-4043-8aae-283fe96220c0",
"value": "ZergHelper - MOB-S0003"
},
@ -561,6 +806,15 @@
"SpyNote RAT"
]
},
"related": [
{
"dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "20dbaf05-59b8-4dc6-8777-0b17f4553a23",
"value": "SpyNote RAT - MOB-S0021"
},
@ -576,6 +830,15 @@
"RCSAndroid"
]
},
"related": [
{
"dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
"value": "RCSAndroid - MOB-S0011"
},
@ -598,6 +861,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "d1c600f8-0fb6-4367-921b-85b71947d950",
@ -614,6 +884,15 @@
"YiSpecter"
]
},
"related": [
{
"dest-uuid": "51aedbd6-2837-4d15-aeb0-cb09f2bf22ac",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "a15c9357-2be0-4836-beec-594f28b9b4a9",
"value": "YiSpecter - MOB-S0027"
},
@ -645,6 +924,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "93799a9d-3537-43d8-b6f4-17215de1657c",
@ -663,9 +949,18 @@
"XcodeGhost"
]
},
"related": [
{
"dest-uuid": "c4b96c0b-cb58-497a-a1c2-bb447d79d692",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "d9e07aea-baad-4b68-bdca-90c77647d7f9",
"value": "XcodeGhost - MOB-S0013"
}
],
"version": 5
"version": 6
}

1973
clusters/mitre-mobile-attack-relationship.json
View File

File diff suppressed because it is too large Load Diff

9
clusters/mitre-mobile-attack-tool.json
View File

@ -41,11 +41,18 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "da21929e-40c0-443d-bdf4-6b60d15448b4",
"value": "Xbot - MOB-S0014"
}
],
"version": 5
"version": 6
}

299
clusters/mitre-pre-attack-attack-pattern.json
View File

@ -33,6 +33,15 @@
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1108"
]
},
"related": [
{
"dest-uuid": "e6ca2820-a564-4b74-b42a-b6bdf052e5b6",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "72c8d526-1247-42d4-919c-6d7a31ca8f39",
"value": "Obfuscate infrastructure - PRE-T1108"
},
@ -173,6 +182,15 @@
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1025"
]
},
"related": [
{
"dest-uuid": "7718e92f-b011-4f88-b822-ae245a1de407",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "c721b235-679a-4d76-9ae9-e08921fccf84",
"value": "Identify job postings and needs/gaps - PRE-T1025"
},
@ -369,6 +387,15 @@
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1077"
]
},
"related": [
{
"dest-uuid": "96eb59d1-6c46-44bb-bfcd-56be02a00d41",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "7baccb84-356c-4e89-8c5d-58e701f033fc",
"value": "Analyze organizational skillsets and deficiencies - PRE-T1077"
},
@ -439,6 +466,15 @@
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1026"
]
},
"related": [
{
"dest-uuid": "af358cad-eb71-4e91-a752-236edc237dae",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "74a3288e-eee9-4f8e-973a-fbc128e033f1",
"value": "Conduct social engineering - PRE-T1026"
},
@ -453,6 +489,15 @@
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1106"
]
},
"related": [
{
"dest-uuid": "286cc500-4291-45c2-99a1-e760db176402",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "795c1a92-3a26-453e-b99a-6a566aa94dc6",
"value": "Acquire and/or use 3rd party infrastructure services - PRE-T1106"
},
@ -481,6 +526,15 @@
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1074"
]
},
"related": [
{
"dest-uuid": "092f05e3-f7c0-4cd2-91be-3a8d6ed3cadc",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "96eb59d1-6c46-44bb-bfcd-56be02a00d41",
"value": "Analyze organizational skillsets and deficiencies - PRE-T1074"
},
@ -509,6 +563,15 @@
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1109"
]
},
"related": [
{
"dest-uuid": "e5164428-03ca-4336-a9a7-4d9ea1417e59",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "03f4a766-7a21-4b5e-9ccf-e0cf422ab983",
"value": "Acquire or compromise 3rd party signing certificates - PRE-T1109"
},
@ -593,6 +656,15 @@
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1023"
]
},
"related": [
{
"dest-uuid": "7860e21e-7514-4a3f-8a9d-56405ccfdb0c",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "78e41091-d10d-4001-b202-89612892b6ff",
"value": "Identify supply chains - PRE-T1023"
},
@ -635,6 +707,15 @@
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1060"
]
},
"related": [
{
"dest-uuid": "5b6ce031-bb86-407a-9984-2b9700ac4549",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "73e7d7d5-1782-4cd0-a4d7-00c7ec051c2a",
"value": "Identify business relationships - PRE-T1060"
},
@ -747,6 +828,15 @@
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1049"
]
},
"related": [
{
"dest-uuid": "73e7d7d5-1782-4cd0-a4d7-00c7ec051c2a",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "5b6ce031-bb86-407a-9984-2b9700ac4549",
"value": "Identify business relationships - PRE-T1049"
},
@ -803,6 +893,15 @@
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1088"
]
},
"related": [
{
"dest-uuid": "54eb2bab-125f-4d1c-b999-0c692860bafe",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "20a66013-8dab-4ca3-a67d-766c842c561c",
"value": "Dynamic DNS - PRE-T1088"
},
@ -929,6 +1028,15 @@
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1037"
]
},
"related": [
{
"dest-uuid": "dfa4eaf4-50d9-49de-89e9-d33f579f3e05",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "856a9371-4f0f-4ea9-946e-f3144204240f",
"value": "Determine 3rd party infrastructure services - PRE-T1037"
},
@ -957,6 +1065,15 @@
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1141"
]
},
"related": [
{
"dest-uuid": "103d72e6-7e0d-4b3a-9373-c38567305c33",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "eacd1efe-ee30-4b03-b58f-5b3b1adfe45d",
"value": "Friend/Follow/Connect to targets of interest - PRE-T1141"
},
@ -1027,6 +1144,15 @@
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1084"
]
},
"related": [
{
"dest-uuid": "795c1a92-3a26-453e-b99a-6a566aa94dc6",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "286cc500-4291-45c2-99a1-e760db176402",
"value": "Acquire and/or use 3rd party infrastructure services - PRE-T1084"
},
@ -1265,6 +1391,15 @@
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1055"
]
},
"related": [
{
"dest-uuid": "c721b235-679a-4d76-9ae9-e08921fccf84",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "7718e92f-b011-4f88-b822-ae245a1de407",
"value": "Identify job postings and needs/gaps - PRE-T1055"
},
@ -1279,6 +1414,15 @@
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1056"
]
},
"related": [
{
"dest-uuid": "af358cad-eb71-4e91-a752-236edc237dae",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "a757670d-d600-48d9-8ae9-601d42c184a5",
"value": "Conduct social engineering - PRE-T1056"
},
@ -1293,6 +1437,15 @@
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1053"
]
},
"related": [
{
"dest-uuid": "59369f72-3005-4e54-9095-3d00efcece73",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "7860e21e-7514-4a3f-8a9d-56405ccfdb0c",
"value": "Identify supply chains - PRE-T1053"
},
@ -1321,6 +1474,15 @@
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1111"
]
},
"related": [
{
"dest-uuid": "4900fabf-1142-4c1f-92f5-0b590e049077",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "e51398e6-53dc-4e9f-a323-e54683d8672b",
"value": "Compromise 3rd party infrastructure to support delivery - PRE-T1111"
},
@ -1335,6 +1497,15 @@
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1086"
]
},
"related": [
{
"dest-uuid": "72c8d526-1247-42d4-919c-6d7a31ca8f39",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "e6ca2820-a564-4b74-b42a-b6bdf052e5b6",
"value": "Obfuscate infrastructure - PRE-T1086"
},
@ -1517,6 +1688,15 @@
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1121"
]
},
"related": [
{
"dest-uuid": "eacd1efe-ee30-4b03-b58f-5b3b1adfe45d",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "103d72e6-7e0d-4b3a-9373-c38567305c33",
"value": "Friend/Follow/Connect to targets of interest - PRE-T1121"
},
@ -1559,6 +1739,15 @@
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1054"
]
},
"related": [
{
"dest-uuid": "2b9a666e-bd59-4f67-9031-ed41b428e04a",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "028ad431-84c5-4eb7-a364-2b797c234f88",
"value": "Acquire OSINT data sets and information - PRE-T1054"
},
@ -1629,6 +1818,15 @@
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1061"
]
},
"related": [
{
"dest-uuid": "856a9371-4f0f-4ea9-946e-f3144204240f",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "dfa4eaf4-50d9-49de-89e9-d33f579f3e05",
"value": "Determine 3rd party infrastructure services - PRE-T1061"
},
@ -1657,6 +1855,15 @@
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1089"
]
},
"related": [
{
"dest-uuid": "e51398e6-53dc-4e9f-a323-e54683d8672b",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "4900fabf-1142-4c1f-92f5-0b590e049077",
"value": "Compromise 3rd party infrastructure to support delivery - PRE-T1089"
},
@ -1769,6 +1976,15 @@
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1087"
]
},
"related": [
{
"dest-uuid": "03f4a766-7a21-4b5e-9ccf-e0cf422ab983",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "e5164428-03ca-4336-a9a7-4d9ea1417e59",
"value": "Acquire or compromise 3rd party signing certificates - PRE-T1087"
},
@ -1881,6 +2097,15 @@
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1024"
]
},
"related": [
{
"dest-uuid": "2b9a666e-bd59-4f67-9031-ed41b428e04a",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "784ff1bc-1483-41fe-a172-4cd9ae25c06b",
"value": "Acquire OSINT data sets and information - PRE-T1024"
},
@ -1895,6 +2120,15 @@
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1085"
]
},
"related": [
{
"dest-uuid": "488da8ed-2887-4ef6-a39a-5b69bc6682c6",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "1a295f87-af63-4d94-b130-039d6221fb11",
"value": "Acquire and/or use 3rd party software services - PRE-T1085"
},
@ -1923,6 +2157,15 @@
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1044"
]
},
"related": [
{
"dest-uuid": "7718e92f-b011-4f88-b822-ae245a1de407",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "0722cd65-0c83-4c89-9502-539198467ab1",
"value": "Identify job postings and needs/gaps - PRE-T1044"
},
@ -1951,6 +2194,15 @@
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1107"
]
},
"related": [
{
"dest-uuid": "1a295f87-af63-4d94-b130-039d6221fb11",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "488da8ed-2887-4ef6-a39a-5b69bc6682c6",
"value": "Acquire and/or use 3rd party software services - PRE-T1107"
},
@ -1979,6 +2231,15 @@
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1110"
]
},
"related": [
{
"dest-uuid": "20a66013-8dab-4ca3-a67d-766c842c561c",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "54eb2bab-125f-4d1c-b999-0c692860bafe",
"value": "Dynamic DNS - PRE-T1110"
},
@ -2021,6 +2282,15 @@
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1043"
]
},
"related": [
{
"dest-uuid": "028ad431-84c5-4eb7-a364-2b797c234f88",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "2b9a666e-bd59-4f67-9031-ed41b428e04a",
"value": "Acquire OSINT data sets and information - PRE-T1043"
},
@ -2077,6 +2347,15 @@
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1066"
]
},
"related": [
{
"dest-uuid": "96eb59d1-6c46-44bb-bfcd-56be02a00d41",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "092f05e3-f7c0-4cd2-91be-3a8d6ed3cadc",
"value": "Analyze organizational skillsets and deficiencies - PRE-T1066"
},
@ -2147,6 +2426,15 @@
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1042"
]
},
"related": [
{
"dest-uuid": "7860e21e-7514-4a3f-8a9d-56405ccfdb0c",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "59369f72-3005-4e54-9095-3d00efcece73",
"value": "Identify supply chains - PRE-T1042"
},
@ -2357,6 +2645,15 @@
"https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1045"
]
},
"related": [
{
"dest-uuid": "74a3288e-eee9-4f8e-973a-fbc128e033f1",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to"
}
],
"uuid": "af358cad-eb71-4e91-a752-236edc237dae",
"value": "Conduct social engineering - PRE-T1045"
},
@ -2445,5 +2742,5 @@
"value": "Data Hiding - PRE-T1097"
}
],
"version": 3
"version": 4
}

