From 5be77f6c2d38309f84977443729ae1de02fd80a1 Mon Sep 17 00:00:00 2001 From: niclas Date: Tue, 5 Mar 2024 14:41:53 +0100 Subject: [PATCH] Fix [tidal] exclude empty meta fields --- clusters/tidal-campaigns.json | 60 +-- clusters/tidal-groups.json | 318 ++-------------- clusters/tidal-software.json | 346 ----------------- clusters/tidal-tactic.json | 42 +-- clusters/tidal-technique.json | 603 ++++++++++-------------------- tools/tidal-api/models/cluster.py | 2 +- 6 files changed, 269 insertions(+), 1102 deletions(-) diff --git a/clusters/tidal-campaigns.json b/clusters/tidal-campaigns.json index 4e14ec3..9bf6ae3 100644 --- a/clusters/tidal-campaigns.json +++ b/clusters/tidal-campaigns.json @@ -13,8 +13,7 @@ "campaign_attack_id": "C0028", "first_seen": "2015-12-01T05:00:00Z", "last_seen": "2016-01-01T05:00:00Z", - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [], "uuid": "96e367d0-a744-5b63-85ec-595f505248a3", @@ -26,8 +25,7 @@ "campaign_attack_id": "C0025", "first_seen": "2016-12-01T05:00:00Z", "last_seen": "2016-12-01T05:00:00Z", - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [], "uuid": "06197e03-e1c1-56af-ba98-5071f98f91f1", @@ -172,8 +170,7 @@ "campaign_attack_id": "C0010", "first_seen": "2020-12-01T07:00:00Z", "last_seen": "2022-08-01T06:00:00Z", - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [], "uuid": "a1e33caf-6eb0-442f-b97a-f6042f21df48", @@ -185,8 +182,7 @@ "campaign_attack_id": "C0011", "first_seen": "2021-12-01T06:00:00Z", "last_seen": "2022-07-01T05:00:00Z", - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [], "uuid": "4c7386a7-9741-4ae4-8ad9-def03ed77e29", @@ -245,8 +241,7 @@ "campaign_attack_id": "C0021", "first_seen": "2018-11-01T05:00:00Z", "last_seen": "2018-11-01T05:00:00Z", - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [], "uuid": "86bed8da-4cab-55fe-a2d0-9214db1a09cf", @@ -258,8 +253,7 @@ "campaign_attack_id": "C0026", "first_seen": "2022-08-01T05:00:00Z", "last_seen": "2022-09-01T04:00:00Z", - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [], "uuid": "41f283a1-b2ac-547d-98d5-ff907afd08c7", @@ -271,8 +265,7 @@ "campaign_attack_id": "C0027", "first_seen": "2022-06-01T04:00:00Z", "last_seen": "2022-12-01T05:00:00Z", - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [], "uuid": "a9719584-4f52-5a5d-b0f7-1059e715c2b8", @@ -302,8 +295,7 @@ "campaign_attack_id": "C0004", "first_seen": "2019-10-01T04:00:00Z", "last_seen": "2020-11-01T04:00:00Z", - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [], "uuid": "fb011ed2-bfb9-4f0f-bd88-8b3fa0cf9b48", @@ -353,8 +345,7 @@ "campaign_attack_id": "C0001", "first_seen": "2019-01-01T06:00:00Z", "last_seen": "2019-04-01T05:00:00Z", - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [], "uuid": "2fab9878-8aae-445a-86db-6b47b473f56b", @@ -366,8 +357,7 @@ "campaign_attack_id": "C0007", "first_seen": "2018-07-01T05:00:00Z", "last_seen": "2020-11-01T04:00:00Z", - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [], "uuid": "94587edf-0292-445b-8c66-b16629597f1e", @@ -397,8 +387,7 @@ "first_seen": "2020-09-20T00:00:00Z", "last_seen": "2020-10-20T00:00:00Z", "owner": "TidalCyberIan", - "source": "Tidal Cyber", - "tags": [] + "source": "Tidal Cyber" }, "related": [], "uuid": "18cf25b5-ed3a-40f6-bf0a-a3938a4f8da2", @@ -497,8 +486,7 @@ "campaign_attack_id": "C0002", "first_seen": "2009-11-01T04:00:00Z", "last_seen": "2011-02-01T05:00:00Z", - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [], "uuid": "85f136b3-d5a3-4c4c-a37c-40e4418dc989", @@ -510,8 +498,7 @@ "campaign_attack_id": "C0012", "first_seen": "2019-12-01T07:00:00Z", "last_seen": "2022-05-01T06:00:00Z", - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [], "uuid": "81bf4e45-f0d3-4fec-a9d4-1259cf8542a1", @@ -523,8 +510,7 @@ "campaign_attack_id": "C0022", "first_seen": "2019-09-01T04:00:00Z", "last_seen": "2020-08-01T04:00:00Z", - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [], "uuid": "9a94e646-cbe5-54a1-8bf6-70ef745e641b", @@ -536,8 +522,7 @@ "campaign_attack_id": "C0016", "first_seen": "2010-01-01T07:00:00Z", "last_seen": "2016-02-01T06:00:00Z", - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [], "uuid": "af0c0f55-dc4f-4cb5-9350-3a2d7c07595f", @@ -549,8 +534,7 @@ "campaign_attack_id": "C0023", "first_seen": "2013-09-01T04:00:00Z", "last_seen": "2019-10-01T04:00:00Z", - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [], "uuid": "1fcfe949-5f96-578e-86ad-069ba123c867", @@ -562,8 +546,7 @@ "campaign_attack_id": "C0006", "first_seen": "2017-08-01T05:00:00Z", "last_seen": "2018-02-01T06:00:00Z", - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [], "uuid": "f741ed36-2d52-40ae-bbdc-70722f4071c7", @@ -575,8 +558,7 @@ "campaign_attack_id": "C0013", "first_seen": "2017-09-01T05:00:00Z", "last_seen": "2019-03-01T06:00:00Z", - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [], "uuid": "57e858c8-fd0b-4382-a178-0165d03aa8a9", @@ -588,8 +570,7 @@ "campaign_attack_id": "C0005", "first_seen": "2019-11-01T05:00:00Z", "last_seen": "2021-01-01T06:00:00Z", - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [], "uuid": "98d3a8ac-6af9-4471-83f6-e880ca70261f", @@ -601,8 +582,7 @@ "campaign_attack_id": "C0014", "first_seen": "2017-12-01T05:00:00Z", "last_seen": "2019-12-01T05:00:00Z", - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [], "uuid": "56e4e10f-8c8c-4b7c-8355-7ed89af181be", diff --git a/clusters/tidal-groups.json b/clusters/tidal-groups.json index b4b835d..a288078 100644 --- a/clusters/tidal-groups.json +++ b/clusters/tidal-groups.json @@ -16,9 +16,7 @@ "HK", "US" ], - "observed_motivations": [], "source": "MITRE", - "tags": [], "target_categories": [ "Financial Services" ] @@ -106,11 +104,7 @@ "description": "[Ajax Security Team](https://app.tidalcyber.com/groups/e38bcb42-12c1-4202-a794-ec26cd830caa) is a group that has been active since at least 2010 and believed to be operating out of Iran. By 2014 [Ajax Security Team](https://app.tidalcyber.com/groups/e38bcb42-12c1-4202-a794-ec26cd830caa) transitioned from website defacement operations to malware-based cyber espionage campaigns targeting the US defense industrial base and Iranian users of anti-censorship technologies.[[FireEye Operation Saffron Rose 2013](https://app.tidalcyber.com/references/2f4c0941-d14e-4eb8-828c-f1d9a1e14a95)]", "meta": { "group_attack_id": "G0130", - "observed_countries": [], - "observed_motivations": [], - "source": "MITRE", - "tags": [], - "target_categories": [] + "source": "MITRE" }, "related": [ { @@ -178,7 +172,6 @@ "Destruction" ], "source": "MITRE", - "tags": [], "target_categories": [ "Aerospace", "Agriculture", @@ -211,10 +204,8 @@ "IL", "US" ], - "observed_motivations": [], "owner": "TidalCyberIan", "source": "Tidal Cyber", - "tags": [], "target_categories": [ "Education", "Government", @@ -258,7 +249,6 @@ "AE", "US" ], - "observed_motivations": [], "owner": "TidalCyberIan", "source": "Tidal Cyber", "tags": [ @@ -287,11 +277,7 @@ "description": "[Aoqin Dragon](https://app.tidalcyber.com/groups/454402a3-0503-45bf-b2e0-177fa2e2d412) is a suspected Chinese cyber espionage threat group that has been active since at least 2013. [Aoqin Dragon](https://app.tidalcyber.com/groups/454402a3-0503-45bf-b2e0-177fa2e2d412) has primarily targeted government, education, and telecommunication organizations in Australia, Cambodia, Hong Kong, Singapore, and Vietnam. Security researchers noted a potential association between [Aoqin Dragon](https://app.tidalcyber.com/groups/454402a3-0503-45bf-b2e0-177fa2e2d412) and UNC94, based on malware, infrastructure, and targets.[[SentinelOne Aoqin Dragon June 2022](https://app.tidalcyber.com/references/b4e792e0-b1fa-4639-98b1-233aaec53594)]", "meta": { "group_attack_id": "G1007", - "observed_countries": [], - "observed_motivations": [], - "source": "MITRE", - "tags": [], - "target_categories": [] + "source": "MITRE" }, "related": [], "uuid": "454402a3-0503-45bf-b2e0-177fa2e2d412", @@ -363,9 +349,7 @@ "US", "VN" ], - "observed_motivations": [], "source": "MITRE", - "tags": [], "target_categories": [ "Aerospace", "Agriculture", @@ -474,9 +458,7 @@ "TW", "US" ], - "observed_motivations": [], "source": "MITRE", - "tags": [], "target_categories": [ "Government", "High Tech", @@ -514,9 +496,7 @@ "TW", "TH" ], - "observed_motivations": [], "source": "MITRE", - "tags": [], "target_categories": [ "Financial Services", "Technology" @@ -563,9 +543,7 @@ "GB", "US" ], - "observed_motivations": [], "source": "MITRE", - "tags": [], "target_categories": [ "Defense", "Government", @@ -634,10 +612,7 @@ "description": "[APT18](https://app.tidalcyber.com/groups/a0c31021-b281-4c41-9855-436768299fe7) is a threat group that has operated since at least 2009 and has targeted a range of industries, including technology, manufacturing, human rights groups, government, and medical. [[Dell Lateral Movement](https://app.tidalcyber.com/references/fcc9b52a-751f-4985-8c32-7aaf411706ad)]", "meta": { "group_attack_id": "G0026", - "observed_countries": [], - "observed_motivations": [], "source": "MITRE", - "tags": [], "target_categories": [ "Government", "Healthcare", @@ -733,9 +708,7 @@ "AU", "US" ], - "observed_motivations": [], "source": "MITRE", - "tags": [], "target_categories": [ "Defense", "Education", @@ -859,7 +832,6 @@ ], "owner": "TidalCyberIan", "source": "Tidal Cyber", - "tags": [], "target_categories": [ "Aerospace", "Casinos Gambling", @@ -1705,10 +1677,7 @@ "US", "VN" ], - "observed_motivations": [], - "source": "MITRE", - "tags": [], - "target_categories": [] + "source": "MITRE" }, "related": [ { @@ -1767,7 +1736,6 @@ "Cyber Espionage" ], "source": "MITRE", - "tags": [], "target_categories": [ "Government", "Media" @@ -1838,7 +1806,6 @@ "US", "VN" ], - "observed_motivations": [], "source": "MITRE", "tags": [ "115113f0-5876-4aa5-b731-5ad46f60c069" @@ -1942,7 +1909,6 @@ "Cyber Espionage" ], "source": "MITRE", - "tags": [], "target_categories": [ "Aerospace", "Energy" @@ -2069,9 +2035,7 @@ "RU", "VN" ], - "observed_motivations": [], "source": "MITRE", - "tags": [], "target_categories": [ "Aerospace", "Automotive", @@ -2227,7 +2191,6 @@ "Financial Gain" ], "source": "MITRE", - "tags": [], "target_categories": [ "Banks", "Casinos Gambling", @@ -2320,9 +2283,7 @@ "AE", "US" ], - "observed_motivations": [], "source": "MITRE", - "tags": [], "target_categories": [ "Education", "Hospitality Leisure", @@ -2466,9 +2427,7 @@ "observed_countries": [ "CO" ], - "observed_motivations": [], "source": "MITRE", - "tags": [], "target_categories": [ "Banks", "Energy", @@ -2491,12 +2450,10 @@ "meta": { "country": "CN", "group_attack_id": "G0143", - "observed_countries": [], "observed_motivations": [ "Cyber Espionage" ], "source": "MITRE", - "tags": [], "target_categories": [ "Government", "Technology", @@ -2536,7 +2493,6 @@ "Cyber Espionage" ], "source": "MITRE", - "tags": [], "target_categories": [ "Aerospace", "Defense", @@ -2585,9 +2541,7 @@ "GB", "UZ" ], - "observed_motivations": [], "source": "MITRE", - "tags": [], "target_categories": [ "Government", "Non Profit", @@ -2665,11 +2619,7 @@ "description": "[BITTER](https://app.tidalcyber.com/groups/3a02aa1b-851a-43e1-b83b-58037f3c7025) is a suspected South Asian cyber espionage threat group that has been active since at least 2013. [BITTER](https://app.tidalcyber.com/groups/3a02aa1b-851a-43e1-b83b-58037f3c7025) has primarily targeted government, energy, and engineering organizations in Pakistan, China, Bangladesh, and Saudi Arabia.[[Cisco Talos Bitter Bangladesh May 2022](https://app.tidalcyber.com/references/097583ed-03b0-41cd-bf85-66d473f46439)][[Forcepoint BITTER Pakistan Oct 2016](https://app.tidalcyber.com/references/9fc54fb0-b7d9-49dc-b6dd-ab4cb2cd34fa)]", "meta": { "group_attack_id": "G1002", - "observed_countries": [], - "observed_motivations": [], - "source": "MITRE", - "tags": [], - "target_categories": [] + "source": "MITRE" }, "related": [ { @@ -2826,10 +2776,7 @@ "TN", "GB" ], - "observed_motivations": [], - "source": "MITRE", - "tags": [], - "target_categories": [] + "source": "MITRE" }, "related": [ { @@ -2918,7 +2865,6 @@ "Cyber Espionage" ], "source": "MITRE", - "tags": [], "target_categories": [ "Construction", "Defense", @@ -2959,13 +2905,10 @@ "description": "[Blue Mockingbird](https://app.tidalcyber.com/groups/b82c6ed1-c74a-4128-8b4d-18d1e17e1134) is a cluster of observed activity involving Monero cryptocurrency-mining payloads in dynamic-link library (DLL) form on Windows systems. The earliest observed Blue Mockingbird tools were created in December 2019.[[RedCanary Mockingbird May 2020](https://app.tidalcyber.com/references/596bfbb3-72e0-4d4c-a1a9-b8d54455ffd0)]", "meta": { "group_attack_id": "G0108", - "observed_countries": [], "observed_motivations": [ "Financial Gain" ], - "source": "MITRE", - "tags": [], - "target_categories": [] + "source": "MITRE" }, "related": [], "uuid": "b82c6ed1-c74a-4128-8b4d-18d1e17e1134", @@ -3018,7 +2961,6 @@ "Cyber Espionage" ], "source": "MITRE", - "tags": [], "target_categories": [ "Chemical", "Defense", @@ -3094,7 +3036,6 @@ "Financial Gain" ], "source": "MITRE", - "tags": [], "target_categories": [ "Financial Services" ] @@ -3120,9 +3061,7 @@ "observed_countries": [ "TW" ], - "observed_motivations": [], "source": "MITRE", - "tags": [], "target_categories": [ "Semi Conductors", "Travel Services" @@ -3184,9 +3123,7 @@ "GB", "US" ], - "observed_motivations": [], "source": "MITRE", - "tags": [], "target_categories": [ "Aerospace", "Chemical", @@ -3337,7 +3274,6 @@ "Cyber Espionage" ], "source": "MITRE", - "tags": [], "target_categories": [ "Defense", "Government" @@ -3369,7 +3305,6 @@ "Cyber Espionage" ], "source": "MITRE", - "tags": [], "target_categories": [ "Defense", "Education", @@ -3390,11 +3325,7 @@ "description": "[CURIUM](https://app.tidalcyber.com/groups/ab15a328-c41e-5701-993f-3cab29ac4544) is an Iranian threat group first reported in November 2021 that has invested in building a relationship with potential targets via social media over a period of months to establish trust and confidence before sending malware. Security researchers note [CURIUM](https://app.tidalcyber.com/groups/ab15a328-c41e-5701-993f-3cab29ac4544) has demonstrated great patience and persistence by chatting with potential targets daily and sending benign files to help lower their security consciousness.[[Microsoft Iranian Threat Actor Trends November 2021](https://app.tidalcyber.com/references/78d39ee7-1cd5-5cb8-844a-1c3649e367a1)]", "meta": { "group_attack_id": "G1012", - "observed_countries": [], - "observed_motivations": [], - "source": "MITRE", - "tags": [], - "target_categories": [] + "source": "MITRE" }, "related": [], "uuid": "ab15a328-c41e-5701-993f-3cab29ac4544", @@ -3495,9 +3426,7 @@ "observed_motivations": [ "Cyber Espionage" ], - "source": "MITRE", - "tags": [], - "target_categories": [] + "source": "MITRE" }, "related": [ { @@ -3543,9 +3472,7 @@ "TH", "US" ], - "observed_motivations": [], "source": "MITRE", - "tags": [], "target_categories": [ "Defense", "Government", @@ -3571,10 +3498,7 @@ "description": "[DarkHydrus](https://app.tidalcyber.com/groups/f2b31240-0b4a-4fa4-82a4-6bb00e146e75) is a threat group that has targeted government agencies and educational institutions in the Middle East since at least 2016. The group heavily leverages open-source tools and custom payloads for carrying out attacks. [[Unit 42 DarkHydrus July 2018](https://app.tidalcyber.com/references/800279cf-e6f8-4721-818f-46e35ec7892a)] [[Unit 42 Playbook Dec 2017](https://app.tidalcyber.com/references/9923f9ff-a7b8-4058-8213-3c83c54c10a6)]", "meta": { "group_attack_id": "G0079", - "observed_countries": [], - "observed_motivations": [], "source": "MITRE", - "tags": [], "target_categories": [ "Education", "Government" @@ -3593,12 +3517,10 @@ "description": "[DarkVishnya](https://app.tidalcyber.com/groups/d428f9be-6faf-4d57-b677-4a927fea5f7e) is a financially motivated threat actor targeting financial institutions in Eastern Europe. In 2017-2018 the group attacked at least 8 banks in this region.[[Securelist DarkVishnya Dec 2018](https://app.tidalcyber.com/references/da9ac5a7-c644-45fa-ab96-30ac6bfc9f81)]", "meta": { "group_attack_id": "G0105", - "observed_countries": [], "observed_motivations": [ "Financial Gain" ], "source": "MITRE", - "tags": [], "target_categories": [ "Banks", "Financial Services" @@ -3696,7 +3618,6 @@ "Cyber Espionage" ], "source": "MITRE", - "tags": [], "target_categories": [ "Aerospace", "Agriculture", @@ -3919,9 +3840,7 @@ "RU", "TW" ], - "observed_motivations": [], "source": "MITRE", - "tags": [], "target_categories": [ "Manufacturing", "Technology" @@ -3954,11 +3873,7 @@ "description": "[Earth Lusca](https://app.tidalcyber.com/groups/646e35d2-75de-4c1d-8ad3-616d3e155c5e) is a suspected China-based cyber espionage group that has been active since at least April 2019. [Earth Lusca](https://app.tidalcyber.com/groups/646e35d2-75de-4c1d-8ad3-616d3e155c5e) has targeted organizations in Australia, China, Hong Kong, Mongolia, Nepal, the Philippines, Taiwan, Thailand, Vietnam, the United Arab Emirates, Nigeria, Germany, France, and the United States. Targets included government institutions, news media outlets, gambling companies, educational institutions, COVID-19 research organizations, telecommunications companies, religious movements banned in China, and cryptocurrency trading platforms; security researchers assess some [Earth Lusca](https://app.tidalcyber.com/groups/646e35d2-75de-4c1d-8ad3-616d3e155c5e) operations may be financially motivated.[[TrendMicro EarthLusca 2022](https://app.tidalcyber.com/references/f6e1bffd-e35b-4eae-b9bf-c16a82bf7004)]\n\n[Earth Lusca](https://app.tidalcyber.com/groups/646e35d2-75de-4c1d-8ad3-616d3e155c5e) has used malware commonly used by other Chinese threat groups, including [APT41](https://app.tidalcyber.com/groups/502223ee-8947-42f8-a532-a3b3da12b7d9) and the [Winnti Group](https://app.tidalcyber.com/groups/6932662a-53a7-4e43-877f-6e940e2d744b) cluster, however security researchers assess [Earth Lusca](https://app.tidalcyber.com/groups/646e35d2-75de-4c1d-8ad3-616d3e155c5e)'s techniques and infrastructure are separate.[[TrendMicro EarthLusca 2022](https://app.tidalcyber.com/references/f6e1bffd-e35b-4eae-b9bf-c16a82bf7004)]", "meta": { "group_attack_id": "G1006", - "observed_countries": [], - "observed_motivations": [], - "source": "MITRE", - "tags": [], - "target_categories": [] + "source": "MITRE" }, "related": [ { @@ -4029,9 +3944,7 @@ "GB", "US" ], - "observed_motivations": [], "source": "MITRE", - "tags": [], "target_categories": [ "Defense", "Human Rights", @@ -4149,11 +4062,7 @@ "description": "[Ember Bear](https://app.tidalcyber.com/groups/407274be-1820-4a84-939e-629313f4de1d) is a suspected Russian state-sponsored cyber espionage group that has been active since at least March 2021. [Ember Bear](https://app.tidalcyber.com/groups/407274be-1820-4a84-939e-629313f4de1d) has primarily focused their operations against Ukraine and Georgia, but has also targeted Western European and North American foreign ministries, pharmaceutical companies, and financial sector organizations. Security researchers assess [Ember Bear](https://app.tidalcyber.com/groups/407274be-1820-4a84-939e-629313f4de1d) likely conducted the [WhisperGate](https://app.tidalcyber.com/software/791f0afd-c2c4-4e23-8aee-1d14462667f5) destructive wiper attacks against Ukraine in early 2022.[[CrowdStrike Ember Bear Profile March 2022](https://app.tidalcyber.com/references/0639c340-b495-4d91-8418-3069f3fe0df1)][[Mandiant UNC2589 March 2022](https://app.tidalcyber.com/references/63d89139-9dd4-4ed6-bf6e-8cd872c5d034)][[Palo Alto Unit 42 OutSteel SaintBot February 2022 ](https://app.tidalcyber.com/references/b0632490-76be-4018-982d-4b73b3d13881)] ", "meta": { "group_attack_id": "G1003", - "observed_countries": [], - "observed_motivations": [], - "source": "MITRE", - "tags": [], - "target_categories": [] + "source": "MITRE" }, "related": [ { @@ -4223,7 +4132,6 @@ "US", "YE" ], - "observed_motivations": [], "source": "MITRE", "tags": [ "a98d7a43-f227-478e-81de-e7299639a355" @@ -4259,7 +4167,6 @@ "Financial Gain" ], "source": "MITRE", - "tags": [], "target_categories": [ "Financial Services" ] @@ -4272,14 +4179,11 @@ "description": "[EXOTIC LILY](https://app.tidalcyber.com/groups/396a4361-3e84-47bc-9544-58e287c05799) is a financially motivated group that has been closely linked with [Wizard Spider](https://app.tidalcyber.com/groups/0b431229-036f-4157-a1da-ff16dfc095f8) and the deployment of ransomware including [Conti](https://app.tidalcyber.com/software/8e995c29-2759-4aeb-9a0f-bb7cd97b06e5) and [Diavol](https://app.tidalcyber.com/software/d057b6e7-1de4-4f2f-b374-7e879caecd67). [EXOTIC LILY](https://app.tidalcyber.com/groups/396a4361-3e84-47bc-9544-58e287c05799) may be acting as an initial access broker for other malicious actors, and has targeted a wide range of industries including IT, cybersecurity, and healthcare since at least September 2021.[[Google EXOTIC LILY March 2022](https://app.tidalcyber.com/references/19d2cb48-bdb2-41fe-ba24-0769d7bd4d94)]", "meta": { "group_attack_id": "G1011", - "observed_countries": [], - "observed_motivations": [], "source": "MITRE", "tags": [ "5e7433ad-a894-4489-93bc-41e90da90019", "7e7b0c67-bb85-4996-a289-da0e792d7172" - ], - "target_categories": [] + ] }, "related": [], "uuid": "396a4361-3e84-47bc-9544-58e287c05799", @@ -4292,10 +4196,7 @@ "observed_countries": [ "IR" ], - "observed_motivations": [], - "source": "MITRE", - "tags": [], - "target_categories": [] + "source": "MITRE" }, "related": [], "uuid": "275ca7b0-3b21-4c3a-8b6f-57b6f0ffb6fb", @@ -4313,7 +4214,6 @@ "Financial Gain" ], "source": "MITRE", - "tags": [], "target_categories": [ "Casinos Gambling", "Hospitality Leisure", @@ -4418,7 +4318,6 @@ "Financial Gain" ], "source": "MITRE", - "tags": [], "target_categories": [ "Commercial", "Financial Services", @@ -4439,12 +4338,10 @@ "description": "[FIN4](https://app.tidalcyber.com/groups/4b6531dc-5b29-4577-8b54-fa99229ab0ca) is a financially-motivated threat group that has targeted confidential information related to the public financial market, particularly regarding healthcare and pharmaceutical companies, since at least 2013.[[FireEye Hacking FIN4 Dec 2014](https://app.tidalcyber.com/references/c3ac1c2a-21cc-42a9-a214-88f302371766)][[FireEye FIN4 Stealing Insider NOV 2014](https://app.tidalcyber.com/references/b27f1040-46e5-411a-b238-0b40f6160680)] [FIN4](https://app.tidalcyber.com/groups/4b6531dc-5b29-4577-8b54-fa99229ab0ca) is unique in that they do not infect victims with typical persistent malware, but rather they focus on capturing credentials authorized to access email and other non-public correspondence.[[FireEye Hacking FIN4 Dec 2014](https://app.tidalcyber.com/references/c3ac1c2a-21cc-42a9-a214-88f302371766)][[FireEye Hacking FIN4 Video Dec 2014](https://app.tidalcyber.com/references/6dcfe3fb-c310-49cf-a657-f2cec65c5499)]", "meta": { "group_attack_id": "G0085", - "observed_countries": [], "observed_motivations": [ "Financial Gain" ], "source": "MITRE", - "tags": [], "target_categories": [ "Financial Services", "Healthcare", @@ -4464,12 +4361,10 @@ "description": "[FIN5](https://app.tidalcyber.com/groups/7902f5cc-d6a5-4a57-8d54-4c75e0c58b83) is a financially motivated threat group that has targeted personally identifiable information and payment card information. The group has been active since at least 2008 and has targeted the restaurant, gaming, and hotel industries. The group is made up of actors who likely speak Russian. [[FireEye Respond Webinar July 2017](https://app.tidalcyber.com/references/e7091d66-7faa-49d6-b16f-be1f79db4471)] [[Mandiant FIN5 GrrCON Oct 2016](https://app.tidalcyber.com/references/2bd39baf-4223-4344-ba93-98aa8453dc11)] [[DarkReading FireEye FIN5 Oct 2015](https://app.tidalcyber.com/references/afe0549d-dc1b-4bcf-9a1d-55698afd530e)]", "meta": { "group_attack_id": "G0053", - "observed_countries": [], "observed_motivations": [ "Financial Gain" ], "source": "MITRE", - "tags": [], "target_categories": [ "Entertainment", "Hospitality Leisure" @@ -4537,7 +4432,6 @@ "Financial Gain" ], "source": "MITRE", - "tags": [], "target_categories": [ "Financial Services", "Hospitality Leisure", @@ -4857,10 +4751,7 @@ "meta": { "country": "CN", "group_attack_id": "G0093", - "observed_countries": [], - "observed_motivations": [], "source": "MITRE", - "tags": [], "target_categories": [ "Telecommunications" ] @@ -4878,12 +4769,10 @@ "description": "[Gallmaker](https://app.tidalcyber.com/groups/cd483597-4eda-4e16-bb58-353488511410) is a cyberespionage group that has targeted victims in the Middle East and has been active since at least December 2017. The group has mainly targeted victims in the defense, military, and government sectors.[[Symantec Gallmaker Oct 2018](https://app.tidalcyber.com/references/f47b3e2b-acdd-4487-88b9-de5cbe45cf33)]", "meta": { "group_attack_id": "G0084", - "observed_countries": [], "observed_motivations": [ "Cyber Espionage" ], "source": "MITRE", - "tags": [], "target_categories": [ "Defense", "Government" @@ -5030,7 +4919,6 @@ "Cyber Espionage" ], "source": "MITRE", - "tags": [], "target_categories": [ "Defense", "NGOs", @@ -5074,12 +4962,10 @@ "description": "[GCMAN](https://app.tidalcyber.com/groups/dbc85db0-937d-47d7-9002-7364d41be48a) is a threat group that focuses on targeting banks for the purpose of transferring money to e-currency services. [[Securelist GCMAN](https://app.tidalcyber.com/references/1f07f234-50f0-4c1e-942a-a01d3f733161)]", "meta": { "group_attack_id": "G0036", - "observed_countries": [], "observed_motivations": [ "Financial Gain" ], "source": "MITRE", - "tags": [], "target_categories": [ "Financial Services" ] @@ -5111,7 +4997,6 @@ "description": "[GOLD SOUTHFIELD](https://app.tidalcyber.com/groups/b4d068ac-9b68-4cd8-bf0c-019f910ef8e3) is a financially motivated threat group active since at least 2018 that operates the [REvil](https://app.tidalcyber.com/software/9314531e-bf46-4cba-9c19-198279ccf9cd) Ransomware-as-a Service (RaaS). [GOLD SOUTHFIELD](https://app.tidalcyber.com/groups/b4d068ac-9b68-4cd8-bf0c-019f910ef8e3) provides backend infrastructure for affiliates recruited on underground forums to perpetrate high value deployments. By early 2020, [GOLD SOUTHFIELD](https://app.tidalcyber.com/groups/b4d068ac-9b68-4cd8-bf0c-019f910ef8e3) started capitalizing on the new trend of stealing data and further extorting the victim to pay for their data to not get publicly leaked.[[Secureworks REvil September 2019](https://app.tidalcyber.com/references/8f4e2baf-4227-4bbd-bfdb-5598717dcf88)][[Secureworks GandCrab and REvil September 2019](https://app.tidalcyber.com/references/46b5d57b-17be-48ff-b723-406f6a55d84a)][[Secureworks GOLD SOUTHFIELD](https://app.tidalcyber.com/references/01d1ffaa-16b3-41c4-bb5a-afe2b41f1142)][[CrowdStrike Evolution of Pinchy Spider July 2021](https://app.tidalcyber.com/references/7578541b-1ae3-58d0-a8b9-120bd6cd96f5)]", "meta": { "group_attack_id": "G0115", - "observed_countries": [], "observed_motivations": [ "Financial Gain" ], @@ -5120,8 +5005,7 @@ "f2ae2283-f94d-4f8f-bbde-43f2bed66c55", "5e7433ad-a894-4489-93bc-41e90da90019", "7e7b0c67-bb85-4996-a289-da0e792d7172" - ], - "target_categories": [] + ] }, "related": [ { @@ -5143,9 +5027,7 @@ "GB", "US" ], - "observed_motivations": [], "source": "MITRE", - "tags": [], "target_categories": [ "Government" ] @@ -5163,11 +5045,7 @@ "description": "[Group5](https://app.tidalcyber.com/groups/fcc6d937-8cd6-4f2c-adb8-48caedbde70a) is a threat group with a suspected Iranian nexus, though this attribution is not definite. The group has targeted individuals connected to the Syrian opposition via spearphishing and watering holes, normally using Syrian and Iranian themes. [Group5](https://app.tidalcyber.com/groups/fcc6d937-8cd6-4f2c-adb8-48caedbde70a) has used two commonly available remote access tools (RATs), [njRAT](https://app.tidalcyber.com/software/82996f6f-0575-45cd-8f7c-ba1b063d5b9f) and [NanoCore](https://app.tidalcyber.com/software/db05dbaa-eb3a-4303-b37e-18d67e7e85a1), as well as an Android RAT, DroidJack. [[Citizen Lab Group5](https://app.tidalcyber.com/references/ffbec5e8-947a-4363-b7e1-812dfd79935a)]", "meta": { "group_attack_id": "G0043", - "observed_countries": [], - "observed_motivations": [], - "source": "MITRE", - "tags": [], - "target_categories": [] + "source": "MITRE" }, "related": [ { @@ -5204,7 +5082,6 @@ "Cyber Espionage" ], "source": "MITRE", - "tags": [], "target_categories": [ "Defense", "Education", @@ -5272,11 +5149,7 @@ "description": "[HEXANE](https://app.tidalcyber.com/groups/eecf7289-294f-48dd-a747-7705820f4735) is a cyber espionage threat group that has targeted oil & gas, telecommunications, aviation, and internet service provider organizations since at least 2017. Targeted companies have been located in the Middle East and Africa, including Israel, Saudi Arabia, Kuwait, Morocco, and Tunisia. [HEXANE](https://app.tidalcyber.com/groups/eecf7289-294f-48dd-a747-7705820f4735)'s TTPs appear similar to [APT33](https://app.tidalcyber.com/groups/99bbbe25-45af-492f-a7ff-7cbc57828bac) and [OilRig](https://app.tidalcyber.com/groups/d01abdb1-0378-4654-aa38-1a4a292703e2) but due to differences in victims and tools it is tracked as a separate entity.[[Dragos Hexane](https://app.tidalcyber.com/references/11838e67-5032-4352-ad1f-81ba0398a14f)][[Kaspersky Lyceum October 2021](https://app.tidalcyber.com/references/b3d13a82-c24e-4b47-b47a-7221ad449859)][[ClearSky Siamesekitten August 2021](https://app.tidalcyber.com/references/9485efce-8d54-4461-b64e-0d15e31fbf8c)][[Accenture Lyceum Targets November 2021](https://app.tidalcyber.com/references/127836ce-e459-405d-a75c-32fd5f0ab198)]", "meta": { "group_attack_id": "G1001", - "observed_countries": [], - "observed_motivations": [], - "source": "MITRE", - "tags": [], - "target_categories": [] + "source": "MITRE" }, "related": [ { @@ -5307,9 +5180,7 @@ "PL", "RU" ], - "observed_motivations": [], "source": "MITRE", - "tags": [], "target_categories": [ "Government" ] @@ -5413,7 +5284,6 @@ "Cyber Espionage" ], "source": "MITRE", - "tags": [], "target_categories": [ "Government" ] @@ -5618,9 +5488,7 @@ "UZ", "VE" ], - "observed_motivations": [], "source": "MITRE", - "tags": [], "target_categories": [ "Defense", "Energy", @@ -5683,7 +5551,6 @@ "GB", "US" ], - "observed_motivations": [], "owner": "TidalCyberIan", "source": "Tidal Cyber", "tags": [ @@ -5776,7 +5643,6 @@ "Cyber Espionage" ], "source": "MITRE", - "tags": [], "target_categories": [ "Defense", "Education", @@ -5827,16 +5693,13 @@ "description": "[LAPSUS$](https://app.tidalcyber.com/groups/0060bb76-6713-4942-a4c0-d4ae01ec2866) is cyber criminal threat group that has been active since at least mid-2021. [LAPSUS$](https://app.tidalcyber.com/groups/0060bb76-6713-4942-a4c0-d4ae01ec2866) specializes in large-scale social engineering and extortion operations, including destructive attacks without the use of ransomware. The group has targeted organizations globally, including in the government, manufacturing, higher education, energy, healthcare, technology, telecommunications, and media sectors.