53
clusters/mitre-pre-attack-intrusion-set.json
View File

@ -20,6 +20,15 @@
"APT16"
]
},
"related": [
{
"dest-uuid": "3cab1b76-2f40-4cd0-8d2c-7ed16eeb909c",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "d6e88e18-81e8-4709-82d8-973095da1e70",
"value": "APT16 - G0023"
},
@ -59,6 +68,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "62b8c999-dcc0-4755-bd69-09442d9359f5",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
@ -142,6 +158,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063",
@ -170,6 +193,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "8beac7c2-48d2-4cd9-9b15-6c452f38ac06",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "c47f937f-1022-4f42-8525-e7a4779a14cb",
@ -197,6 +227,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "1608f3e1-598a-42f4-a01a-2e252e81728f",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
@ -223,6 +260,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "88c621a7-aef9-4ae0-94e3-1fc87123eb24",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8",
@ -269,11 +313,18 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "d69c8146-ab35-4d50-8382-6fc80e641d43",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "090242d7-73fc-4738-af68-20162f7a5aae",
"value": "APT17 - G0025"
}
],
"version": 4
"version": 5
}

925
clusters/mitre-pre-attack-relationship.json
View File

@ -1,925 +0,0 @@
{
"authors": [
"MITRE"
],
"description": "MITRE Relationship",
"name": "Pre Attack - Relationship",
"source": "https://github.com/mitre/cti",
"type": "mitre-pre-attack-relationship",
"uuid": "1ffd3108-1708-11e8-9f98-67b378d9094c",
"values": [
{
"meta": {
"source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
"target-uuid": "58d0b955-ae3d-424a-a537-2804dab38793"
},
"uuid": "1eed277b-a2a7-43f9-bf12-6e30abf0841a",
"value": "APT28 (G0007) uses Unconditional client-side exploitation/Injected Website/Driveby (PRE-T1149)"
},
{
"meta": {
"source-uuid": "eacd1efe-ee30-4b03-b58f-5b3b1adfe45d",
"target-uuid": "103d72e6-7e0d-4b3a-9373-c38567305c33"
},
"uuid": "4a69750c-47d5-40f5-b753-c6bb2a27a359",
"value": "Friend/Follow/Connect to targets of interest (PRE-T1141) related-to Friend/Follow/Connect to targets of interest (PRE-T1121)"
},
{
"meta": {
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
"target-uuid": "15ef4da5-3b93-4bb1-a39a-5396661956d3"
},
"uuid": "2b6a71e4-e5d5-41d2-a193-9a95c94dc924",
"value": "APT1 (G0006) uses Build and configure delivery systems (PRE-T1124)"
},
{
"meta": {
"source-uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8",
"target-uuid": "e24a9f99-cb76-42a3-a50b-464668773e97"
},
"uuid": "57723021-1eb3-4bf2-86eb-fdbf8a1b8125",
"value": "Night Dragon (G0014) uses Spear phishing messages with malicious attachments (PRE-T1144)"
},
{
"meta": {
"source-uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8",
"target-uuid": "9755ecdc-deb0-40e6-af49-713cb0f8ed92"
},
"uuid": "a34c16e9-bc7e-45f5-a9a2-8b05d868e6a0",
"value": "Night Dragon (G0014) uses Remote access tool development (PRE-T1128)"
},
{
"meta": {
"source-uuid": "d6e88e18-81e8-4709-82d8-973095da1e70",
"target-uuid": "d69c3e06-8311-4093-8e3e-0a8e06b15d92"
},
"uuid": "307e24f8-4d7c-49a8-88f6-fb0a99fe8ff4",
"value": "APT16 (G0023) uses Assess targeting options (PRE-T1073)"
},
{
"meta": {
"source-uuid": "7baccb84-356c-4e89-8c5d-58e701f033fc",
"target-uuid": "092f05e3-f7c0-4cd2-91be-3a8d6ed3cadc"
},
"uuid": "2dbdcf5e-af75-4f92-b4ad-942a06aab259",
"value": "Analyze organizational skillsets and deficiencies (PRE-T1077) related-to Analyze organizational skillsets and deficiencies (PRE-T1066)"
},
{
"meta": {
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
"target-uuid": "f4c5d1d9-8f0e-46f1-a9fa-f9a440926046"
},
"uuid": "9af7194c-1eea-4aef-bab1-49bd29be069c",
"value": "APT1 (G0006) uses Confirmation of launched compromise achieved (PRE-T1160)"
},
{
"meta": {
"source-uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8",
"target-uuid": "89a79d91-53e0-4ef5-ba28-558cb8b01f76"
},
"uuid": "f6dd74d9-ed02-4fe4-aff6-9ef25906592f",
"value": "Night Dragon (G0014) uses Identify groups/roles (PRE-T1047)"
},
{
"meta": {
"source-uuid": "090242d7-73fc-4738-af68-20162f7a5aae",
"target-uuid": "271e6d40-e191-421a-8f87-a8102452c201"
},
"uuid": "614f64d8-c221-4789-b1e1-787e9326a37b",
"value": "APT17 (G0025) uses Develop social network persona digital footprint (PRE-T1119)"
},
{
"meta": {
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
"target-uuid": "e24a9f99-cb76-42a3-a50b-464668773e97"
},
"uuid": "84943231-1b44-4029-ae09-0dbf05440bef",
"value": "APT1 (G0006) uses Spear phishing messages with malicious attachments (PRE-T1144)"
},
{
"meta": {
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
"target-uuid": "d3999268-740f-467e-a075-c82e2d04be62"
},
"uuid": "51d03816-347c-4716-9524-da99a58f5ea6",
"value": "APT1 (G0006) uses Assess leadership areas of interest (PRE-T1001)"
},
{
"meta": {
"source-uuid": "af358cad-eb71-4e91-a752-236edc237dae",
"target-uuid": "74a3288e-eee9-4f8e-973a-fbc128e033f1"
},
"uuid": "ad510f42-e745-42d0-8b54-4bf7a2f3cf34",
"value": "Conduct social engineering (PRE-T1045) related-to Conduct social engineering (PRE-T1026)"
},
{
"meta": {
"source-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063",
"target-uuid": "9108e212-1c94-4f8d-be76-1aad9b4c86a4"
},
"uuid": "ab356c7a-6922-4143-90eb-5be632e2f6cd",
"value": "Cleaver (G0003) uses Build social network persona (PRE-T1118)"
},
{
"meta": {
"source-uuid": "c721b235-679a-4d76-9ae9-e08921fccf84",
"target-uuid": "7718e92f-b011-4f88-b822-ae245a1de407"
},
"uuid": "ab313887-ff00-4aa9-8edb-ab107c517c19",
"value": "Identify job postings and needs/gaps (PRE-T1025) related-to Identify job postings and needs/gaps (PRE-T1055)"
},
{
"meta": {
"source-uuid": "d6e88e18-81e8-4709-82d8-973095da1e70",
"target-uuid": "784ff1bc-1483-41fe-a172-4cd9ae25c06b"
},
"uuid": "edb31962-2310-4618-bd4f-d34f8e7d58e8",
"value": "APT16 (G0023) uses Acquire OSINT data sets and information (PRE-T1024)"
},
{
"meta": {
"source-uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8",
"target-uuid": "286cc500-4291-45c2-99a1-e760db176402"
},
"uuid": "0adf353d-688b-46ce-88bb-62a008675fe0",
"value": "Night Dragon (G0014) uses Acquire and/or use 3rd party infrastructure services (PRE-T1084)"
},
{
"meta": {
"source-uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8",
"target-uuid": "d778cb83-2292-4995-b006-d38f52bc1e64"
},
"uuid": "e95ea206-3962-43af-aac1-042ac9928679",
"value": "Night Dragon (G0014) uses Identify gap areas (PRE-T1002)"
},
{
"meta": {
"source-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063",
"target-uuid": "fddd81e9-dd3d-477e-9773-4fb8ae227234"
},
"uuid": "b09b41c4-670f-4f00-b8d5-a8c6a2dcfcfb",
"value": "Cleaver (G0003) uses Create custom payloads (PRE-T1122)"
},
{
"meta": {
"source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
"target-uuid": "c860af4a-376e-46d7-afbf-262c41012227"
},
"uuid": "26bf68a4-af3c-4d39-bad3-5f0ce824f4a3",
"value": "APT28 (G0007) uses Determine operational element (PRE-T1019)"
},
{
"meta": {
"source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
"target-uuid": "45242287-2964-4a3e-9373-159fad4d8195"
},
"uuid": "3d65fc7e-87a5-4113-bd9c-09453fba4d1e",
"value": "APT28 (G0007) uses Buy domain name (PRE-T1105)"
},
{
"meta": {
"source-uuid": "7718e92f-b011-4f88-b822-ae245a1de407",
"target-uuid": "c721b235-679a-4d76-9ae9-e08921fccf84"
},
"uuid": "22d4f32c-63c1-400f-8e2c-10e4a200d133",
"value": "Identify job postings and needs/gaps (PRE-T1055) related-to Identify job postings and needs/gaps (PRE-T1025)"
},
{
"meta": {
"source-uuid": "73e7d7d5-1782-4cd0-a4d7-00c7ec051c2a",
"target-uuid": "5b6ce031-bb86-407a-9984-2b9700ac4549"
},
"uuid": "ac1dfc58-d5a2-4b6f-9bf4-c6c0d2d3ae80",
"value": "Identify business relationships (PRE-T1060) related-to Identify business relationships (PRE-T1049)"
},
{
"meta": {
"source-uuid": "5b6ce031-bb86-407a-9984-2b9700ac4549",
"target-uuid": "73e7d7d5-1782-4cd0-a4d7-00c7ec051c2a"
},
"uuid": "9524754d-7743-47b3-8395-3cbfb633c020",
"value": "Identify business relationships (PRE-T1049) related-to Identify business relationships (PRE-T1060)"
},
{
"meta": {
"source-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063",
"target-uuid": "271e6d40-e191-421a-8f87-a8102452c201"
},
"uuid": "d26a1746-b577-4a89-be5e-c49611e8c65a",
"value": "Cleaver (G0003) uses Develop social network persona digital footprint (PRE-T1119)"
},
{
"meta": {
"source-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063",
"target-uuid": "c2ffd229-11bb-4fd8-9208-edbe97b14c93"
},
"uuid": "f43faad4-a016-4da0-8de6-53103d429268",
"value": "Cleaver (G0003) uses Obfuscation or cryptography (PRE-T1090)"
},
{
"meta": {
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
"target-uuid": "20a66013-8dab-4ca3-a67d-766c842c561c"
},
"uuid": "0e7905fd-77c8-43cb-b499-7d6e37fefbeb",
"value": "APT1 (G0006) uses Dynamic DNS (PRE-T1088)"
},
{
"meta": {
"source-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063",
"target-uuid": "b79a1960-d0be-4b51-bb62-b27e91e1dea0"
},
"uuid": "3f8694fa-8e16-465b-8357-ec0a85316e9c",
"value": "Cleaver (G0003) uses Conduct social engineering or HUMINT operation (PRE-T1153)"
},
{
"meta": {
"source-uuid": "090242d7-73fc-4738-af68-20162f7a5aae",
"target-uuid": "72c8d526-1247-42d4-919c-6d7a31ca8f39"
},
"uuid": "9c87b627-de61-42da-a658-7bdb33358754",
"value": "APT17 (G0025) uses Obfuscate infrastructure (PRE-T1108)"
},
{
"meta": {
"source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
"target-uuid": "fddd81e9-dd3d-477e-9773-4fb8ae227234"
},
"uuid": "6d809b32-a5db-4e1e-bea6-ef29a2c680e5",
"value": "APT28 (G0007) uses Create custom payloads (PRE-T1122)"
},
{
"meta": {
"source-uuid": "20a66013-8dab-4ca3-a67d-766c842c561c",
"target-uuid": "54eb2bab-125f-4d1c-b999-0c692860bafe"
},
"uuid": "f24a6bf4-c60f-4fa6-8f6a-f2806ae92cdd",
"value": "Dynamic DNS (PRE-T1088) related-to Dynamic DNS (PRE-T1110)"
},
{
"meta": {
"source-uuid": "54eb2bab-125f-4d1c-b999-0c692860bafe",
"target-uuid": "20a66013-8dab-4ca3-a67d-766c842c561c"
},
"uuid": "94daf955-fb3e-4f13-af60-0e3ffa185be0",
"value": "Dynamic DNS (PRE-T1110) related-to Dynamic DNS (PRE-T1088)"
},
{
"meta": {
"source-uuid": "090242d7-73fc-4738-af68-20162f7a5aae",
"target-uuid": "9108e212-1c94-4f8d-be76-1aad9b4c86a4"
},
"uuid": "545cd36e-572e-413d-82b9-db65788791f9",
"value": "APT17 (G0025) uses Build social network persona (PRE-T1118)"
},
{
"meta": {
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
"target-uuid": "e51398e6-53dc-4e9f-a323-e54683d8672b"
},
"uuid": "8a2c46d3-92f2-4ff7-a912-8d47189a7d79",
"value": "APT1 (G0006) uses Compromise 3rd party infrastructure to support delivery (PRE-T1111)"
},
{
"meta": {
"source-uuid": "784ff1bc-1483-41fe-a172-4cd9ae25c06b",
"target-uuid": "028ad431-84c5-4eb7-a364-2b797c234f88"
},
"uuid": "60b6c9a6-7705-4c72-93bb-67de0caf11f4",
"value": "Acquire OSINT data sets and information (PRE-T1024) related-to Acquire OSINT data sets and information (PRE-T1054)"
},
{
"meta": {
"source-uuid": "7860e21e-7514-4a3f-8a9d-56405ccfdb0c",
"target-uuid": "78e41091-d10d-4001-b202-89612892b6ff"
},
"uuid": "9c44b2ec-70b0-4f5c-800e-426477330658",
"value": "Identify supply chains (PRE-T1053) related-to Identify supply chains (PRE-T1023)"
},
{
"meta": {
"source-uuid": "e51398e6-53dc-4e9f-a323-e54683d8672b",
"target-uuid": "4900fabf-1142-4c1f-92f5-0b590e049077"
},
"uuid": "bc165934-7ef6-4aed-a0d7-81d3372589f4",
"value": "Compromise 3rd party infrastructure to support delivery (PRE-T1111) related-to Compromise 3rd party infrastructure to support delivery (PRE-T1089)"
},
{
"meta": {
"source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
"target-uuid": "288b3cc3-f4da-4250-ab8c-d8b5dbed94ca"
},
"uuid": "643d984b-0c82-4e14-8ba9-1b8dec0c91e2",
"value": "APT28 (G0007) uses Identify web defensive services (PRE-T1033)"
},
{
"meta": {
"source-uuid": "7baccb84-356c-4e89-8c5d-58e701f033fc",
"target-uuid": "96eb59d1-6c46-44bb-bfcd-56be02a00d41"
},
"uuid": "715a66b4-7925-40b4-868a-e47aba879f8b",
"value": "Analyze organizational skillsets and deficiencies (PRE-T1077) related-to Analyze organizational skillsets and deficiencies (PRE-T1074)"
},
{
"meta": {
"source-uuid": "2b9a666e-bd59-4f67-9031-ed41b428e04a",
"target-uuid": "028ad431-84c5-4eb7-a364-2b797c234f88"
},
"uuid": "28bf7e8b-9948-40a8-945b-6b5f2c78ec53",
"value": "Acquire OSINT data sets and information (PRE-T1043) related-to Acquire OSINT data sets and information (PRE-T1054)"
},
{
"meta": {
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
"target-uuid": "27f3ddf8-1b77-4cc2-a4c0-e6da3d31a768"
},
"uuid": "2b0ec032-eaca-4f0c-be55-39471f0f2bf5",
"value": "APT1 (G0006) uses Obtain/re-use payloads (PRE-T1123)"
},
{
"meta": {
"source-uuid": "784ff1bc-1483-41fe-a172-4cd9ae25c06b",
"target-uuid": "2b9a666e-bd59-4f67-9031-ed41b428e04a"
},
"uuid": "1143e6a6-deef-4dbd-8c91-7bf537d8f5ce",
"value": "Acquire OSINT data sets and information (PRE-T1024) related-to Acquire OSINT data sets and information (PRE-T1043)"
},
{
"meta": {
"source-uuid": "78e41091-d10d-4001-b202-89612892b6ff",
"target-uuid": "59369f72-3005-4e54-9095-3d00efcece73"
},
"uuid": "a29f2adc-c328-4cf3-9984-2c0c72ec7061",