[[BBC LAPSUS Apr 2022](https://app.tidalcyber.com/references/6c9f4312-6c9d-401c-b20f-12ce50c94a96)][[MSTIC DEV-0537 Mar 2022](https://app.tidalcyber.com/references/a9ce7e34-6e7d-4681-9869-8e8f2b5b0390)][[UNIT 42 LAPSUS Mar 2022](https://app.tidalcyber.com/references/50f4c1ed-b046-405a-963d-a113324355a3)]", "meta": { "group_attack_id": "G1004", - "observed_countries": [], - "observed_motivations": [], "source": "MITRE", "tags": [ "2e5f6e4a-4579-46f7-9997-6923180815dd", "c9c73000-30a5-4a16-8c8b-79169f9c24aa", "a2e000da-8181-4327-bacd-32013dbd3654", "5e7433ad-a894-4489-93bc-41e90da90019" - ], - "target_categories": [] + ] }, "related": [ { @@ -6002,10 +5865,7 @@ "description": "[LazyScripter](https://app.tidalcyber.com/groups/12279b62-289e-49ee-97cb-c780edd3d091) is threat group that has mainly targeted the airlines industry since at least 2018, primarily using open-source toolsets.[[MalwareBytes LazyScripter Feb 2021](https://app.tidalcyber.com/references/078837a7-82cd-4e26-9135-43b612e911fe)]", "meta": { "group_attack_id": "G0140", - "observed_countries": [], - "observed_motivations": [], "source": "MITRE", - "tags": [], "target_categories": [ "Travel Services" ] @@ -6044,7 +5904,6 @@ "Cyber Espionage" ], "source": "MITRE", - "tags": [], "target_categories": [ "Aerospace", "Construction", @@ -6182,7 +6041,6 @@ "GB", "US" ], - "observed_motivations": [], "source": "MITRE", "tags": [ "931d2342-5165-41cf-a5a9-8308d9c9f7ed" @@ -6408,7 +6266,6 @@ "Cyber Espionage" ], "source": "MITRE", - "tags": [], "target_categories": [ "Defense", "Government" @@ -6435,11 +6292,7 @@ "description": "[LuminousMoth](https://app.tidalcyber.com/groups/b10aa4c0-10a1-5e08-8d9d-82ce95d45e6a) is a Chinese-speaking cyber espionage group that has been active since at least October 2020. [LuminousMoth](https://app.tidalcyber.com/groups/b10aa4c0-10a1-5e08-8d9d-82ce95d45e6a) has targeted high-profile organizations, including government entities, in Myanmar, the Philippines, Thailand, and other parts of Southeast Asia. Some security researchers have concluded there is a connection between [LuminousMoth](https://app.tidalcyber.com/groups/b10aa4c0-10a1-5e08-8d9d-82ce95d45e6a) and [Mustang Panda](https://app.tidalcyber.com/groups/4a4641b1-7686-49da-8d83-00d8013f4b47) based on similar targeting and TTPs, as well as network infrastructure overlaps.[[Kaspersky LuminousMoth July 2021](https://app.tidalcyber.com/references/e21c6931-fba8-52b0-b6f0-1c8222881fbd)][[Bitdefender LuminousMoth July 2021](https://app.tidalcyber.com/references/6b1ce8bb-4e77-59f3-87ff-78f4a1a10ad3)]", "meta": { "group_attack_id": "G1014", - "observed_countries": [], - "observed_motivations": [], - "source": "MITRE", - "tags": [], - "target_categories": [] + "source": "MITRE" }, "related": [], "uuid": "b10aa4c0-10a1-5e08-8d9d-82ce95d45e6a", @@ -6507,7 +6360,6 @@ "Cyber Espionage" ], "source": "MITRE", - "tags": [], "target_categories": [ "Defense", "Government", @@ -6660,7 +6512,6 @@ "Cyber Espionage" ], "source": "MITRE", - "tags": [], "target_categories": [ "Construction", "Defense", @@ -6714,7 +6565,6 @@ "description": "MedusaLocker is a ransomware-as-a-service (\"RaaS\") operation that has been active since September 2019. U.S. cybersecurity authorities indicate that MedusaLocker operators have primarily targeted victims in the healthcare sector, among other unspecified sectors. Initial access for MedusaLocker intrusions originally came via phishing and spam email campaigns, but since 2022 has typically occurred via exploit of vulnerable Remote Desktop Protocol devices.[[HC3 Analyst Note MedusaLocker Ransomware February 2023](/references/49e314d6-5324-41e0-8bee-2b3e08d5e12f)]\n \nThis object represents behaviors associated with operators of MedusaLocker ransomware. As MedusaLocker is licensed on a RaaS model, affiliates likely do not act as a single cohesive unit, and behaviors observed during particular attacks may vary. Behaviors associated with samples of MedusaLocker ransomware are represented in the \"MedusaLocker Ransomware\" Software object.\n\n**Malpedia (Research)**: https://malpedia.caad.fkie.fraunhofer.de/details/win.medusalocker", "meta": { "group_attack_id": "G5003", - "observed_countries": [], "observed_motivations": [ "Financial Gain" ], @@ -6926,7 +6776,6 @@ "Financial Gain" ], "source": "MITRE", - "tags": [], "target_categories": [ "Aerospace", "Construction", @@ -6984,11 +6833,7 @@ "description": "[Metador](https://app.tidalcyber.com/groups/a3a3a1d3-7fe7-5578-8c5f-9c0f2f68079b) is a suspected cyber espionage group that was first reported in September 2022. [Metador](https://app.tidalcyber.com/groups/a3a3a1d3-7fe7-5578-8c5f-9c0f2f68079b) has targeted a limited number of telecommunication companies, internet service providers, and universities in the Middle East and Africa. Security researchers named the group [Metador](https://app.tidalcyber.com/groups/a3a3a1d3-7fe7-5578-8c5f-9c0f2f68079b) based on the \"I am meta\" string in one of the group's malware samples and the expectation of Spanish-language responses from C2 servers.[[SentinelLabs Metador Sept 2022](https://app.tidalcyber.com/references/137474b7-638a-56d7-9ce2-ab906f207175)]", "meta": { "group_attack_id": "G1013", - "observed_countries": [], - "observed_motivations": [], - "source": "MITRE", - "tags": [], - "target_categories": [] + "source": "MITRE" }, "related": [], "uuid": "a3a3a1d3-7fe7-5578-8c5f-9c0f2f68079b", @@ -7008,7 +6853,6 @@ "Cyber Espionage" ], "source": "MITRE", - "tags": [], "target_categories": [ "Defense", "Government", @@ -7042,7 +6886,6 @@ "Cyber Espionage" ], "source": "MITRE", - "tags": [], "target_categories": [ "Automotive", "Defense", @@ -7100,7 +6943,6 @@ "Cyber Espionage" ], "source": "MITRE", - "tags": [], "target_categories": [ "Banks", "Government", @@ -7145,7 +6987,6 @@ "Destruction" ], "source": "MITRE", - "tags": [], "target_categories": [ "Energy", "Financial Services", @@ -7170,7 +7011,6 @@ "Cyber Espionage" ], "source": "MITRE", - "tags": [], "target_categories": [ "Government" ] @@ -7289,7 +7129,6 @@ "Cyber Espionage" ], "source": "MITRE", - "tags": [], "target_categories": [ "Education", "Energy", @@ -7404,7 +7243,6 @@ "Cyber Espionage" ], "source": "MITRE", - "tags": [], "target_categories": [ "Government", "NGOs", @@ -7458,7 +7296,6 @@ "Cyber Espionage" ], "source": "MITRE", - "tags": [], "target_categories": [ "Defense", "Government" @@ -7483,9 +7320,7 @@ "observed_motivations": [ "Cyber Espionage" ], - "source": "MITRE", - "tags": [], - "target_categories": [] + "source": "MITRE" }, "related": [ { @@ -7514,12 +7349,10 @@ "description": "\n[Nomadic Octopus](https://app.tidalcyber.com/groups/5f8c6ee0-f302-403b-b712-f1e3df064c0c) is a Russian-speaking cyber espionage threat group that has primarily targeted Central Asia, including local governments, diplomatic missions, and individuals, since at least 2014. [Nomadic Octopus](https://app.tidalcyber.com/groups/5f8c6ee0-f302-403b-b712-f1e3df064c0c) has been observed conducting campaigns involving Android and Windows malware, mainly using the Delphi programming language, and building custom variants.[[Security Affairs DustSquad Oct 2018](https://app.tidalcyber.com/references/0e6b019c-cf8e-40a7-9e7c-6a7dc5309dc6)][[Securelist Octopus Oct 2018](https://app.tidalcyber.com/references/77407057-53f1-4fde-bc74-00f73d417f7d)][[ESET Nomadic Octopus 2018](https://app.tidalcyber.com/references/50dcb3f0-1461-453a-aab9-38c2e259173f)]", "meta": { "group_attack_id": "G0133", - "observed_countries": [], "observed_motivations": [ "Cyber Espionage" ], "source": "MITRE", - "tags": [], "target_categories": [ "Government" ] @@ -7623,9 +7456,7 @@ "GB", "US" ], - "observed_motivations": [], "source": "MITRE", - "tags": [], "target_categories": [ "Banks", "Chemical", @@ -7699,7 +7530,6 @@ "Cyber Espionage" ], "source": "MITRE", - "tags": [], "target_categories": [ "Healthcare", "Pharmaceuticals" @@ -7789,9 +7619,7 @@ "GB", "US" ], - "observed_motivations": [], "source": "MITRE", - "tags": [], "target_categories": [ "Defense", "Energy", @@ -7839,9 +7667,7 @@ "observed_countries": [ "TW" ], - "observed_motivations": [], "source": "MITRE", - "tags": [], "target_categories": [ "Defense", "Energy", @@ -7869,9 +7695,7 @@ "SG", "TH" ], - "observed_motivations": [], "source": "MITRE", - "tags": [], "target_categories": [ "Defense", "Education", @@ -7941,11 +7765,7 @@ "description": "[POLONIUM](https://app.tidalcyber.com/groups/7fbd7514-76e9-4696-8c66-9f95546e3315) is a Lebanon-based group that has primarily targeted Israeli organizations, including critical manufacturing, information technology, and defense industry companies, since at least February 2022. Security researchers assess [POLONIUM](https://app.tidalcyber.com/groups/7fbd7514-76e9-4696-8c66-9f95546e3315) has coordinated their operations with multiple actors affiliated with Iran’s Ministry of Intelligence and Security (MOIS), based on victim overlap as well as common techniques and tooling.[[Microsoft POLONIUM June 2022](https://app.tidalcyber.com/references/689ff1ab-9fed-4aa2-8e5e-78dac31e6fbd)]", "meta": { "group_attack_id": "G1005", - "observed_countries": [], - "observed_motivations": [], - "source": "MITRE", - "tags": [], - "target_categories": [] + "source": "MITRE" }, "related": [], "uuid": "7fbd7514-76e9-4696-8c66-9f95546e3315", @@ -7968,7 +7788,6 @@ "Cyber Espionage" ], "source": "MITRE", - "tags": [], "target_categories": [ "Energy", "Entertainment", @@ -8010,9 +7829,7 @@ "observed_motivations": [ "Cyber Espionage" ], - "source": "MITRE", - "tags": [], - "target_categories": [] + "source": "MITRE" }, "related": [ { @@ -8064,9 +7881,7 @@ "JP", "US" ], - "observed_motivations": [], "source": "MITRE", - "tags": [], "target_categories": [ "Aerospace", "Defense", @@ -8103,9 +7918,7 @@ "observed_motivations": [ "Cyber Espionage" ], - "source": "MITRE", - "tags": [], - "target_categories": [] + "source": "MITRE" }, "related": [ { @@ -8169,13 +7982,10 @@ "description": "[Rocke](https://app.tidalcyber.com/groups/71222310-2807-4599-bb92-248eaf2e03ab) is an alleged Chinese-speaking adversary whose primary objective appeared to be cryptojacking, or stealing victim system resources for the purposes of mining cryptocurrency. The name [Rocke](https://app.tidalcyber.com/groups/71222310-2807-4599-bb92-248eaf2e03ab) comes from the email address \"rocke@live.cn\" used to create the wallet which held collected cryptocurrency. Researchers have detected overlaps between [Rocke](https://app.tidalcyber.com/groups/71222310-2807-4599-bb92-248eaf2e03ab) and the Iron Cybercrime Group, though this attribution has not been confirmed.[[Talos Rocke August 2018](https://app.tidalcyber.com/references/bff0ee40-e583-4f73-a013-4669ca576904)]", "meta": { "group_attack_id": "G0106", - "observed_countries": [], "observed_motivations": [ "Financial Gain" ], - "source": "MITRE", - "tags": [], - "target_categories": [] + "source": "MITRE" }, "related": [], "uuid": "71222310-2807-4599-bb92-248eaf2e03ab", @@ -8243,10 +8053,7 @@ "RU", "UA" ], - "observed_motivations": [], - "source": "MITRE", - "tags": [], - "target_categories": [] + "source": "MITRE" }, "related": [ { @@ -8432,9 +8239,7 @@ "observed_countries": [ "CN" ], - "observed_motivations": [], "source": "MITRE", - "tags": [], "target_categories": [ "Human Rights" ] @@ -8606,11 +8411,7 @@ "description": "[SideCopy](https://app.tidalcyber.com/groups/31bc763e-623f-4870-9780-86e43d732594) is a Pakistani threat group that has primarily targeted South Asian countries, including Indian and Afghani government personnel, since at least 2019. [SideCopy](https://app.tidalcyber.com/groups/31bc763e-623f-4870-9780-86e43d732594)'s name comes from its infection chain that tries to mimic that of [Sidewinder](https://app.tidalcyber.com/groups/44f8bd4e-a357-4a76-b031-b7455a305ef0), a suspected Indian threat group.[[MalwareBytes SideCopy Dec 2021](https://app.tidalcyber.com/references/466569a7-1ef8-4824-bd9c-d25301184ea4)]", "meta": { "group_attack_id": "G1008", - "observed_countries": [], - "observed_motivations": [], - "source": "MITRE", - "tags": [], - "target_categories": [] + "source": "MITRE" }, "related": [], "uuid": "31bc763e-623f-4870-9780-86e43d732594", @@ -8663,7 +8464,6 @@ "Cyber Espionage" ], "source": "MITRE", - "tags": [], "target_categories": [ "Defense", "Energy", @@ -8789,7 +8589,6 @@ "Cyber Espionage" ], "source": "MITRE", - "tags": [], "target_categories": [ "Education", "Government" @@ -8813,10 +8612,7 @@ "meta": { "country": "NG", "group_attack_id": "G0083", - "observed_countries": [], - "observed_motivations": [], "source": "MITRE", - "tags": [], "target_categories": [ "Education", "Manufacturing", @@ -8845,7 +8641,6 @@ "Cyber Espionage" ], "source": "MITRE", - "tags": [], "target_categories": [ "Government" ] @@ -8873,7 +8668,6 @@ ], "owner": "TidalCyberIan", "source": "Tidal Cyber", - "tags": [], "target_categories": [ "Defense", "Education", @@ -8893,9 +8687,7 @@ "observed_countries": [ "AE" ], - "observed_motivations": [], "source": "MITRE", - "tags": [], "target_categories": [ "Entertainment", "Human Rights" @@ -8940,7 +8732,6 @@ "Cyber Espionage" ], "source": "MITRE", - "tags": [], "target_categories": [ "Aerospace", "Defense", @@ -8973,9 +8764,7 @@ "observed_motivations": [ "Cyber Espionage" ], - "source": "MITRE", - "tags": [], - "target_categories": [] + "source": "MITRE" }, "related": [ { @@ -8997,7 +8786,6 @@ "Cyber Espionage" ], "source": "MITRE", - "tags": [], "target_categories": [ "Aerospace", "Defense", @@ -9019,10 +8807,7 @@ "MN", "RU" ], - "observed_motivations": [], - "source": "MITRE", - "tags": [], - "target_categories": [] + "source": "MITRE" }, "related": [ { @@ -9066,8 +8851,7 @@ "5e7433ad-a894-4489-93bc-41e90da90019", "7e7b0c67-bb85-4996-a289-da0e792d7172", "a98d7a43-f227-478e-81de-e7299639a355" - ], - "target_categories": [] + ] }, "related": [ { @@ -9114,13 +8898,10 @@ "description": "[TA551](https://app.tidalcyber.com/groups/8951bff3-c444-4374-8a9e-b2115d9125b2) is a financially-motivated threat group that has been active since at least 2018. [[Secureworks GOLD CABIN](https://app.tidalcyber.com/references/778babec-e7d3-4341-9e33-aab361f2b98a)] The group has primarily targeted English, German, Italian, and Japanese speakers through email-based malware distribution campaigns. [[Unit 42 TA551 Jan 2021](https://app.tidalcyber.com/references/8e34bf1e-86ce-4d52-a6fa-037572766e99)]", "meta": { "group_attack_id": "G0127", - "observed_countries": [], "observed_motivations": [ "Financial Gain" ], - "source": "MITRE", - "tags": [], - "target_categories": [] + "source": "MITRE" }, "related": [ { @@ -9143,14 +8924,11 @@ "description": "*Operationalize this intelligence by pivoting to relevant defensive resources via the Techniques below. Alternatively, use the **Add to Matrix** button above, then overlay entire sets of capabilities from your own defensive stack to identify threat overlaps & potential gaps (watch a [60-second tutorial here](https://www.youtube.com/watch?v=4jBo3XLO01E)).