"value": "Identify supply chains (PRE-T1023) related-to Identify supply chains (PRE-T1042)"
},
{
"meta": {
"source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
"target-uuid": "abd5bed1-4c12-45de-a623-ab8dc4ff862a"
},
"uuid": "eab3be4e-4130-4898-a7b6-d9e9eb34f2bd",
"value": "APT28 (G0007) uses Research relevant vulnerabilities/CVEs (PRE-T1068)"
},
{
"meta": {
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
"target-uuid": "1a295f87-af63-4d94-b130-039d6221fb11"
},
"uuid": "39db1df8-f786-480c-9faf-5b870de2250b",
"value": "APT1 (G0006) uses Acquire and/or use 3rd party software services (PRE-T1085)"
},
{
"meta": {
"source-uuid": "028ad431-84c5-4eb7-a364-2b797c234f88",
"target-uuid": "2b9a666e-bd59-4f67-9031-ed41b428e04a"
},
"uuid": "6ba71250-1dc7-4b8d-88e7-698440ea18a0",
"value": "Acquire OSINT data sets and information (PRE-T1054) related-to Acquire OSINT data sets and information (PRE-T1043)"
},
{
"meta": {
"source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
"target-uuid": "e24a9f99-cb76-42a3-a50b-464668773e97"
},
"uuid": "6238613d-8683-420d-baf7-6050aa27eb9d",
"value": "APT28 (G0007) uses Spear phishing messages with malicious attachments (PRE-T1144)"
},
{
"meta": {
"source-uuid": "286cc500-4291-45c2-99a1-e760db176402",
"target-uuid": "795c1a92-3a26-453e-b99a-6a566aa94dc6"
},
"uuid": "5dc0b076-5f25-4bda-83c7-1d8bd214b81a",
"value": "Acquire and/or use 3rd party infrastructure services (PRE-T1084) related-to Acquire and/or use 3rd party infrastructure services (PRE-T1106)"
},
{
"meta": {
"source-uuid": "7860e21e-7514-4a3f-8a9d-56405ccfdb0c",
"target-uuid": "59369f72-3005-4e54-9095-3d00efcece73"
},
"uuid": "7aaa32b6-73f3-4b6e-98ae-da16976e6003",
"value": "Identify supply chains (PRE-T1053) related-to Identify supply chains (PRE-T1042)"
},
{
"meta": {
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
"target-uuid": "4900fabf-1142-4c1f-92f5-0b590e049077"
},
"uuid": "cc22ab71-f2fc-4885-832b-e75dadeefa2d",
"value": "APT1 (G0006) uses Compromise 3rd party infrastructure to support delivery (PRE-T1089)"
},
{
"meta": {
"source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
"target-uuid": "784ff1bc-1483-41fe-a172-4cd9ae25c06b"
},
"uuid": "60e79ac2-3dc1-4005-a1f8-260d58117dab",
"value": "APT28 (G0007) uses Acquire OSINT data sets and information (PRE-T1024)"
},
{
"meta": {
"source-uuid": "c47f937f-1022-4f42-8525-e7a4779a14cb",
"target-uuid": "9a8c47f6-ae69-4044-917d-4b1602af64d9"
},
"uuid": "7da16587-3861-4404-9043-0076e4766ac4",
"value": "APT12 (G0005) uses Choose pre-compromised persona and affiliated accounts (PRE-T1120)"
},
{
"meta": {
"source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
"target-uuid": "91a3735f-817a-4450-8ed4-f05a0f5c3877"
},
"uuid": "6cfc9229-9928-414e-bfaf-f63e815b4c84",
"value": "APT28 (G0007) uses Determine strategic target (PRE-T1018)"
},
{
"meta": {
"source-uuid": "dfa4eaf4-50d9-49de-89e9-d33f579f3e05",
"target-uuid": "856a9371-4f0f-4ea9-946e-f3144204240f"
},
"uuid": "a7f177e4-7e7f-4883-af3d-c95db9ea7a53",
"value": "Determine 3rd party infrastructure services (PRE-T1061) related-to Determine 3rd party infrastructure services (PRE-T1037)"
},
{
"meta": {
"source-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063",
"target-uuid": "27f3ddf8-1b77-4cc2-a4c0-e6da3d31a768"
},
"uuid": "515e7665-040c-44ac-a379-44d4399d6e2b",
"value": "Cleaver (G0003) uses Obtain/re-use payloads (PRE-T1123)"
},
{
"meta": {
"source-uuid": "96eb59d1-6c46-44bb-bfcd-56be02a00d41",
"target-uuid": "7baccb84-356c-4e89-8c5d-58e701f033fc"
},
"uuid": "b180dee5-0d48-448f-94b9-4997f0c584d5",
"value": "Analyze organizational skillsets and deficiencies (PRE-T1074) related-to Analyze organizational skillsets and deficiencies (PRE-T1077)"
},
{
"meta": {
"source-uuid": "4900fabf-1142-4c1f-92f5-0b590e049077",
"target-uuid": "e51398e6-53dc-4e9f-a323-e54683d8672b"
},
"uuid": "28815a00-1cf4-4fbc-9039-306a9542c7fd",
"value": "Compromise 3rd party infrastructure to support delivery (PRE-T1089) related-to Compromise 3rd party infrastructure to support delivery (PRE-T1111)"
},
{
"meta": {
"source-uuid": "c721b235-679a-4d76-9ae9-e08921fccf84",
"target-uuid": "0722cd65-0c83-4c89-9502-539198467ab1"
},
"uuid": "8bcaccd1-403b-40f1-82d3-ac4d873263f8",
"value": "Identify job postings and needs/gaps (PRE-T1025) related-to Identify job postings and needs/gaps (PRE-T1044)"
},
{
"meta": {
"source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
"target-uuid": "ef0f816a-d561-4953-84c6-2a2936c96957"
},
"uuid": "5aab758c-79d2-4219-9053-f50791d98531",
"value": "APT28 (G0007) uses Discover target logon/email address format (PRE-T1032)"
},
{
"meta": {
"source-uuid": "c47f937f-1022-4f42-8525-e7a4779a14cb",
"target-uuid": "e6ca2820-a564-4b74-b42a-b6bdf052e5b6"
},
"uuid": "b55534ba-37ce-47f2-a961-edeaeedcb399",
"value": "APT12 (G0005) uses Obfuscate infrastructure (PRE-T1086)"
},
{
"meta": {
"source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
"target-uuid": "27f3ddf8-1b77-4cc2-a4c0-e6da3d31a768"
},
"uuid": "709bb5af-c484-48f2-bb19-bd7630e42e2d",
"value": "APT28 (G0007) uses Obtain/re-use payloads (PRE-T1123)"
},
{
"meta": {
"source-uuid": "c47f937f-1022-4f42-8525-e7a4779a14cb",
"target-uuid": "91a3735f-817a-4450-8ed4-f05a0f5c3877"
},
"uuid": "4e06cf53-00b1-46a6-a6b6-8e33e761b83f",
"value": "APT12 (G0005) uses Determine strategic target (PRE-T1018)"
},
{
"meta": {
"source-uuid": "090242d7-73fc-4738-af68-20162f7a5aae",
"target-uuid": "91a3735f-817a-4450-8ed4-f05a0f5c3877"
},
"uuid": "89754a0d-03b1-44e3-94c5-7a892d171a28",
"value": "APT17 (G0025) uses Determine strategic target (PRE-T1018)"
},
{
"meta": {
"source-uuid": "af358cad-eb71-4e91-a752-236edc237dae",
"target-uuid": "a757670d-d600-48d9-8ae9-601d42c184a5"
},
"uuid": "984d13eb-ba9c-4e7c-8675-85dde9877a81",
"value": "Conduct social engineering (PRE-T1045) related-to Conduct social engineering (PRE-T1056)"
},
{
"meta": {
"source-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
"target-uuid": "d3999268-740f-467e-a075-c82e2d04be62"
},
"uuid": "2daad934-bf08-4a2f-b656-4f7d197eb8fa",
"value": "APT28 (G0007) uses Assess leadership areas of interest (PRE-T1001)"
},
{
"meta": {
"source-uuid": "c47f937f-1022-4f42-8525-e7a4779a14cb",
"target-uuid": "e24a9f99-cb76-42a3-a50b-464668773e97"
},
"uuid": "1895866a-4689-4527-8460-95e9cd7dd037",
"value": "APT12 (G0005) uses Spear phishing messages with malicious attachments (PRE-T1144)"
},
{
"meta": {
"source-uuid": "a757670d-d600-48d9-8ae9-601d42c184a5",
"target-uuid": "74a3288e-eee9-4f8e-973a-fbc128e033f1"
},