*\n\nTA577 is a cybercriminal actor that has remained highly active since mid-2020. The actor is known for carrying out email-based campaigns that result in the delivery of a wide range of payloads, including at least one leading to ransomware (REvil) deployment. These campaigns are known to impact organizations in a wide range of sectors and geographic locations.[[Proofpoint Ransomware Initial Access June 2021](/references/3b0631ae-f589-4b7c-a00a-04dcd5f3a77b)] The actor appears adept at shifting payloads in response to external factors, for example moving to deliver DarkGate and Pikabot shortly after international authorities disrupted the QakBot botnet in August 2023.[[Malwarebytes Pikabot December 15 2023](/references/50b29ef4-7ade-4672-99b6-fdf367170a5b)]", "meta": { "group_attack_id": "G5019", - "observed_countries": [], "observed_motivations": [ "Financial Gain" ], "owner": "TidalCyberIan", - "source": "Tidal Cyber", - "tags": [], - "target_categories": [] + "source": "Tidal Cyber" }, "related": [], "uuid": "28f3dbcc-b248-442f-9ff3-234210bb2f2a", @@ -9160,7 +8938,6 @@ "description": "[TeamTNT](https://app.tidalcyber.com/groups/325c11be-e1ee-47db-afa6-44ac5d16f0e7) is a threat group that has primarily targeted cloud and containerized environments. The group as been active since at least October 2019 and has mainly focused its efforts on leveraging cloud and container resources to deploy cryptocurrency miners in victim environments.[[Palo Alto Black-T October 2020](https://app.tidalcyber.com/references/d4351c8e-026d-4660-9344-166481ecf64a)][[Lacework TeamTNT May 2021](https://app.tidalcyber.com/references/5908b04b-dbca-4fd8-bacc-141ef15546a1)][[Intezer TeamTNT September 2020](https://app.tidalcyber.com/references/1155a45e-86f4-497a-9a03-43b6dcb25202)][[Cado Security TeamTNT Worm August 2020](https://app.tidalcyber.com/references/8ccab4fe-155d-44b0-b0f2-941e9f8f87db)][[Unit 42 Hildegard Malware](https://app.tidalcyber.com/references/0941cf0e-75d8-4c96-bc42-c99d809e75f9)][[Trend Micro TeamTNT](https://app.tidalcyber.com/references/d6b52135-6bb2-4e37-8f94-1e1d6354bdfd)][[ATT TeamTNT Chimaera September 2020](https://app.tidalcyber.com/references/5d9f402f-4ff4-4993-8685-e5656e2f3aff)][[Aqua TeamTNT August 2020](https://app.tidalcyber.com/references/ca10ad0d-1a47-4006-8f76-c2246aee7752)][[Intezer TeamTNT Explosion September 2021](https://app.tidalcyber.com/references/e0d6208b-a4d6-45f0-bb3a-6c8681630b55)]", "meta": { "group_attack_id": "G0139", - "observed_countries": [], "observed_motivations": [ "Financial Gain" ], @@ -9170,8 +8947,7 @@ "82009876-294a-4e06-8cfc-3236a429bda4", "4fa6f8e1-b0d5-4169-8038-33e355c08bde", "2e5f6e4a-4579-46f7-9997-6923180815dd" - ], - "target_categories": [] + ] }, "related": [], "uuid": "325c11be-e1ee-47db-afa6-44ac5d16f0e7", @@ -9200,9 +8976,7 @@ "SA", "US" ], - "observed_motivations": [], "source": "MITRE", - "tags": [], "target_categories": [ "Infrastructure" ] @@ -9227,9 +9001,7 @@ "observed_countries": [ "PK" ], - "observed_motivations": [], "source": "MITRE", - "tags": [], "target_categories": [ "Defense", "Government" @@ -9257,11 +9029,7 @@ "description": "[Threat Group-1314](https://app.tidalcyber.com/groups/0f86e871-0c6c-4227-ae28-3f3696d6ae9d) is an unattributed threat group that has used compromised credentials to log into a victim's remote access infrastructure. [[Dell TG-1314](https://app.tidalcyber.com/references/79fc7568-b6ff-460b-9200-56d7909ed157)]", "meta": { "group_attack_id": "G0028", - "observed_countries": [], - "observed_motivations": [], - "source": "MITRE", - "tags": [], - "target_categories": [] + "source": "MITRE" }, "related": [ { @@ -9465,7 +9233,6 @@ "Cyber Espionage" ], "source": "MITRE", - "tags": [], "target_categories": [ "Defense", "Telecommunications" @@ -9550,9 +9317,7 @@ "TW", "US" ], - "observed_motivations": [], "source": "MITRE", - "tags": [], "target_categories": [ "Defense", "Energy", @@ -9683,9 +9448,7 @@ "GB", "US" ], - "observed_motivations": [], "source": "MITRE", - "tags": [], "target_categories": [ "Defense", "Government" @@ -9753,7 +9516,6 @@ "Cyber Espionage" ], "source": "MITRE", - "tags": [], "target_categories": [ "Defense", "Government", @@ -10129,7 +9891,6 @@ "Cyber Espionage" ], "source": "MITRE", - "tags": [], "target_categories": [ "Defense", "Education", @@ -10354,7 +10115,6 @@ "Cyber Espionage" ], "source": "MITRE", - "tags": [], "target_categories": [ "Healthcare", "Media", @@ -10369,11 +10129,7 @@ "description": "The [Windigo](https://app.tidalcyber.com/groups/eeb69751-8c22-4a5f-8da2-239cc7d7746c) group has been operating since at least 2011, compromising thousands of Linux and Unix servers using the [Ebury](https://app.tidalcyber.com/software/2375465a-e6a9-40ab-b631-a5b04cf5c689) SSH backdoor to create a spam botnet. Despite law enforcement intervention against the creators, [Windigo](https://app.tidalcyber.com/groups/eeb69751-8c22-4a5f-8da2-239cc7d7746c) operators continued updating [Ebury](https://app.tidalcyber.com/software/2375465a-e6a9-40ab-b631-a5b04cf5c689) through 2019.[[ESET Windigo Mar 2014](https://app.tidalcyber.com/references/721cdb36-d3fc-4212-b324-6be2b5f9cb46)][[CERN Windigo June 2019](https://app.tidalcyber.com/references/e9f1289f-a32e-441c-8787-cb32a26216d1)]", "meta": { "group_attack_id": "G0124", - "observed_countries": [], - "observed_motivations": [], - "source": "MITRE", - "tags": [], - "target_categories": [] + "source": "MITRE" }, "related": [], "uuid": "eeb69751-8c22-4a5f-8da2-239cc7d7746c", @@ -10397,12 +10153,10 @@ "description": "[Windshift](https://app.tidalcyber.com/groups/4e880d01-313a-4926-8470-78c48824aa82) is a threat group that has been active since at least 2017, targeting specific individuals for surveillance in government departments and critical infrastructure across the Middle East.[[SANS Windshift August 2018](https://app.tidalcyber.com/references/97eac0f2-d528-4f7c-8425-7531eae4fc39)][[objective-see windtail1 dec 2018](https://app.tidalcyber.com/references/7a32c962-8050-45de-8b90-8644be5109d9)][[objective-see windtail2 jan 2019](https://app.tidalcyber.com/references/e6bdc679-ee0c-4f34-b5bc-0d6a26485b36)]", "meta": { "group_attack_id": "G0112", - "observed_countries": [], "observed_motivations": [ "Cyber Espionage" ], "source": "MITRE", - "tags": [], "target_categories": [ "Government", "Infrastructure" @@ -10453,9 +10207,7 @@ "US", "VN" ], - "observed_motivations": [], "source": "MITRE", - "tags": [], "target_categories": [ "Entertainment" ] @@ -10477,10 +10229,7 @@ "description": "[WIRTE](https://app.tidalcyber.com/groups/73da066d-b25f-45ba-862b-1a69228c6baa) is a threat group that has been active since at least August 2018. [WIRTE](https://app.tidalcyber.com/groups/73da066d-b25f-45ba-862b-1a69228c6baa) has targeted government, diplomatic, financial, military, legal, and technology organizations in the Middle East and Europe.[[Lab52 WIRTE Apr 2019](https://app.tidalcyber.com/references/884b675e-390c-4f6d-8cb7-5d97d84115e5)][[Kaspersky WIRTE November 2021](https://app.tidalcyber.com/references/143b4694-024d-49a5-be3c-d9ceca7295b2)]", "meta": { "group_attack_id": "G0090", - "observed_countries": [], - "observed_motivations": [], "source": "MITRE", - "tags": [], "target_categories": [ "Defense", "Financial Services", @@ -10715,7 +10464,6 @@ "Cyber Espionage" ], "source": "MITRE", - "tags": [], "target_categories": [ "Aerospace", "Construction", diff --git a/clusters/tidal-software.json b/clusters/tidal-software.json index f71c97a..d0fac83 100644 --- a/clusters/tidal-software.json +++ b/clusters/tidal-software.json @@ -240,7 +240,6 @@ ], "software_attack_id": "S1028", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -264,7 +263,6 @@ ], "software_attack_id": "S0202", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -846,7 +844,6 @@ ], "software_attack_id": "S1074", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -1063,7 +1060,6 @@ ], "software_attack_id": "S0456", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -1464,7 +1460,6 @@ ], "software_attack_id": "S0438", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -1498,7 +1493,6 @@ ], "software_attack_id": "S0347", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -1526,7 +1520,6 @@ ], "software_attack_id": "S0129", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -1817,7 +1810,6 @@ ], "software_attack_id": "S0093", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -1919,7 +1911,6 @@ ], "software_attack_id": "S0245", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -1969,7 +1960,6 @@ ], "software_attack_id": "S1081", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -1993,7 +1983,6 @@ ], "software_attack_id": "S0128", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -2017,7 +2006,6 @@ ], "software_attack_id": "S0337", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -2320,7 +2308,6 @@ ], "software_attack_id": "S0127", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -2427,7 +2414,6 @@ ], "software_attack_id": "S0017", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -2711,7 +2697,6 @@ ], "software_attack_id": "S0069", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -2757,7 +2742,6 @@ ], "software_attack_id": "S0089", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -2785,7 +2769,6 @@ ], "software_attack_id": "S0564", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -2809,7 +2792,6 @@ ], "software_attack_id": "S0520", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -2920,7 +2902,6 @@ ], "software_attack_id": "S0486", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -2940,7 +2921,6 @@ ], "software_attack_id": "S0360", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -3016,7 +2996,6 @@ ], "software_attack_id": "S0114", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -3062,7 +3041,6 @@ ], "software_attack_id": "S0252", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -3086,7 +3064,6 @@ ], "software_attack_id": "S0204", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -3124,7 +3101,6 @@ ], "software_attack_id": "S1063", "source": "MITRE", - "tags": [], "type": "tool" }, "related": [ @@ -3152,7 +3128,6 @@ ], "software_attack_id": "S0014", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -3310,7 +3285,6 @@ ], "software_attack_id": "S0119", "source": "MITRE", - "tags": [], "type": "tool" }, "related": [ @@ -3356,7 +3330,6 @@ ], "software_attack_id": "S0454", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -3380,7 +3353,6 @@ ], "software_attack_id": "S0025", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -3404,7 +3376,6 @@ ], "software_attack_id": "S0274", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -3424,7 +3395,6 @@ ], "software_attack_id": "S0077", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -3448,7 +3418,6 @@ ], "software_attack_id": "S0351", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -3486,7 +3455,6 @@ ], "software_attack_id": "S0030", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -3518,7 +3486,6 @@ ], "software_attack_id": "S0484", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -3538,7 +3505,6 @@ ], "software_attack_id": "S0335", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -3606,7 +3572,6 @@ ], "software_attack_id": "S0462", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -3626,7 +3591,6 @@ ], "software_attack_id": "S0261", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -3722,7 +3686,6 @@ ], "software_attack_id": "S1043", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -4062,7 +4025,6 @@ ], "software_attack_id": "S0144", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -4094,7 +4056,6 @@ ], "software_attack_id": "S0107", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -4165,7 +4126,6 @@ ], "software_attack_id": "S1041", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -4384,7 +4344,6 @@ ], "software_attack_id": "S0660", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -5164,7 +5123,6 @@ ], "software_attack_id": "S0369", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -5225,7 +5183,6 @@ ], "software_attack_id": "S0244", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -5354,7 +5311,6 @@ ], "software_attack_id": "S0608", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -5614,7 +5570,6 @@ ], "software_attack_id": "S0492", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -5843,7 +5798,6 @@ ], "software_attack_id": "S0614", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -6065,7 +6019,6 @@ ], "software_attack_id": "S1023", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -6089,7 +6042,6 @@ ], "software_attack_id": "S1024", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -6159,7 +6111,6 @@ ], "software_attack_id": "S0235", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -6183,7 +6134,6 @@ ], "software_attack_id": "S0538", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -6207,7 +6157,6 @@ ], "software_attack_id": "S0498", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -6358,7 +6307,6 @@ ], "software_attack_id": "S0527", "source": "MITRE", - "tags": [], "type": "tool" }, "related": [ @@ -6484,7 +6432,6 @@ ], "software_attack_id": "S0497", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -6663,7 +6610,6 @@ ], "software_attack_id": "S1066", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -6733,7 +6679,6 @@ ], "software_attack_id": "S0187", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -6828,10 +6773,8 @@ { "description": "[DDKONG](https://app.tidalcyber.com/software/0657b804-a889-400a-97d7-a4989809a623) is a malware sample that was part of a campaign by [Rancor](https://app.tidalcyber.com/groups/021b3c71-6467-4e46-a413-8b726f066f2c). [DDKONG](https://app.tidalcyber.com/software/0657b804-a889-400a-97d7-a4989809a623) was first seen used in February 2017. [[Rancor Unit42 June 2018](https://app.tidalcyber.com/references/45098a85-a61f-491a-a549-f62b02dc2ecd)]", "meta": { - "platforms": [], "software_attack_id": "S0255", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -7525,7 +7468,6 @@ ], "software_attack_id": "S0200", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -7549,7 +7491,6 @@ ], "software_attack_id": "S1088", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -7667,7 +7608,6 @@ ], "software_attack_id": "S1021", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -7771,7 +7711,6 @@ ], "software_attack_id": "S0281", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -7818,7 +7757,6 @@ ], "software_attack_id": "S0695", "source": "MITRE", - "tags": [], "type": "tool" }, "related": [ @@ -7953,7 +7891,6 @@ ], "software_attack_id": "S0186", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -7977,7 +7914,6 @@ ], "software_attack_id": "S0694", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -8045,7 +7981,6 @@ ], "software_attack_id": "S0547", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -8294,7 +8229,6 @@ ], "software_attack_id": "S0038", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -8427,7 +8361,6 @@ ], "software_attack_id": "S0024", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -8492,7 +8425,6 @@ ], "software_attack_id": "S0377", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -8516,7 +8448,6 @@ ], "software_attack_id": "S0593", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -8586,7 +8517,6 @@ ], "software_attack_id": "S0624", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -8750,7 +8680,6 @@ ], "software_attack_id": "S0064", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -8774,7 +8703,6 @@ ], "software_attack_id": "S0082", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -9194,7 +9122,6 @@ ], "software_attack_id": "S0396", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -9293,7 +9220,6 @@ ], "software_attack_id": "S0401", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -9317,7 +9243,6 @@ ], "software_attack_id": "S0343", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -9496,7 +9421,6 @@ ], "software_attack_id": "S0569", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -9632,7 +9556,6 @@ ], "software_attack_id": "S0076", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -9656,7 +9579,6 @@ ], "software_attack_id": "S0181", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -9706,7 +9628,6 @@ ], "software_attack_id": "S0171", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -9744,7 +9665,6 @@ ], "software_attack_id": "S0267", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -9768,7 +9688,6 @@ ], "software_attack_id": "S0679", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -9792,7 +9711,6 @@ ], "software_attack_id": "S0120", "source": "MITRE", - "tags": [], "type": "tool" }, "related": [ @@ -9846,7 +9764,6 @@ ], "software_attack_id": "S0355", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -9934,7 +9851,6 @@ ], "software_attack_id": "S0182", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -10086,7 +10002,6 @@ ], "software_attack_id": "S0143", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -10114,7 +10029,6 @@ ], "software_attack_id": "S0036", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -10285,7 +10199,6 @@ ], "software_attack_id": "S0173", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -10387,7 +10300,6 @@ { "description": "[Forfiles](https://app.tidalcyber.com/software/c6dc67a6-587d-4700-a7de-bee043a0031a) is a Windows utility commonly used in batch jobs to execute commands on one or more selected files or directories (ex: list all directories in a drive, read the first line of all files created yesterday, etc.). Forfiles can be executed from either the command line, Run window, or batch files/scripts. [[Microsoft Forfiles Aug 2016](https://app.tidalcyber.com/references/fd7eaa47-3512-4dbd-b881-bc679d06cd1b)]", "meta": { - "platforms": [], "software_attack_id": "S0193", "source": "MITRE", "tags": [ @@ -10435,10 +10347,8 @@ { "description": "[FrameworkPOS](https://app.tidalcyber.com/software/aef7cbbc-5163-419c-8e4b-3f73bed50474) is a point of sale (POS) malware used by [FIN6](https://app.tidalcyber.com/groups/fcaadc12-7c17-4946-a9dc-976ed610854c) to steal payment card data from sytems that run physical POS devices.[[SentinelOne FrameworkPOS September 2019](https://app.tidalcyber.com/references/054d7827-3d0c-40a7-b2a0-1428ad7729ea)]", "meta": { - "platforms": [], "software_attack_id": "S0503", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -10497,7 +10407,6 @@ ], "software_attack_id": "S0277", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -10749,7 +10658,6 @@ ], "software_attack_id": "S0628", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -10889,7 +10797,6 @@ ], "software_attack_id": "S0666", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -10921,7 +10828,6 @@ ], "software_attack_id": "S0049", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -11120,7 +11026,6 @@ ], "software_attack_id": "S0026", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -11182,7 +11087,6 @@ ], "software_attack_id": "S0249", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -11228,7 +11132,6 @@ ], "software_attack_id": "S0597", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -11387,7 +11290,6 @@ ], "software_attack_id": "S5077", "source": "Tidal Cyber", - "tags": [], "type": "malware" }, "related": [ @@ -11407,7 +11309,6 @@ ], "software_attack_id": "S0237", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -11430,7 +11331,6 @@ ], "software_attack_id": "S0690", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -11450,7 +11350,6 @@ ], "software_attack_id": "S0342", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -11531,7 +11430,6 @@ ], "software_attack_id": "S5079", "source": "Tidal Cyber", - "tags": [], "type": "malware" }, "related": [ @@ -11615,7 +11513,6 @@ ], "software_attack_id": "S0132", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -11630,10 +11527,8 @@ { "description": "[Hacking Team UEFI Rootkit](https://app.tidalcyber.com/software/75db2ac3-901e-4b1f-9a0d-bac6562d57a3) is a rootkit developed by the company Hacking Team as a method of persistence for remote access software. [[TrendMicro Hacking Team UEFI](https://app.tidalcyber.com/references/24796535-d516-45e9-bcc7-8f03a3f3cd73)]", "meta": { - "platforms": [], "software_attack_id": "S0047", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -11648,10 +11543,8 @@ { "description": "[HALFBAKED](https://app.tidalcyber.com/software/5edf0ef7-a960-4500-8a89-8c8b4fdf8824) is a malware family consisting of multiple components intended to establish persistence in victim networks. [[FireEye FIN7 April 2017](https://app.tidalcyber.com/references/6ee27fdb-1753-4fdf-af72-3295b072ff10)]", "meta": { - "platforms": [], "software_attack_id": "S0151", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -11772,10 +11665,8 @@ { "description": "[HAPPYWORK](https://app.tidalcyber.com/software/c2c31b2e-5da6-4feb-80e3-14ea6d0ea7e8) is a downloader used by [APT37](https://app.tidalcyber.com/groups/013fdfdc-aa32-4779-8f6e-7920615cbf66) to target South Korean government and financial victims in November 2016. [[FireEye APT37 Feb 2018](https://app.tidalcyber.com/references/4d575c1a-4ff9-49ce-97cd-f9d0637c2271)]", "meta": { - "platforms": [], "software_attack_id": "S0214", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -11799,7 +11690,6 @@ ], "software_attack_id": "S0246", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -11818,10 +11708,8 @@ { "description": "[Havij](https://app.tidalcyber.com/software/8bd36306-bd4b-4a76-8842-44acb0cedbcc) is an automatic SQL Injection tool distributed by the Iranian ITSecTeam security company. Havij has been used by penetration testers and adversaries. [[Check Point Havij Analysis](https://app.tidalcyber.com/references/2e00a539-acbe-4462-a30f-43da4e8b9c4f)]", "meta": { - "platforms": [], "software_attack_id": "S0224", "source": "MITRE", - "tags": [], "type": "tool" }, "related": [ @@ -11845,7 +11733,6 @@ ], "software_attack_id": "S0391", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -11865,7 +11752,6 @@ ], "software_attack_id": "S0071", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -11903,7 +11789,6 @@ ], "software_attack_id": "S0061", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -12135,7 +12020,6 @@ ], "software_attack_id": "S0394", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -12181,7 +12065,6 @@ ], "software_attack_id": "S0009", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -12256,7 +12139,6 @@ ], "software_attack_id": "S0232", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -12280,7 +12162,6 @@ ], "software_attack_id": "S0376", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -12308,7 +12189,6 @@ ], "software_attack_id": "S0431", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -12409,7 +12289,6 @@ ], "software_attack_id": "S0070", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -12445,7 +12324,6 @@ ], "software_attack_id": "S0068", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -12595,7 +12473,6 @@ ], "software_attack_id": "S0203", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -12689,7 +12566,6 @@ ], "software_attack_id": "S0537", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -12713,7 +12589,6 @@ ], "software_attack_id": "S1022", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -12961,10 +12836,8 @@ { "description": "[ifconfig](https://app.tidalcyber.com/software/93ab16d1-625e-4b1c-bb28-28974c269c47) is a Unix-based utility used to gather information about and interact with the TCP/IP settings on a system. [[Wikipedia Ifconfig](https://app.tidalcyber.com/references/7bb238d4-4571-4cd0-aab2-76797570724a)]", "meta": { - "platforms": [], "software_attack_id": "S0101", "source": "MITRE", - "tags": [], "type": "tool" }, "related": [ @@ -12998,7 +12871,6 @@ ], "software_attack_id": "S0278", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -13284,7 +13156,6 @@ { "description": "[Industroyer2](https://app.tidalcyber.com/software/53c5fb76-a690-55c3-9e02-39577990da2a) is a compiled and static piece of malware that has the ability to communicate over the IEC-104 protocol. It is similar to the IEC-104 module found in [Industroyer](https://app.tidalcyber.com/software/09398a7c-aee5-44af-b99d-f73d3b39c299). Security researchers assess that [Industroyer2](https://app.tidalcyber.com/software/53c5fb76-a690-55c3-9e02-39577990da2a) was designed to cause impact to high-voltage electrical substations. The initial [Industroyer2](https://app.tidalcyber.com/software/53c5fb76-a690-55c3-9e02-39577990da2a) sample was compiled on 03/23/2022 and scheduled to execute on 04/08/2022, however it was discovered before deploying, resulting in no impact.[[Industroyer2 Blackhat ESET](https://app.tidalcyber.com/references/d9e8ca96-8646-5dd9-bede-56305385b2e4)]", "meta": { - "platforms": [], "software_attack_id": "S1072", "source": "MITRE", "tags": [ @@ -13353,7 +13224,6 @@ ], "software_attack_id": "S0259", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -13454,7 +13324,6 @@ ], "software_attack_id": "S0260", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -13469,10 +13338,8 @@ { "description": "[Invoke-PSImage](https://app.tidalcyber.com/software/2200a647-3312-44c0-9691-4a26153febbb) takes a PowerShell script and embeds the bytes of the script into the pixels of a PNG image. It generates a one liner for executing either from a file of from the web. Example of usage is embedding the PowerShell code from the Invoke-Mimikatz module and embed it into an image file. By calling the image file from a macro for example, the macro will download the picture and execute the PowerShell code, which in this case will dump the passwords. [[GitHub Invoke-PSImage](https://app.tidalcyber.com/references/dd210b79-bd5f-4282-9542-4d1ae2f16438)]", "meta": { - "platforms": [], "software_attack_id": "S0231", "source": "MITRE", - "tags": [], "type": "tool" }, "related": [ @@ -13497,7 +13364,6 @@ ], "software_attack_id": "S5080", "source": "Tidal Cyber", - "tags": [], "type": "tool" }, "related": [ @@ -13512,7 +13378,6 @@ { "description": "[ipconfig](https://app.tidalcyber.com/software/4f519002-0576-4f8e-8add-73ebac9a86e6) is a Windows utility that can be used to find information about a system's TCP/IP, DNS, DHCP, and adapter configuration. [[TechNet Ipconfig](https://app.tidalcyber.com/references/8a6e6f59-70fb-48bf-96d2-318dd92df995)]", "meta": { - "platforms": [], "software_attack_id": "S0100", "source": "MITRE", "tags": [ @@ -13659,7 +13524,6 @@ ], "software_attack_id": "S0015", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -13709,7 +13573,6 @@ ], "software_attack_id": "S0163", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -13729,7 +13592,6 @@ ], "software_attack_id": "S0528", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -13744,7 +13606,6 @@ { "description": "[JCry](https://app.tidalcyber.com/software/41ec0bbc-65ca-4913-a763-1638215d7b2f) is ransomware written in Go. It was identified as apart of the #OpJerusalem 2019 campaign.[[Carbon Black JCry May 2019](https://app.tidalcyber.com/references/deb97163-323a-493a-9c73-b41c8c5e5cd1)]", "meta": { - "platforms": [], "software_attack_id": "S0389", "source": "MITRE", "tags": [ @@ -13904,7 +13765,6 @@ ], "software_attack_id": "S0201", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -14187,7 +14047,6 @@ ], "software_attack_id": "S0215", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -14286,7 +14145,6 @@ ], "software_attack_id": "S0487", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -14306,7 +14164,6 @@ ], "software_attack_id": "S1020", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -14330,7 +14187,6 @@ ], "software_attack_id": "S0387", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -14368,7 +14224,6 @@ ], "software_attack_id": "S0276", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -14392,7 +14247,6 @@ ], "software_attack_id": "S0271", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -14431,7 +14285,6 @@ ], "software_attack_id": "S1051", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -14459,7 +14312,6 @@ ], "software_attack_id": "S0526", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -14629,7 +14481,6 @@ ], "software_attack_id": "S0437", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -14653,7 +14504,6 @@ ], "software_attack_id": "S0250", "source": "MITRE", - "tags": [], "type": "tool" }, "related": [ @@ -14689,7 +14539,6 @@ ], "software_attack_id": "S0641", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -14709,7 +14558,6 @@ ], "software_attack_id": "S0669", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -14733,7 +14581,6 @@ ], "software_attack_id": "S0162", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -14757,7 +14604,6 @@ ], "software_attack_id": "S0156", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -14803,7 +14649,6 @@ ], "software_attack_id": "S1075", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -14827,7 +14672,6 @@ ], "software_attack_id": "S0236", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -15170,7 +15014,6 @@ ], "software_attack_id": "S0211", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -15243,7 +15086,6 @@ ], "software_attack_id": "S0680", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -15500,7 +15342,6 @@ ], "software_attack_id": "S0582", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -15573,7 +15414,6 @@ ], "software_attack_id": "S0042", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -15623,7 +15463,6 @@ ], "software_attack_id": "S0532", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -15657,7 +15496,6 @@ ], "software_attack_id": "S0010", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -15699,7 +15537,6 @@ ], "software_attack_id": "S0409", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -15755,7 +15592,6 @@ ], "software_attack_id": "S1016", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -15783,7 +15619,6 @@ ], "software_attack_id": "S1048", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -15803,7 +15638,6 @@ ], "software_attack_id": "S0282", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -15823,7 +15657,6 @@ ], "software_attack_id": "S1060", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -15849,7 +15682,6 @@ ], "software_attack_id": "S0413", "source": "MITRE", - "tags": [], "type": "tool" }, "related": [ @@ -15994,7 +15826,6 @@ ], "software_attack_id": "S0167", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -16092,7 +15923,6 @@ ], "software_attack_id": "S0500", "source": "MITRE", - "tags": [], "type": "tool" }, "related": [ @@ -16116,7 +15946,6 @@ ], "software_attack_id": "S0459", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -16259,7 +16088,6 @@ ], "software_attack_id": "S0530", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -16279,7 +16107,6 @@ ], "software_attack_id": "S0443", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -16303,7 +16130,6 @@ ], "software_attack_id": "S1059", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -16394,7 +16220,6 @@ ], "software_attack_id": "S0688", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -16860,10 +16685,8 @@ { "description": "[Miner-C](https://app.tidalcyber.com/software/c0dea9db-1551-4f6c-8a19-182efc34093a) is malware that mines victims for the Monero cryptocurrency. It has targeted FTP servers and Network Attached Storage (NAS) devices to spread. [[Softpedia MinerC](https://app.tidalcyber.com/references/087b9bf1-bd9e-4cd6-a386-d9d2c812c927)]", "meta": { - "platforms": [], "software_attack_id": "S0133", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -16935,7 +16758,6 @@ ], "software_attack_id": "S0083", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -16955,7 +16777,6 @@ ], "software_attack_id": "S0084", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -16975,7 +16796,6 @@ ], "software_attack_id": "S0080", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -17035,10 +16855,8 @@ { "description": "[MobileOrder](https://app.tidalcyber.com/software/116f913c-0d5e-43d1-ba0d-3a12127af8f6) is a Trojan intended to compromise Android mobile devices. It has been used by [Scarlet Mimic](https://app.tidalcyber.com/groups/6c1bdc51-f633-4512-8b20-04a11c2d97f4). [[Scarlet Mimic Jan 2016](https://app.tidalcyber.com/references/f84a5b6d-3af1-45b1-ac55-69ceced8735f)]", "meta": { - "platforms": [], "software_attack_id": "S0079", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -17114,7 +16932,6 @@ ], "software_attack_id": "S0149", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -17222,7 +17039,6 @@ ], "software_attack_id": "S1047", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -17922,7 +17738,6 @@ ], "software_attack_id": "S0233", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -17997,7 +17812,6 @@ ], "software_attack_id": "S0228", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -18114,7 +17928,6 @@ ], "software_attack_id": "S0590", "source": "MITRE", - "tags": [], "type": "tool" }, "related": [ @@ -18161,10 +17974,8 @@ { "description": "[nbtstat](https://app.tidalcyber.com/software/81c2fc9b-8c2c-40f6-a327-dcdd64b70a7e) is a utility used to troubleshoot NetBIOS name resolution. [[TechNet Nbtstat](https://app.tidalcyber.com/references/1b1e6b08-fc2a-48f7-82bd-e3c1a7a0d97e)]", "meta": { - "platforms": [], "software_attack_id": "S0102", "source": "MITRE", - "tags": [], "type": "tool" }, "related": [ @@ -18188,7 +17999,6 @@ ], "software_attack_id": "S0272", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -18212,7 +18022,6 @@ ], "software_attack_id": "S0630", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -18262,7 +18071,6 @@ ], "software_attack_id": "S0210", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -18474,7 +18282,6 @@ ], "software_attack_id": "S0056", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -18611,7 +18418,6 @@ { "description": "[netstat](https://app.tidalcyber.com/software/132fb908-9f13-4bcf-aa64-74cbc72f5491) is an operating system utility that displays active TCP connections, listening ports, and network statistics. [[TechNet Netstat](https://app.tidalcyber.com/references/84ac26d8-9c7c-4c8c-bf64-a9fb4578388c)]", "meta": { - "platforms": [], "software_attack_id": "S0104", "source": "MITRE", "tags": [ @@ -18894,7 +18700,6 @@ ], "software_attack_id": "S0118", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -18922,7 +18727,6 @@ ], "software_attack_id": "S1090", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -19448,7 +19252,6 @@ ], "software_attack_id": "S0346", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -19468,7 +19271,6 @@ ], "software_attack_id": "S0340", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -19851,7 +19653,6 @@ ], "software_attack_id": "S0165", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -19947,7 +19748,6 @@ ], "software_attack_id": "S0402", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -19975,7 +19775,6 @@ ], "software_attack_id": "S0594", "source": "MITRE", - "tags": [], "type": "tool" }, "related": [ @@ -20026,7 +19825,6 @@ ], "software_attack_id": "S0072", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -20074,7 +19872,6 @@ ], "software_attack_id": "S0016", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -20130,7 +19927,6 @@ ], "software_attack_id": "S0626", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -20216,7 +20012,6 @@ ], "software_attack_id": "S0208", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -20235,10 +20030,8 @@ { "description": "[Pass-The-Hash Toolkit](https://app.tidalcyber.com/software/8d007d52-8898-494c-8d72-354abd93da1e) is a toolkit that allows an adversary to \"pass\" a password hash (without knowing the original password) to log in to systems. [[Mandiant APT1](https://app.tidalcyber.com/references/865eba93-cf6a-4e41-bc09-de9b0b3c2669)]", "meta": { - "platforms": [], "software_attack_id": "S0122", "source": "MITRE", - "tags": [], "type": "tool" }, "related": [ @@ -20595,7 +20388,6 @@ ], "software_attack_id": "S0587", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -20627,7 +20419,6 @@ ], "software_attack_id": "S0643", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -20788,7 +20579,6 @@ { "description": "[Ping](https://app.tidalcyber.com/software/4ea12106-c0a1-4546-bb64-a1675d9f5dc7) is an operating system utility commonly used to troubleshoot and verify network connections. [[TechNet Ping](https://app.tidalcyber.com/references/5afc8ad5-f50d-464f-ba84-e347b3f3e994)]", "meta": { - "platforms": [], "software_attack_id": "S0097", "source": "MITRE", "tags": [ @@ -20921,7 +20711,6 @@ ], "software_attack_id": "S0501", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -20945,7 +20734,6 @@ ], "software_attack_id": "S0124", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -21009,7 +20797,6 @@ ], "software_attack_id": "S0254", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -21033,7 +20820,6 @@ ], "software_attack_id": "S0435", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -21299,7 +21085,6 @@ ], "software_attack_id": "S0067", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -21364,7 +21149,6 @@ ], "software_attack_id": "S0428", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -21564,7 +21348,6 @@ ], "software_attack_id": "S0216", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -21672,7 +21455,6 @@ ], "software_attack_id": "S1012", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -21691,10 +21473,8 @@ { "description": "[Power Loader](https://app.tidalcyber.com/software/018ee1d9-35af-49dc-a667-11b77cd76f46) is modular code sold in the cybercrime market used as a downloader in malware families such as Carberp, Redyms and Gapz. [[MalwareTech Power Loader Aug 2013](https://app.tidalcyber.com/references/9a9a6ca1-d7c5-4385-924b-cdeffd66602e)] [[WeLiveSecurity Gapz and Redyms Mar 2013](https://app.tidalcyber.com/references/b8d328b7-2eb3-4851-8d44-2e1bad7710c2)]", "meta": { - "platforms": [], "software_attack_id": "S0177", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -21780,7 +21560,6 @@ ], "software_attack_id": "S0441", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -21985,7 +21764,6 @@ ], "software_attack_id": "S0371", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -22413,7 +22191,6 @@ ], "software_attack_id": "S0279", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -22474,7 +22251,6 @@ ], "software_attack_id": "S0238", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -22498,7 +22274,6 @@ ], "software_attack_id": "S0613", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -22746,7 +22521,6 @@ ], "software_attack_id": "S0078", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -22975,7 +22749,6 @@ ], "software_attack_id": "S0192", "source": "MITRE", - "tags": [], "type": "tool" }, "related": [ @@ -23329,7 +23102,6 @@ ], "software_attack_id": "S1076", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -23537,7 +23309,6 @@ ], "software_attack_id": "S0629", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -23561,7 +23332,6 @@ ], "software_attack_id": "S0458", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -23667,7 +23437,6 @@ ], "software_attack_id": "S0241", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -23691,7 +23460,6 @@ ], "software_attack_id": "S0364", "source": "MITRE", - "tags": [], "type": "tool" }, "related": [ @@ -23757,7 +23525,6 @@ ], "software_attack_id": "S0169", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -24030,7 +23797,6 @@ ], "software_attack_id": "S0172", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -24064,7 +23830,6 @@ ], "software_attack_id": "S0153", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -24280,7 +24045,6 @@ ], "software_attack_id": "S0019", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -24534,7 +24298,6 @@ ], "software_attack_id": "S0375", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -24599,7 +24362,6 @@ ], "software_attack_id": "S0166", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -24623,7 +24385,6 @@ ], "software_attack_id": "S0592", "source": "MITRE", - "tags": [], "type": "tool" }, "related": [ @@ -24675,7 +24436,6 @@ ], "software_attack_id": "S0125", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -24743,7 +24503,6 @@ { "description": "Responder is an open source tool used for LLMNR, NBT-NS and MDNS poisoning, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication. [[GitHub Responder](https://app.tidalcyber.com/references/3ef681a9-4ab0-420b-9d1a-b8152c50b3ca)]", "meta": { - "platforms": [], "software_attack_id": "S0174", "source": "MITRE", "tags": [ @@ -24781,7 +24540,6 @@ ], "software_attack_id": "S0379", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -24916,7 +24674,6 @@ ], "software_attack_id": "S0433", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -24940,7 +24697,6 @@ ], "software_attack_id": "S0003", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -24964,7 +24720,6 @@ ], "software_attack_id": "S0448", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -24979,7 +24734,6 @@ { "description": "[ROADTools](https://app.tidalcyber.com/software/15bc8e94-64d1-4f1f-bc99-08cfbac417dc) is a framework for enumerating Azure Active Directory environments. The tool is written in Python and publicly available on GitHub.[[ROADtools Github](https://app.tidalcyber.com/references/90c592dc-2c9d-401a-96ab-b539f7522956)]", "meta": { - "platforms": [], "software_attack_id": "S0684", "source": "MITRE", "tags": [ @@ -25032,7 +24786,6 @@ ], "software_attack_id": "S0112", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -25056,7 +24809,6 @@ ], "software_attack_id": "S0270", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -25106,7 +24858,6 @@ ], "software_attack_id": "S1078", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -25125,10 +24876,8 @@ { "description": "[route](https://app.tidalcyber.com/software/3b755518-9085-474e-8bc4-4f9344d9c8af) can be used to find or change information within the local system IP routing table. [[TechNet Route](https://app.tidalcyber.com/references/0e483ec8-af40-4139-9711-53b999e069ee)]", "meta": { - "platforms": [], "software_attack_id": "S0103", "source": "MITRE", - "tags": [], "type": "tool" }, "related": [ @@ -25156,7 +24905,6 @@ ], "software_attack_id": "S0090", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -25285,7 +25033,6 @@ ], "software_attack_id": "S0148", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -25344,7 +25091,6 @@ ], "software_attack_id": "S0358", "source": "MITRE", - "tags": [], "type": "tool" }, "related": [ @@ -25526,7 +25272,6 @@ ], "software_attack_id": "S0253", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -25795,7 +25540,6 @@ ], "software_attack_id": "S1085", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -26149,7 +25893,6 @@ ], "software_attack_id": "S0345", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -26606,7 +26349,6 @@ ], "software_attack_id": "S1089", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -26679,7 +26421,6 @@ ], "software_attack_id": "S0546", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -26851,7 +26592,6 @@ ], "software_attack_id": "S0444", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -26875,7 +26615,6 @@ ], "software_attack_id": "S0445", "source": "MITRE", - "tags": [], "type": "tool" }, "related": [ @@ -26894,10 +26633,8 @@ { "description": "[SHIPSHAPE](https://app.tidalcyber.com/software/3db0b464-ec5d-4cdd-86c2-62eac9c8acd6) is malware developed by [APT30](https://app.tidalcyber.com/groups/be45ff95-6c74-4000-bc39-63044673d82f) that allows propagation and exfiltration of data over removable devices. [APT30](https://app.tidalcyber.com/groups/be45ff95-6c74-4000-bc39-63044673d82f) may use this capability to exfiltrate data across air-gaps. [[FireEye APT30](https://app.tidalcyber.com/references/c48d2084-61cf-4e86-8072-01e5d2de8416)]", "meta": { - "platforms": [], "software_attack_id": "S0028", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -26949,7 +26686,6 @@ ], "software_attack_id": "S0063", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -26976,10 +26712,8 @@ { "description": "[SHUTTERSPEED](https://app.tidalcyber.com/software/5b2d82a6-ed96-485d-bca9-2320590de890) is a backdoor used by [APT37](https://app.tidalcyber.com/groups/013fdfdc-aa32-4779-8f6e-7920615cbf66). [[FireEye APT37 Feb 2018](https://app.tidalcyber.com/references/4d575c1a-4ff9-49ce-97cd-f9d0637c2271)]", "meta": { - "platforms": [], "software_attack_id": "S0217", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -27055,7 +26789,6 @@ ], "software_attack_id": "S0692", "source": "MITRE", - "tags": [], "type": "tool" }, "related": [ @@ -27098,7 +26831,6 @@ ], "software_attack_id": "S0007", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -27118,7 +26850,6 @@ ], "software_attack_id": "S0468", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -27194,7 +26925,6 @@ ], "software_attack_id": "S0533", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -27222,7 +26952,6 @@ ], "software_attack_id": "S0218", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -27352,7 +27081,6 @@ ], "software_attack_id": "S1086", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -27376,7 +27104,6 @@ ], "software_attack_id": "S0159", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -27400,7 +27127,6 @@ ], "software_attack_id": "S0273", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -27587,7 +27313,6 @@ ], "software_attack_id": "S0157", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -27611,7 +27336,6 @@ ], "software_attack_id": "S0035", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -27662,7 +27386,6 @@ ], "software_attack_id": "S0374", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -27860,10 +27583,8 @@ { "description": "[sqlmap](https://app.tidalcyber.com/software/96c224a6-6ca4-4ac1-9990-d863ec5a317a) is an open source penetration testing tool that can be used to automate the process of detecting and exploiting SQL injection flaws. [[sqlmap Introduction](https://app.tidalcyber.com/references/ac643245-d54f-470f-a393-26875c0877c8)]", "meta": { - "platforms": [], "software_attack_id": "S0225", "source": "MITRE", - "tags": [], "type": "tool" }, "related": [ @@ -27923,7 +27644,6 @@ { "description": "[SQLRat](https://app.tidalcyber.com/software/612f780a-239a-4bd0-a29f-63beadf3ed22) is malware that executes SQL scripts to avoid leaving traditional host artifacts. [FIN7](https://app.tidalcyber.com/groups/4348c510-50fc-4448-ab8d-c8cededd19ff) has been observed using it.