"uuid": "51c20b46-16cc-4b58-80d7-89d48b14b064",
"value": "Conduct social engineering (PRE-T1056) related-to Conduct social engineering (PRE-T1026)"
},
{
"meta": {
"source-uuid": "03f4a766-7a21-4b5e-9ccf-e0cf422ab983",
"target-uuid": "e5164428-03ca-4336-a9a7-4d9ea1417e59"
},
"uuid": "fe31fa7c-be01-47ca-90bb-0fb49b49eb03",
"value": "Acquire or compromise 3rd party signing certificates (PRE-T1109) related-to Acquire or compromise 3rd party signing certificates (PRE-T1087)"
},
{
"meta": {
"source-uuid": "59369f72-3005-4e54-9095-3d00efcece73",
"target-uuid": "78e41091-d10d-4001-b202-89612892b6ff"
},
"uuid": "432c700b-4bf3-4824-a530-a6e86882c4b7",
"value": "Identify supply chains (PRE-T1042) related-to Identify supply chains (PRE-T1023)"
},
{
"meta": {
"source-uuid": "7718e92f-b011-4f88-b822-ae245a1de407",
"target-uuid": "0722cd65-0c83-4c89-9502-539198467ab1"
},
"uuid": "ef32147c-d309-4867-aaba-998088290e32",
"value": "Identify job postings and needs/gaps (PRE-T1055) related-to Identify job postings and needs/gaps (PRE-T1044)"
},
{
"meta": {
"source-uuid": "d6e88e18-81e8-4709-82d8-973095da1e70",
"target-uuid": "e51398e6-53dc-4e9f-a323-e54683d8672b"
},
"uuid": "f8559304-7ef6-4c48-8d76-a56ebf37c0be",
"value": "APT16 (G0023) uses Compromise 3rd party infrastructure to support delivery (PRE-T1111)"
},
{
"meta": {
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
"target-uuid": "2141aea0-cf38-49aa-9e51-ac34092bc30a"
},
"uuid": "3d3eb711-5054-4b32-8006-15ba67d3bb25",
"value": "APT1 (G0006) uses Procure required equipment and software (PRE-T1112)"
},
{
"meta": {
"source-uuid": "0722cd65-0c83-4c89-9502-539198467ab1",
"target-uuid": "7718e92f-b011-4f88-b822-ae245a1de407"
},
"uuid": "689ebb39-52f4-4b2f-8678-72cfed67cb9f",
"value": "Identify job postings and needs/gaps (PRE-T1044) related-to Identify job postings and needs/gaps (PRE-T1055)"
},
{
"meta": {
"source-uuid": "96eb59d1-6c46-44bb-bfcd-56be02a00d41",
"target-uuid": "092f05e3-f7c0-4cd2-91be-3a8d6ed3cadc"
},
"uuid": "36990d75-9fbd-43f0-9966-ae58f0388e1d",
"value": "Analyze organizational skillsets and deficiencies (PRE-T1074) related-to Analyze organizational skillsets and deficiencies (PRE-T1066)"
},
{
"meta": {
"source-uuid": "795c1a92-3a26-453e-b99a-6a566aa94dc6",
"target-uuid": "286cc500-4291-45c2-99a1-e760db176402"
},
"uuid": "9a1f729c-72a9-4735-9d48-ecb54ea018a9",
"value": "Acquire and/or use 3rd party infrastructure services (PRE-T1106) related-to Acquire and/or use 3rd party infrastructure services (PRE-T1084)"
},
{
"meta": {
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
"target-uuid": "eb517589-eefc-480e-b8e3-7a8b1066f6f1"
},
"uuid": "7c68bb22-457e-4942-9e07-36f6cd5ac5ba",
"value": "APT1 (G0006) uses Targeted social media phishing (PRE-T1143)"
},
{
"meta": {
"source-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063",
"target-uuid": "0440f60f-9056-4791-a740-8eae96eb61fa"
},
"uuid": "75c781d7-f9ef-42c8-b610-0dc1ecb3b350",
"value": "Cleaver (G0003) uses Authorized user performs requested cyber action (PRE-T1163)"
},
{
"meta": {
"source-uuid": "092f05e3-f7c0-4cd2-91be-3a8d6ed3cadc",
"target-uuid": "7baccb84-356c-4e89-8c5d-58e701f033fc"
},
"uuid": "d5bd7a33-a249-46e5-bb19-a498eba42bdb",
"value": "Analyze organizational skillsets and deficiencies (PRE-T1066) related-to Analyze organizational skillsets and deficiencies (PRE-T1077)"
},
{
"meta": {
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
"target-uuid": "15d5eaa4-597a-47fd-a692-f2bed434d904"
},
"uuid": "8a2549fa-9e7c-4d47-9678-8ed0bb8fa3aa",
"value": "APT1 (G0006) uses Derive intelligence requirements (PRE-T1007)"
},
{
"meta": {
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
"target-uuid": "0440f60f-9056-4791-a740-8eae96eb61fa"
},
"uuid": "0f97c2ae-2b89-4dd5-a270-42b1dcb5d403",
"value": "APT1 (G0006) uses Authorized user performs requested cyber action (PRE-T1163)"
},
{
"meta": {
"source-uuid": "d6e88e18-81e8-4709-82d8-973095da1e70",
"target-uuid": "e24a9f99-cb76-42a3-a50b-464668773e97"
},
"uuid": "c90a4d6a-af21-4103-ba57-3ddeb6e973e7",
"value": "APT16 (G0023) uses Spear phishing messages with malicious attachments (PRE-T1144)"
},
{
"meta": {
"source-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063",
"target-uuid": "c860af4a-376e-46d7-afbf-262c41012227"
},
"uuid": "eca0f05c-5025-4149-9826-3715cc243180",
"value": "Cleaver (G0003) uses Determine operational element (PRE-T1019)"
},
{
"meta": {
"source-uuid": "c47f937f-1022-4f42-8525-e7a4779a14cb",
"target-uuid": "d778cb83-2292-4995-b006-d38f52bc1e64"
},
"uuid": "683d4e44-f763-492c-b510-fa469a923798",
"value": "APT12 (G0005) uses Identify gap areas (PRE-T1002)"
},
{
"meta": {
"source-uuid": "72c8d526-1247-42d4-919c-6d7a31ca8f39",
"target-uuid": "e6ca2820-a564-4b74-b42a-b6bdf052e5b6"
},
"uuid": "db4dfa09-7f19-437a-9d79-15f2dc8ba0da",
"value": "Obfuscate infrastructure (PRE-T1108) related-to Obfuscate infrastructure (PRE-T1086)"
},
{
"meta": {
"source-uuid": "0722cd65-0c83-4c89-9502-539198467ab1",
"target-uuid": "c721b235-679a-4d76-9ae9-e08921fccf84"
},
"uuid": "bbb1c074-a93a-4e40-b11e-2151403f7f1d",
"value": "Identify job postings and needs/gaps (PRE-T1044) related-to Identify job postings and needs/gaps (PRE-T1025)"
},
{
"meta": {
"source-uuid": "028ad431-84c5-4eb7-a364-2b797c234f88",
"target-uuid": "784ff1bc-1483-41fe-a172-4cd9ae25c06b"
},
"uuid": "0e52753e-0a02-4bec-88f9-f8ee21b46bae",
"value": "Acquire OSINT data sets and information (PRE-T1054) related-to Acquire OSINT data sets and information (PRE-T1024)"
},
{
"meta": {
"source-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063",
"target-uuid": "91a3735f-817a-4450-8ed4-f05a0f5c3877"
},
"uuid": "3c7c0851-1cf8-458f-862d-4e4827f8f474",
"value": "Cleaver (G0003) uses Determine strategic target (PRE-T1018)"
},
{
"meta": {
"source-uuid": "e5164428-03ca-4336-a9a7-4d9ea1417e59",
"target-uuid": "03f4a766-7a21-4b5e-9ccf-e0cf422ab983"
},
"uuid": "c388ed7c-3820-41a3-98af-a48dd7e4d88b",
"value": "Acquire or compromise 3rd party signing certificates (PRE-T1087) related-to Acquire or compromise 3rd party signing certificates (PRE-T1109)"
},
{
"meta": {
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
"target-uuid": "9108e212-1c94-4f8d-be76-1aad9b4c86a4"
},
"uuid": "34ba5998-4e43-4669-9701-1877aa267354",
"value": "APT1 (G0006) uses Build social network persona (PRE-T1118)"
},
{
"meta": {
"source-uuid": "74a3288e-eee9-4f8e-973a-fbc128e033f1",
"target-uuid": "af358cad-eb71-4e91-a752-236edc237dae"
},
"uuid": "f8504a07-758c-4c51-ac94-c2e7ba652e29",
"value": "Conduct social engineering (PRE-T1026) related-to Conduct social engineering (PRE-T1045)"