[[Flashpoint FIN 7 March 2019](https://app.tidalcyber.com/references/b09453a3-c0df-4e96-b399-e7b34e068e9d)]", "meta": { - "platforms": [], "software_attack_id": "S0390", "source": "MITRE", "tags": [ @@ -28098,7 +27818,6 @@ ], "software_attack_id": "S0058", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -28122,7 +27841,6 @@ ], "software_attack_id": "S0188", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -28275,7 +27993,6 @@ ], "software_attack_id": "S0142", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -28325,7 +28042,6 @@ ], "software_attack_id": "S0491", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -28389,7 +28105,6 @@ ], "software_attack_id": "S0085", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -28409,7 +28124,6 @@ ], "software_attack_id": "S1042", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -28429,7 +28143,6 @@ ], "software_attack_id": "S1049", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -28520,7 +28233,6 @@ ], "software_attack_id": "S0578", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -28562,7 +28274,6 @@ ], "software_attack_id": "S0018", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -28709,7 +28420,6 @@ ], "software_attack_id": "S0060", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -28867,7 +28577,6 @@ { "description": "[Systeminfo](https://app.tidalcyber.com/software/cecea681-a753-47b5-9d77-c10a5b4403ab) is a Windows utility that can be used to gather detailed information about a computer. [[TechNet Systeminfo](https://app.tidalcyber.com/references/5462ba66-6e26-41c2-bc28-6c19085d4469)]", "meta": { - "platforms": [], "software_attack_id": "S0096", "source": "MITRE", "tags": [ @@ -28985,7 +28694,6 @@ ], "software_attack_id": "S0663", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -29021,7 +28729,6 @@ ], "software_attack_id": "S0098", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -29066,7 +28773,6 @@ ], "software_attack_id": "S0011", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -29111,7 +28817,6 @@ ], "software_attack_id": "S0586", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -29135,7 +28840,6 @@ ], "software_attack_id": "S0467", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -29195,7 +28899,6 @@ ], "software_attack_id": "S1011", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -29214,7 +28917,6 @@ { "description": "The [Tasklist](https://app.tidalcyber.com/software/abae8f19-9497-4a71-82b6-ae6edd26ad98) utility displays a list of applications and services with their Process IDs (PID) for all tasks running on either a local or a remote computer. It is packaged with Windows operating systems and can be executed from the command-line interface. [[Microsoft Tasklist](https://app.tidalcyber.com/references/2c09561a-02ee-4948-9745-9d6c8eb2881d)]", "meta": { - "platforms": [], "software_attack_id": "S0057", "source": "MITRE", "tags": [ @@ -29344,7 +29046,6 @@ ], "software_attack_id": "S0164", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -29706,7 +29407,6 @@ ], "software_attack_id": "S0665", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -29820,7 +29520,6 @@ { "description": "[TINYTYPHON](https://app.tidalcyber.com/software/0e009cb8-848e-427a-9581-d3a4fd9f6a87) is a backdoor that has been used by the actors responsible for the MONSOON campaign. The majority of its code was reportedly taken from the MyDoom worm. [[Forcepoint Monsoon](https://app.tidalcyber.com/references/ea64a3a5-a248-44bb-98cd-f7e3d4c23d4e)]", "meta": { - "platforms": [], "software_attack_id": "S0131", "source": "MITRE", "tags": [ @@ -29849,7 +29548,6 @@ ], "software_attack_id": "S0004", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -29868,7 +29566,6 @@ { "description": "[Tomiris](https://app.tidalcyber.com/software/eff417ad-c775-4a95-9f36-a1b5a675ba82) is a backdoor written in Go that continuously queries its C2 server for executables to download and execute on a victim system. It was first reported in September 2021 during an investigation of a successful DNS hijacking campaign against a Commonwealth of Independent States (CIS) member. Security researchers assess there are similarities between [Tomiris](https://app.tidalcyber.com/software/eff417ad-c775-4a95-9f36-a1b5a675ba82) and [GoldMax](https://app.tidalcyber.com/software/b05a9763-4288-4656-bf4e-ba02bb8b35d6).[[Kaspersky Tomiris Sep 2021](https://app.tidalcyber.com/references/a881a7e4-a1df-4ad2-b67f-ef03caddb721)]", "meta": { - "platforms": [], "software_attack_id": "S0671", "source": "MITRE", "tags": [ @@ -29942,7 +29639,6 @@ ], "software_attack_id": "S0678", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -30127,7 +29823,6 @@ ], "software_attack_id": "S0094", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -30159,7 +29854,6 @@ ], "software_attack_id": "S0001", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -30250,7 +29944,6 @@ ], "software_attack_id": "S0178", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -30274,7 +29967,6 @@ ], "software_attack_id": "S0436", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -30404,7 +30096,6 @@ ], "software_attack_id": "S0647", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -30428,7 +30119,6 @@ ], "software_attack_id": "S0199", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -30473,7 +30163,6 @@ { "description": "[UACMe](https://app.tidalcyber.com/software/5788edee-d1b7-4406-9122-bee596362236) is an open source assessment tool that contains many methods for bypassing Windows User Account Control on multiple versions of the operating system. [[Github UACMe](https://app.tidalcyber.com/references/7006d59d-3b61-4030-a680-5dac52133722)]", "meta": { - "platforms": [], "software_attack_id": "S0116", "source": "MITRE", "tags": [ @@ -30499,7 +30188,6 @@ ], "software_attack_id": "S0333", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -30519,7 +30207,6 @@ ], "software_attack_id": "S0221", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -30539,7 +30226,6 @@ ], "software_attack_id": "S0130", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -30658,7 +30344,6 @@ ], "software_attack_id": "S0275", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -30863,7 +30548,6 @@ ], "software_attack_id": "S0452", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -31041,7 +30725,6 @@ ], "software_attack_id": "S0207", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -31106,7 +30789,6 @@ ], "software_attack_id": "S0442", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -31171,7 +30853,6 @@ ], "software_attack_id": "S0257", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -31258,7 +30939,6 @@ ], "software_attack_id": "S0180", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -31767,7 +31447,6 @@ ], "software_attack_id": "S0579", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -31982,7 +31661,6 @@ ], "software_attack_id": "S0206", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -32069,10 +31747,8 @@ { "description": "[WINDSHIELD](https://app.tidalcyber.com/software/ed50dcf7-e283-451e-95b1-a8485f8dd214) is a signature backdoor used by [APT32](https://app.tidalcyber.com/groups/c0fe9859-e8de-4ce1-bc3c-b489e914a145). [[FireEye APT32 May 2017](https://app.tidalcyber.com/references/b72d017b-a70f-4003-b3d9-90d79aca812d)]", "meta": { - "platforms": [], "software_attack_id": "S0155", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -32096,7 +31772,6 @@ ], "software_attack_id": "S0466", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -32115,10 +31790,8 @@ { "description": "[WINERACK](https://app.tidalcyber.com/software/5f994df7-55b0-4383-8ebc-506d4987292a) is a backdoor used by [APT37](https://app.tidalcyber.com/groups/013fdfdc-aa32-4779-8f6e-7920615cbf66). [[FireEye APT37 Feb 2018](https://app.tidalcyber.com/references/4d575c1a-4ff9-49ce-97cd-f9d0637c2271)]", "meta": { - "platforms": [], "software_attack_id": "S0219", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -32137,10 +31810,8 @@ { "description": "[Winexe](https://app.tidalcyber.com/software/65d5b524-0e84-417d-9884-e2c501abfacd) is a lightweight, open source tool similar to [PsExec](https://app.tidalcyber.com/software/73eb32af-4bd3-4e21-8048-355edc55a9c6) designed to allow system administrators to execute commands on remote servers. [[Winexe Github Sept 2013](https://app.tidalcyber.com/references/7003e2d4-83e5-4672-aaa9-53cc4bcb08b5)] [Winexe](https://app.tidalcyber.com/software/65d5b524-0e84-417d-9884-e2c501abfacd) is unique in that it is a GNU/Linux based client. [[Überwachung APT28 Forfiles June 2015](https://app.tidalcyber.com/references/3b85fff0-88d8-4df6-af0b-66e57492732e)]", "meta": { - "platforms": [], "software_attack_id": "S0191", "source": "MITRE", - "tags": [], "type": "tool" }, "related": [ @@ -32172,7 +31843,6 @@ ], "software_attack_id": "S0176", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -32237,7 +31907,6 @@ ], "software_attack_id": "S0059", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -32261,7 +31930,6 @@ ], "software_attack_id": "S0430", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -32289,7 +31957,6 @@ ], "software_attack_id": "S0141", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -32451,7 +32118,6 @@ { "description": "[Wiper](https://app.tidalcyber.com/software/627e05c2-c02e-433e-9288-c2d78bce156f) is a family of destructive malware used in March 2013 during breaches of South Korean banks and media companies. [[Dell Wiper](https://app.tidalcyber.com/references/be6629ef-e7c6-411c-9bd2-34e59062cadd)]", "meta": { - "platforms": [], "software_attack_id": "S0041", "source": "MITRE", "tags": [ @@ -32607,7 +32273,6 @@ ], "software_attack_id": "S1065", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -32898,7 +32563,6 @@ ], "software_attack_id": "S0161", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -32927,7 +32591,6 @@ ], "software_attack_id": "S0341", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -32947,7 +32610,6 @@ ], "software_attack_id": "S0653", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -32966,10 +32628,8 @@ { "description": "[xCmd](https://app.tidalcyber.com/software/d943d3d9-3a99-464f-94f0-95aa7963d858) is an open source tool that is similar to [PsExec](https://app.tidalcyber.com/software/73eb32af-4bd3-4e21-8048-355edc55a9c6) and allows the user to execute applications on remote systems. [[xCmd](https://app.tidalcyber.com/references/430fc6ef-33c5-4cd8-b785-358e4aae5230)]", "meta": { - "platforms": [], "software_attack_id": "S0123", "source": "MITRE", - "tags": [], "type": "tool" }, "related": [ @@ -33181,7 +32841,6 @@ ], "software_attack_id": "S0117", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -33345,10 +33004,8 @@ { "description": "[Zeroaccess](https://app.tidalcyber.com/software/2f52b513-5293-4833-9c4d-b120e7a84341) is a kernel-mode [Rootkit](https://app.tidalcyber.com/technique/cf2b56f6-3ebd-48ec-b9d9-835397acef89) that attempts to add victims to the ZeroAccess botnet, often for monetary gain. [[Sophos ZeroAccess](https://app.tidalcyber.com/references/41b51767-62f1-45c2-98cb-47c44c975a58)]", "meta": { - "platforms": [], "software_attack_id": "S0027", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -33457,7 +33114,6 @@ ], "software_attack_id": "S0086", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -33519,7 +33175,6 @@ ], "software_attack_id": "S0672", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ @@ -33633,7 +33288,6 @@ ], "software_attack_id": "S1013", "source": "MITRE", - "tags": [], "type": "malware" }, "related": [ diff --git a/clusters/tidal-tactic.json b/clusters/tidal-tactic.json index ff4bdd9..4db9606 100644 --- a/clusters/tidal-tactic.json +++ b/clusters/tidal-tactic.json @@ -12,8 +12,7 @@ "meta": { "ordinal_position": 1, "source": "MITRE", - "tactic_attack_id": "TA0043", - "tags": [] + "tactic_attack_id": "TA0043" }, "related": [ { @@ -201,8 +200,7 @@ "meta": { "ordinal_position": 2, "source": "MITRE", - "tactic_attack_id": "TA0042", - "tags": [] + "tactic_attack_id": "TA0042" }, "related": [ { @@ -394,8 +392,7 @@ "meta": { "ordinal_position": 3, "source": "MITRE", - "tactic_attack_id": "TA0001", - "tags": [] + "tactic_attack_id": "TA0001" }, "related": [ { @@ -491,8 +488,7 @@ "meta": { "ordinal_position": 4, "source": "MITRE", - "tactic_attack_id": "TA0002", - "tags": [] + "tactic_attack_id": "TA0002" }, "related": [ { @@ -648,8 +644,7 @@ "meta": { "ordinal_position": 5, "source": "MITRE", - "tactic_attack_id": "TA0003", - "tags": [] + "tactic_attack_id": "TA0003" }, "related": [ { @@ -1121,8 +1116,7 @@ "meta": { "ordinal_position": 6, "source": "MITRE", - "tactic_attack_id": "TA0004", - "tags": [] + "tactic_attack_id": "TA0004" }, "related": [ { @@ -1550,8 +1544,7 @@ "meta": { "ordinal_position": 7, "source": "MITRE", - "tactic_attack_id": "TA0005", - "tags": [] + "tactic_attack_id": "TA0005" }, "related": [ { @@ -2327,8 +2320,7 @@ "meta": { "ordinal_position": 8, "source": "MITRE", - "tactic_attack_id": "TA0006", - "tags": [] + "tactic_attack_id": "TA0006" }, "related": [ { @@ -2596,8 +2588,7 @@ "meta": { "ordinal_position": 9, "source": "MITRE", - "tactic_attack_id": "TA0007", - "tags": [] + "tactic_attack_id": "TA0007" }, "related": [ { @@ -2793,8 +2784,7 @@ "meta": { "ordinal_position": 10, "source": "MITRE", - "tactic_attack_id": "TA0008", - "tags": [] + "tactic_attack_id": "TA0008" }, "related": [ { @@ -2898,8 +2888,7 @@ "meta": { "ordinal_position": 11, "source": "MITRE", - "tactic_attack_id": "TA0009", - "tags": [] + "tactic_attack_id": "TA0009" }, "related": [ { @@ -3059,8 +3048,7 @@ "meta": { "ordinal_position": 12, "source": "MITRE", - "tactic_attack_id": "TA0011", - "tags": [] + "tactic_attack_id": "TA0011" }, "related": [ { @@ -3232,8 +3220,7 @@ "meta": { "ordinal_position": 13, "source": "MITRE", - "tactic_attack_id": "TA0010", - "tags": [] + "tactic_attack_id": "TA0010" }, "related": [ { @@ -3321,8 +3308,7 @@ "meta": { "ordinal_position": 14, "source": "MITRE", - "tactic_attack_id": "TA0040", - "tags": [] + "tactic_attack_id": "TA0040" }, "related": [ { diff --git a/clusters/tidal-technique.json b/clusters/tidal-technique.json index 2140816..0fde8d2 100644 --- a/clusters/tidal-technique.json +++ b/clusters/tidal-technique.json @@ -114,8 +114,7 @@ "Office 365", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -251,8 +250,7 @@ "platforms": [ "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -297,8 +295,7 @@ "SaaS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -382,8 +379,7 @@ "SaaS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -539,8 +535,7 @@ "SaaS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -585,8 +580,7 @@ "platforms": [ "PRE" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -723,8 +717,7 @@ "platforms": [ "PRE" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -818,8 +811,7 @@ "platforms": [ "PRE" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -908,8 +900,7 @@ "Network", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -1004,8 +995,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -1040,8 +1030,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -1105,8 +1094,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -1137,8 +1125,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -1159,8 +1146,7 @@ "SaaS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -1195,8 +1181,7 @@ "Network", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -1217,8 +1202,7 @@ "platforms": [ "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -1507,8 +1491,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -1682,8 +1665,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -1726,8 +1708,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -1746,8 +1727,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -1764,8 +1744,7 @@ "platforms": [ "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -1851,8 +1830,7 @@ "SaaS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -1885,8 +1863,7 @@ "platforms": [ "Containers" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -1905,8 +1882,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -1924,8 +1900,7 @@ "Azure AD", "IaaS" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -1942,8 +1917,7 @@ "platforms": [ "IaaS" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -1963,8 +1937,7 @@ "IaaS", "Office 365" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -1985,8 +1958,7 @@ "Office 365", "SaaS" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -2003,8 +1975,7 @@ "platforms": [ "IaaS" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -2163,8 +2134,7 @@ "Office 365", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -2219,8 +2189,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -2282,8 +2251,7 @@ "platforms": [ "PRE" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -2314,8 +2282,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -2437,8 +2404,7 @@ "platforms": [ "PRE" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -2483,8 +2449,7 @@ "platforms": [ "Containers" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -2501,8 +2466,7 @@ "platforms": [ "Containers" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -2521,8 +2485,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -2597,8 +2560,7 @@ "SaaS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -2705,8 +2667,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -2836,8 +2797,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -2882,8 +2842,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -2932,8 +2891,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -2961,8 +2919,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -2982,8 +2939,7 @@ "Office 365", "SaaS" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -3030,8 +2986,7 @@ "platforms": [ "Network" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -3107,8 +3062,7 @@ "SaaS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -3140,8 +3094,7 @@ "Network", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -3160,8 +3113,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -3180,8 +3132,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -3245,8 +3196,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -3322,8 +3272,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -3385,8 +3334,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -3413,8 +3361,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -3433,8 +3380,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -3488,8 +3434,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -3516,8 +3461,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -3534,8 +3478,7 @@ "platforms": [ "Containers" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -3616,8 +3559,7 @@ "platforms": [ "PRE" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -3652,8 +3594,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -3670,8 +3611,7 @@ "platforms": [ "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -3721,8 +3661,7 @@ "Network", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -3786,8 +3725,7 @@ "Azure AD", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -3816,8 +3754,7 @@ "platforms": [ "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -3837,8 +3774,7 @@ "SaaS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -3902,8 +3838,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -3981,8 +3916,7 @@ "Office 365", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -4043,8 +3977,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -4137,8 +4070,7 @@ "SaaS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -4173,8 +4105,7 @@ "Linux", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -4236,8 +4167,7 @@ "platforms": [ "PRE" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -4575,8 +4505,7 @@ "SaaS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -4678,8 +4607,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -4752,8 +4680,7 @@ "SaaS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -4784,8 +4711,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -4819,8 +4745,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -4858,8 +4783,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -4945,8 +4869,7 @@ "SaaS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -4981,8 +4904,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -5002,8 +4924,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -5024,8 +4945,7 @@ "SaaS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -5045,8 +4965,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -5065,8 +4984,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -5088,8 +5006,7 @@ "Network", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -5109,8 +5026,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -5133,8 +5049,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -5154,8 +5069,7 @@ "Network", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -5204,8 +5118,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -5235,8 +5148,7 @@ "SaaS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -5256,8 +5168,7 @@ "Network", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -5274,8 +5185,7 @@ "platforms": [ "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -5329,8 +5239,7 @@ "SaaS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -5415,8 +5324,7 @@ "platforms": [ "PRE" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -5494,8 +5402,7 @@ "platforms": [ "PRE" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -5614,8 +5521,7 @@ "platforms": [ "PRE" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -5716,8 +5622,7 @@ "platforms": [ "PRE" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -5750,8 +5655,7 @@ "platforms": [ "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -5770,8 +5674,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -5956,8 +5859,7 @@ "Office 365", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -6296,8 +6198,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -6541,8 +6442,7 @@ "Office 365", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -6608,8 +6508,7 @@ "SaaS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -6627,8 +6526,7 @@ "Containers", "IaaS" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -6786,8 +6684,7 @@ "Office 365", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -6840,8 +6737,7 @@ "platforms": [ "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -6860,8 +6756,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -6883,8 +6778,7 @@ "Network", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -6980,8 +6874,7 @@ "Network", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -7023,8 +6916,7 @@ "SaaS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -7088,8 +6980,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -7120,8 +7011,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -7141,8 +7031,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -7297,8 +7186,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -7543,8 +7431,7 @@ "SaaS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -7676,8 +7563,7 @@ "platforms": [ "IaaS" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -7714,8 +7600,7 @@ "platforms": [ "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -7762,8 +7647,7 @@ "platforms": [ "Network" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -7790,8 +7674,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -7815,8 +7698,7 @@ "SaaS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -7835,8 +7717,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -7855,8 +7736,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -7888,8 +7768,7 @@ "platforms": [ "Network" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -7948,8 +7827,7 @@ "SaaS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -7979,8 +7857,7 @@ "Network", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -7999,8 +7876,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -8021,8 +7897,7 @@ "Network", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -8046,8 +7921,7 @@ "Network", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -8066,8 +7940,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -8266,8 +8139,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -8422,8 +8294,7 @@ "platforms": [ "PRE" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -8555,8 +8426,7 @@ "Office 365", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -8719,8 +8589,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -8773,8 +8642,7 @@ "Network", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -8793,8 +8661,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -8864,8 +8731,7 @@ "SaaS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -8959,8 +8825,7 @@ "SaaS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -9053,8 +8918,7 @@ "platforms": [ "PRE" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -9087,8 +8951,7 @@ "platforms": [ "macOS" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -9108,8 +8971,7 @@ "Network", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -9224,8 +9086,7 @@ "Network", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -9269,8 +9130,7 @@ "Network", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -9517,8 +9377,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -9589,8 +9448,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -9670,8 +9528,7 @@ "Network", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -9704,8 +9561,7 @@ "platforms": [ "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -9724,8 +9580,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -9744,8 +9599,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -9885,8 +9739,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -9967,8 +9820,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -9996,8 +9848,7 @@ "Network", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -10014,8 +9865,7 @@ "platforms": [ "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -10040,8 +9890,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -10058,8 +9907,7 @@ "platforms": [ "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -10078,8 +9926,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -10214,8 +10061,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -10262,8 +10108,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -10282,8 +10127,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -10330,8 +10174,7 @@ "platforms": [ "PRE" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -10431,8 +10274,7 @@ "platforms": [ "PRE" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -10514,8 +10356,7 @@ "platforms": [ "PRE" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -10544,8 +10385,7 @@ "platforms": [ "PRE" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -10564,8 +10404,7 @@ "Office 365", "SaaS" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -10660,8 +10499,7 @@ "Network", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -10700,8 +10538,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -10720,8 +10557,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -10741,8 +10577,7 @@ "Network", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -10785,8 +10620,7 @@ "SaaS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -10897,8 +10731,7 @@ "platforms": [ "PRE" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -10943,8 +10776,7 @@ "Office 365", "SaaS" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -10964,8 +10796,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -11044,8 +10875,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -11083,8 +10913,7 @@ "SaaS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -11193,8 +11022,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -11282,8 +11110,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -11509,8 +11336,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -11583,8 +11409,7 @@ "Network", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -11619,8 +11444,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -11674,8 +11498,7 @@ "Network", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -11704,8 +11527,7 @@ "Network", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -11725,8 +11547,7 @@ "Network", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -11758,8 +11579,7 @@ "platforms": [ "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -11782,8 +11602,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -11832,8 +11651,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -11861,8 +11679,7 @@ "Network", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -11880,8 +11697,7 @@ "Network", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -11902,8 +11718,7 @@ "SaaS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -11920,8 +11735,7 @@ "platforms": [ "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -11987,8 +11801,7 @@ "Network", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -12021,8 +11834,7 @@ "platforms": [ "IaaS" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -12054,8 +11866,7 @@ "platforms": [ "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -12081,8 +11892,7 @@ "SaaS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -12228,8 +12038,7 @@ "SaaS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -12278,8 +12087,7 @@ "platforms": [ "IaaS" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -12377,8 +12185,7 @@ "SaaS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -12464,8 +12271,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -12611,8 +12417,7 @@ "SaaS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -12659,8 +12464,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -12736,8 +12540,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -12800,8 +12603,7 @@ "platforms": [ "Network" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -12873,8 +12675,7 @@ "macOS", "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -12903,8 +12704,7 @@ "platforms": [ "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { @@ -12921,8 +12721,7 @@ "platforms": [ "Windows" ], - "source": "MITRE", - "tags": [] + "source": "MITRE" }, "related": [ { diff --git a/tools/tidal-api/models/cluster.py b/tools/tidal-api/models/cluster.py index c6703fd..1877d04 100644 --- a/tools/tidal-api/models/cluster.py +++ b/tools/tidal-api/models/cluster.py @@ -99,7 +99,7 @@ class ClusterValue: def return_value(self): value_dict = asdict(self) value_dict["meta"] = { - k: v for k, v in asdict(self.meta).items() if v is not None + k: v for k, v in asdict(self.meta).items() if v is not None and v != [] } return value_dict