},
{
"meta": {
"source-uuid": "78e41091-d10d-4001-b202-89612892b6ff",
"target-uuid": "7860e21e-7514-4a3f-8a9d-56405ccfdb0c"
},
"uuid": "9ad9966d-4a8d-4b15-b503-c5d27104fcdd",
"value": "Identify supply chains (PRE-T1023) related-to Identify supply chains (PRE-T1053)"
},
{
"meta": {
"source-uuid": "856a9371-4f0f-4ea9-946e-f3144204240f",
"target-uuid": "dfa4eaf4-50d9-49de-89e9-d33f579f3e05"
},
"uuid": "e4501560-7850-4467-8422-2cf336429e8a",
"value": "Determine 3rd party infrastructure services (PRE-T1037) related-to Determine 3rd party infrastructure services (PRE-T1061)"
},
{
"meta": {
"source-uuid": "74a3288e-eee9-4f8e-973a-fbc128e033f1",
"target-uuid": "a757670d-d600-48d9-8ae9-601d42c184a5"
},
"uuid": "66e4da4a-6eb6-46e0-9baf-74059f341b4a",
"value": "Conduct social engineering (PRE-T1026) related-to Conduct social engineering (PRE-T1056)"
},
{
"meta": {
"source-uuid": "e6ca2820-a564-4b74-b42a-b6bdf052e5b6",
"target-uuid": "72c8d526-1247-42d4-919c-6d7a31ca8f39"
},
"uuid": "41be9f31-9d2b-44b8-a7dc-31f8c4519751",
"value": "Obfuscate infrastructure (PRE-T1086) related-to Obfuscate infrastructure (PRE-T1108)"
},
{
"meta": {
"source-uuid": "2b9a666e-bd59-4f67-9031-ed41b428e04a",
"target-uuid": "784ff1bc-1483-41fe-a172-4cd9ae25c06b"
},
"uuid": "be031f72-737b-4afd-b2c1-c565f5ab7369",
"value": "Acquire OSINT data sets and information (PRE-T1043) related-to Acquire OSINT data sets and information (PRE-T1024)"
},
{
"meta": {
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
"target-uuid": "df42286d-dfbd-4455-bc9d-aef52ac29aa7"
},
"uuid": "90d7f0f0-6e41-431a-a024-9375cbc18d2b",
"value": "APT1 (G0006) uses Post compromise tool development (PRE-T1130)"
},
{
"meta": {
"source-uuid": "d6e88e18-81e8-4709-82d8-973095da1e70",
"target-uuid": "91a3735f-817a-4450-8ed4-f05a0f5c3877"
},
"uuid": "e60a165e-cfad-43e5-ba83-ea2430a377c5",
"value": "APT16 (G0023) uses Determine strategic target (PRE-T1018)"
},
{
"meta": {
"source-uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8",
"target-uuid": "91a3735f-817a-4450-8ed4-f05a0f5c3877"
},
"uuid": "a071fc8f-6323-420b-9812-b51f12fc7956",
"value": "Night Dragon (G0014) uses Determine strategic target (PRE-T1018)"
},
{
"meta": {
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
"target-uuid": "ec739e26-d097-4804-b04a-54dd81ff11e0"
},
"uuid": "970531a2-4927-41a3-b2cd-09d445322f51",
"value": "APT1 (G0006) uses Create strategic plan (PRE-T1008)"
},
{
"meta": {
"source-uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8",
"target-uuid": "4aeafdb3-eb0b-4e8e-b93f-95cd499088b4"
},
"uuid": "c2571ca8-98c4-490d-b8f8-f3678b0ce74d",
"value": "Night Dragon (G0014) uses Compromise of externally facing system (PRE-T1165)"
},
{
"meta": {
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
"target-uuid": "489a7797-01c3-4706-8cd1-ec56a9db3adc"
},
"uuid": "e78023e7-98de-4973-9331-843bfa28c9f7",
"value": "APT1 (G0006) uses Spear phishing messages with malicious links (PRE-T1146)"
},
{
"meta": {
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
"target-uuid": "357e137c-7589-4af1-895c-3fbad35ea4d2"
},
"uuid": "f76d74b6-c797-487c-8388-536367d1b922",
"value": "APT1 (G0006) uses Obfuscate or encrypt code (PRE-T1096)"
},
{
"meta": {
"source-uuid": "103d72e6-7e0d-4b3a-9373-c38567305c33",
"target-uuid": "eacd1efe-ee30-4b03-b58f-5b3b1adfe45d"
},
"uuid": "87239038-7693-49b3-b595-b828cc2be1ba",
"value": "Friend/Follow/Connect to targets of interest (PRE-T1121) related-to Friend/Follow/Connect to targets of interest (PRE-T1141)"
},
{
"meta": {
"source-uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8",
"target-uuid": "1a295f87-af63-4d94-b130-039d6221fb11"
},
"uuid": "c6e43693-2a6d-4ba8-8fa7-ec1ab5239528",
"value": "Night Dragon (G0014) uses Acquire and/or use 3rd party software services (PRE-T1085)"
},
{
"meta": {
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
"target-uuid": "91a3735f-817a-4450-8ed4-f05a0f5c3877"
},
"uuid": "5ed44a06-bcb4-4293-8bf4-aaebefddc09c",
"value": "APT1 (G0006) uses Determine strategic target (PRE-T1018)"
},
{
"meta": {
"source-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
"target-uuid": "aadaee0d-794c-4642-8293-7ec22a99fb1a"
},
"uuid": "db10491f-a854-4404-9271-600349484bc3",
"value": "APT1 (G0006) uses Domain registration hijacking (PRE-T1103)"
},
{
"meta": {
"source-uuid": "d6e88e18-81e8-4709-82d8-973095da1e70",
"target-uuid": "5b6ce031-bb86-407a-9984-2b9700ac4549"
},
"uuid": "4eb0e01c-85ae-466a-a8ff-0cf7891c5ab2",
"value": "APT16 (G0023) uses Identify business relationships (PRE-T1049)"
},
{
"meta": {
"source-uuid": "092f05e3-f7c0-4cd2-91be-3a8d6ed3cadc",
"target-uuid": "96eb59d1-6c46-44bb-bfcd-56be02a00d41"
},
"uuid": "7bd3d2ba-f114-4835-97b6-1c3e2208d3f3",
"value": "Analyze organizational skillsets and deficiencies (PRE-T1066) related-to Analyze organizational skillsets and deficiencies (PRE-T1074)"
},
{
"meta": {
"source-uuid": "488da8ed-2887-4ef6-a39a-5b69bc6682c6",
"target-uuid": "1a295f87-af63-4d94-b130-039d6221fb11"
},
"uuid": "2bf984b5-1a48-4d9a-a4f2-e97801254b84",
"value": "Acquire and/or use 3rd party software services (PRE-T1107) related-to Acquire and/or use 3rd party software services (PRE-T1085)"
},
{
"meta": {
"source-uuid": "59369f72-3005-4e54-9095-3d00efcece73",
"target-uuid": "7860e21e-7514-4a3f-8a9d-56405ccfdb0c"
},
"uuid": "c124f0ba-f4bc-430a-b40c-eebe0577f812",
"value": "Identify supply chains (PRE-T1042) related-to Identify supply chains (PRE-T1053)"
},
{
"meta": {
"source-uuid": "1a295f87-af63-4d94-b130-039d6221fb11",
"target-uuid": "488da8ed-2887-4ef6-a39a-5b69bc6682c6"
},
"uuid": "3d781e9a-d3f8-4e9f-bb23-ba6c2ff22267",
"value": "Acquire and/or use 3rd party software services (PRE-T1085) related-to Acquire and/or use 3rd party software services (PRE-T1107)"
},
{
"meta": {
"source-uuid": "d6e88e18-81e8-4709-82d8-973095da1e70",
"target-uuid": "ef0f816a-d561-4953-84c6-2a2936c96957"
},
"uuid": "597be8e7-58a4-4aff-a803-48a7a08164a2",
"value": "APT16 (G0023) uses Discover target logon/email address format (PRE-T1032)"
},
{
"meta": {
"source-uuid": "c47f937f-1022-4f42-8525-e7a4779a14cb",
"target-uuid": "df42286d-dfbd-4455-bc9d-aef52ac29aa7"
},
"uuid": "7a254f4d-c7cf-4b98-94e9-3937785b7d68",
"value": "APT12 (G0005) uses Post compromise tool development (PRE-T1130)"
},
{
"meta": {
"source-uuid": "a757670d-d600-48d9-8ae9-601d42c184a5",
"target-uuid": "af358cad-eb71-4e91-a752-236edc237dae"
},
"uuid": "46f1e7d4-4d73-4e33-b88b-b3bcde5d81fb",
"value": "Conduct social engineering (PRE-T1056) related-to Conduct social engineering (PRE-T1045)"
}
],
"version": 2
}

9
galaxies/mitre-enterprise-attack-relationship.json
View File

@ -1,9 +0,0 @@
{
"description": "Mitre Relationship",
"icon": "link",
"name": "Enterprise Attack - Relationship",
"namespace": "mitre-attack",
"type": "mitre-enterprise-attack-relationship",
"uuid": "fc404638-1707-11e8-a5cf-b78b9b562766",
"version": 4
}

9
galaxies/mitre-mobile-attack-relationship.json
View File

@ -1,9 +0,0 @@
{
"description": "Mitre Relationship",
"icon": "link",
"name": "Mobile Attack - Relationship",
"namespace": "mitre-attack",
"type": "mitre-mobile-attack-relationship",
"uuid": "fc8471aa-1707-11e8-b306-33cbe96a1ede",
"version": 4
}

9
galaxies/mitre-pre-attack-relationship.json
View File

@ -1,9 +0,0 @@
{
"description": "Mitre Relationship",
"icon": "link",
"name": "Pre Attack - Relationship",
"namespace": "mitre-attack",
"type": "mitre-pre-attack-relationship",
"uuid": "1f8e3bae-1708-11e8-8e97-4bd2150e5aae",
"version": 5
}

102
tools/mitre-cti/v2.0/create_mitre-enterprise-attack-relationship_galaxy.py
View File

@ -1,102 +0,0 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import json
import re
import os
import argparse
parser = argparse.ArgumentParser(description='Create a couple galaxy/cluster with cti\'s relationship\nMust be in the mitre/cti/enterprise-attack/relationship folder')
parser.add_argument("-v", "--version", type=int, required=True, help="Version of the galaxy. Please increment the previous one")
args = parser.parse_args()
values = []
path = "relationship/"
for element in os.listdir(path):
with open(path+element) as json_data:
d = json.load(json_data)
json_data.close()
temp = d['objects'][0]
source = temp['source_ref']
target = temp['target_ref']
relationship = temp['relationship_type']
if source.startswith('attack-pattern'):
paths = "attack-pattern/"
elif source.startswith('course-of-action'):
paths = "course-of-action/"
elif source.startswith('identity'):
paths = "identity/"
elif source.startswith('intrusion-set'):
paths = "intrusion-set/"
elif source.startswith('malware'):
paths = "malware/"
elif source.startswith('marking-definition'):
paths = "marking-definition/"
elif source.startswith('tool'):
paths = "tool/"
else:
print('Invalid value')
continue
with open(paths+source+'.json') as json_data:
s = json.load(json_data)
json_data.close()
if target.startswith('attack-pattern'):
patht = "attack-pattern/"
elif target.startswith('course-of-action'):
patht = "course-of-action/"
elif target.startswith('identity'):
patht = "identity/"
elif target.startswith('intrusion-set'):
patht = "intrusion-set/"
elif target.startswith('malware'):
patht = "malware/"
elif target.startswith('marking-definition'):
patht = "marking-definition/"
elif target.startswith('tool'):
patht = "tool/"
else:
print('Invalid value')
continue
with open(patht+target+'.json') as json_data:
t = json.load(json_data)
json_data.close()
value = {}
value['meta'] = {}
value['uuid'] = re.search('--(.*)$', temp['id']).group(0)[2:]
value['meta']['source-uuid'] = re.search('--(.*)$', s['objects'][0]['id']).group(0)[2:]
value['meta']['target-uuid'] = re.search('--(.*)$', t['objects'][0]['id']).group(0)[2:]
value['value'] = s['objects'][0]['name'] + ' (' + s['objects'][0]['external_references'][0]['external_id'] + ') ' + relationship + ' ' + t['objects'][0]['name'] + ' (' + t['objects'][0]['external_references'][0]['external_id'] + ')'
# value['value'] = s['objects'][0]['name'] + ' ' + relationship + ' ' + t['objects'][0]['name']
values.append(value)
galaxy = {}
galaxy['name'] = "Enterprise Attack - Relationship"
galaxy['type'] = "mitre-enterprise-attack-relationship"
galaxy['description'] = "Mitre Relationship"
galaxy['uuid' ] = "fc404638-1707-11e8-a5cf-b78b9b562766"
galaxy['version'] = args.version
galaxy['icon'] = "link"
galaxy['namespace'] = "mitre-attack"
cluster = {}
cluster['name'] = "Enterprise Attack - Relationship"
cluster['type'] = "mitre-enterprise-attack-relationship"
cluster['description'] = "MITRE Relationship"
cluster['version'] = args.version
cluster['source'] = "https://github.com/mitre/cti"
cluster['uuid' ] = "fc605f90-1707-11e8-9d6a-9f165ac2ab5c"
cluster['authors'] = ["MITRE"]
cluster['values'] = values
with open('generate/galaxies/mitre-enterprise-attack-relationship.json', 'w') as galaxy_file:
json.dump(galaxy, galaxy_file, indent=4)
with open('generate/clusters/mitre-enterprise-attack-relationship.json', 'w') as cluster_file:
json.dump(cluster, cluster_file, indent=4)

101
tools/mitre-cti/v2.0/create_mitre-mobile-attack-relationship_galaxy.py
View File

@ -1,101 +0,0 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import json
import re
import os
import argparse
parser = argparse.ArgumentParser(description='Create a couple galaxy/cluster with cti\'s relationship\nMust be in the mitre/cti/mobile-attack/relationship folder')
parser.add_argument("-v", "--version", type=int, required=True, help="Version of the galaxy. Please increment the previous one")
args = parser.parse_args()
values = []
path = "relationship/"
for element in os.listdir(path):
with open(path+element) as json_data:
d = json.load(json_data)
json_data.close()
temp = d['objects'][0]
source = temp['source_ref']
target = temp['target_ref']
relationship = temp['relationship_type']
if source.startswith('attack-pattern'):
paths = "attack-pattern/"
elif source.startswith('course-of-action'):
paths = "course-of-action/"
elif source.startswith('identity'):
paths = "identity/"
elif source.startswith('intrusion-set'):
paths = "intrusion-set/"
elif source.startswith('malware'):
paths = "malware/"
elif source.startswith('marking-definition'):
paths = "marking-definition/"
elif source.startswith('tool'):
paths = "tool/"
else:
print('Invalid value')
continue
with open(paths+source+'.json') as json_data:
s = json.load(json_data)
json_data.close()
if target.startswith('attack-pattern'):
patht = "attack-pattern/"
elif target.startswith('course-of-action'):
patht = "course-of-action/"
elif target.startswith('identity'):
patht = "identity/"
elif target.startswith('intrusion-set'):
patht = "intrusion-set/"
elif target.startswith('malware'):
patht = "malware/"
elif target.startswith('marking-definition'):
patht = "marking-definition/"
elif target.startswith('tool'):
patht = "tool/"
else:
print('Invalid value')
continue
with open(patht+target+'.json') as json_data:
t = json.load(json_data)
json_data.close()
value = {}
value['meta'] = {}
value['uuid'] = re.search('--(.*)$', temp['id']).group(0)[2:]
value['meta']['source-uuid'] = re.search('--(.*)$', s['objects'][0]['id']).group(0)[2:]
value['meta']['target-uuid'] = re.search('--(.*)$', t['objects'][0]['id']).group(0)[2:]
value['value'] = s['objects'][0]['name'] + ' (' + s['objects'][0]['external_references'][0]['external_id'] + ') ' + relationship + ' ' + t['objects'][0]['name'] + ' (' + t['objects'][0]['external_references'][0]['external_id'] + ')'
values.append(value)
galaxy = {}
galaxy['name'] = "Mobile Attack - Relationship"
galaxy['type'] = "mitre-mobile-attack-relationship"
galaxy['description'] = "Mitre Relationship"
galaxy['uuid' ] = "fc8471aa-1707-11e8-b306-33cbe96a1ede"
galaxy['version'] = args.version
galaxy['icon'] = "link"
galaxy['namespace'] = "mitre-attack"
cluster = {}
cluster['name'] = "Mobile Attack - Relationship"
cluster['type'] = "mitre-mobile-attack-relationship"
cluster['description'] = "MITRE Relationship"
cluster['version'] = args.version
cluster['source'] = "https://github.com/mitre/cti"
cluster['uuid' ] = "02f1fc42-1708-11e8-a4f2-eb70472c5901"
cluster['authors'] = ["MITRE"]
cluster['values'] = values
with open('generate/galaxies/mitre-mobile-attack-relationship.json', 'w') as galaxy_file:
json.dump(galaxy, galaxy_file, indent=4)
with open('generate/clusters/mitre-mobile-attack-relationship.json', 'w') as cluster_file:
json.dump(cluster, cluster_file, indent=4)

102
tools/mitre-cti/v2.0/create_mitre-pre-attack-relationship_galaxy.py
View File

@ -1,102 +0,0 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import json
import re
import os
import argparse
parser = argparse.ArgumentParser(description='Create a couple galaxy/cluster with cti\'s relationship\nMust be in the mitre/cti/pre-attack/relationship folder')
parser.add_argument("-v", "--version", type=int, required=True, help="Version of the galaxy. Please increment the previous one")
args = parser.parse_args()
values = []
path = "relationship/"
for element in os.listdir(path):
with open(path+element) as json_data:
d = json.load(json_data)
json_data.close()
temp = d['objects'][0]
source = temp['source_ref']
target = temp['target_ref']
relationship = temp['relationship_type']
if source.startswith('attack-pattern'):
paths = "attack-pattern/"
elif source.startswith('course-of-action'):
paths = "course-of-action/"
elif source.startswith('identity'):
paths = "identity/"
elif source.startswith('intrusion-set'):
paths = "intrusion-set/"
elif source.startswith('malware'):
paths = "malware/"
elif source.startswith('marking-definition'):
paths = "marking-definition/"
elif source.startswith('tool'):
paths = "tool/"
else:
print('Invalid value')
continue
with open(paths+source+'.json') as json_data:
s = json.load(json_data)
json_data.close()
if target.startswith('attack-pattern'):
patht = "attack-pattern/"
elif target.startswith('course-of-action'):
patht = "course-of-action/"
elif target.startswith('identity'):
patht = "identity/"
elif target.startswith('intrusion-set'):
patht = "intrusion-set/"
elif target.startswith('malware'):
patht = "malware/"
elif target.startswith('marking-definition'):
patht = "marking-definition/"
elif target.startswith('tool'):
patht = "tool/"
else:
print('Invalid value')
continue
with open(patht+target+'.json') as json_data:
t = json.load(json_data)
json_data.close()
value = {}
value['meta'] = {}
value['uuid'] = re.search('--(.*)$', temp['id']).group(0)[2:]
value['meta']['source-uuid'] = re.search('--(.*)$', s['objects'][0]['id']).group(0)[2:]
value['meta']['target-uuid'] = re.search('--(.*)$', t['objects'][0]['id']).group(0)[2:]
value['value'] = s['objects'][0]['name'] + ' (' + s['objects'][0]['external_references'][0]['external_id'] + ') ' + relationship + ' ' + t['objects'][0]['name'] + ' (' + t['objects'][0]['external_references'][0]['external_id'] + ')'
# value['value'] = s['objects'][0]['name'] + ' ' + relationship + ' ' + t['objects'][0]['name']
values.append(value)
galaxy = {}
galaxy['name'] = "Pre Attack - Relationship"
galaxy['type'] = "mitre-pre-attack-relationship"
galaxy['description'] = "Mitre Relationship"
galaxy['uuid' ] = "1f8e3bae-1708-11e8-8e97-4bd2150e5aae"
galaxy['version'] = args.version
galaxy['icon'] = "link"
galaxy['namespace'] = "mitre-attack"
cluster = {}
cluster['name'] = "Pre Attack - Relationship"
cluster['type'] = "mitre-pre-attack-relationship"
cluster['description'] = "MITRE Relationship"
cluster['version'] = args.version
cluster['source'] = "https://github.com/mitre/cti"
cluster['uuid' ] = "1ffd3108-1708-11e8-9f98-67b378d9094c"
cluster['authors'] = ["MITRE"]
cluster['values'] = values
with open('generate/galaxies/mitre-pre-attack-relationship.json', 'w') as galaxy_file:
json.dump(galaxy, galaxy_file, indent=4)
with open('generate/clusters/mitre-pre-attack-relationship.json', 'w') as cluster_file:
json.dump(cluster, cluster_file, indent=4)

97
tools/mitre-cti/v2.0/create_mitre_relationships.py Executable file
View File

@ -0,0 +1,97 @@
#!/usr/bin/env python3
import json
import re
import os
import argparse
parser = argparse.ArgumentParser(description='Create a couple galaxy/cluster with cti\'s relationship\nMust be in the mitre/cti/enterprise-attack/relationship folder')
parser.add_argument("-p", "--path", required=True, help="Path of the mitre/cti folder")
args = parser.parse_args()
# read out all clusters and map them based on uuid
# build a mapping between uuids and Clusters
clusters = []
pathClusters = '../../../clusters'
for f in os.listdir(pathClusters):
if '.json' in f:
clusters.append(f)
clusters.sort()
cluster_uuids = {}
for cluster in clusters:
fullPathClusters = os.path.join(pathClusters, cluster)
with open(fullPathClusters) as fp:
c = json.load(fp)
for v in c['values']:
if 'uuid' not in v:
continue
cluster_uuids[v['uuid']] = cluster
# read out all STIX mappings and store them in a list
stix_relations = {}
for subfolder in ['mobile-attack', 'pre-attack', 'enterprise-attack']:
curr_dir = os.path.join(args.path, subfolder, 'relationship')
for stix_fname in os.listdir(curr_dir):
with open(os.path.join(curr_dir, stix_fname)) as f:
json_data = json.load(f)
for o in json_data['objects']:
rel_type = o['relationship_type']
dest_uuid = re.findall(r'--([0-9a-f-]+)', o['target_ref']).pop()
uuid = re.findall(r'--([0-9a-f-]+)', o['source_ref']).pop()
tags = []
galaxy_fname = cluster_uuids[uuid]
# print("{} \t {} \t {} \t {}".format(rel_type, uuid, dest_uuid, galaxy_fname))
if not stix_relations.get(galaxy_fname):
stix_relations[galaxy_fname] = {}
stix_relations[galaxy_fname][uuid] = {
"dest-uuid": dest_uuid,
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": rel_type
}
# for each correlation per galaxy-file ,
# open the file,
# add the relationship,
# and save the galaxy file
for galaxy_fname, relations in stix_relations.items():
print("############# {}".format(galaxy_fname))
with open(os.path.join(pathClusters, galaxy_fname)) as f_in:
file_json = json.load(f_in)
for k, v in relations.items():
# print("{} \t {}".format(k, v))
for cluster in file_json['values']:
if cluster['uuid'] == k:
# skip if mapping already exists
skip = False
if 'related' in cluster:
for r in cluster['related']:
if r['dest-uuid'] == v['dest-uuid']:
print(" Mapping already exists! skipping... {}".format(v))
skip = True
break
if skip:
break
if 'related' not in cluster:
cluster['related'] = []
cluster['related'].append(v)
print(" Adding mapping: {}".format(v))
break
# increment version
file_json['version'] += 1
with open(os.path.join(pathClusters, galaxy_fname), 'w') as f_out:
json.dump(file_json, f_out, indent=2, sort_keys=True, ensure_ascii=False)
file_json = None