From 88162aa44e438b8feb9291ca52f2949180a80b3c Mon Sep 17 00:00:00 2001 From: Christophe Vandeplas Date: Tue, 14 Aug 2018 09:32:24 +0200 Subject: [PATCH] chg: [mapping] Generated automatic mapping between clusters --- clusters/android.json | 169 +- clusters/banker.json | 145 +- clusters/botnet.json | 97 +- clusters/exploit-kit.json | 36 +- clusters/microsoft-activity-group.json | 84 +- ...mitre-enterprise-attack-intrusion-set.json | 841 +++++++++- clusters/mitre-enterprise-attack-malware.json | 906 +++++++++- clusters/mitre-enterprise-attack-tool.json | 63 +- clusters/mitre-intrusion-set.json | 613 ++++++- clusters/mitre-malware.json | 762 ++++++++- .../mitre-mobile-attack-intrusion-set.json | 46 +- clusters/mitre-mobile-attack-malware.json | 70 +- clusters/mitre-mobile-attack-tool.json | 11 +- clusters/mitre-pre-attack-intrusion-set.json | 140 +- clusters/mitre-tool.json | 45 +- clusters/ransomware.json | 272 ++- clusters/rat.json | 376 ++++- clusters/threat-actor.json | 1491 ++++++++++++++++- clusters/tool.json | 1132 ++++++++++++- tools/gen_mapping.py | 204 +++ 20 files changed, 7484 insertions(+), 19 deletions(-) create mode 100755 tools/gen_mapping.py diff --git a/clusters/android.json b/clusters/android.json index 8ed2c68..fe02830 100644 --- a/clusters/android.json +++ b/clusters/android.json @@ -84,6 +84,15 @@ "Invisble Man" ] }, + "related": [ + { + "dest-uuid": "a33df440-f112-4a5e-a290-3c65dae6091d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "426ead34-b3e6-45c7-ba22-5b8f3b8214bd", "value": "Svpeng" }, @@ -127,6 +136,15 @@ "http://blog.checkpoint.com/wp-content/uploads/2016/07/HummingBad-Research-report_FINAL-62916.pdf" ] }, + "related": [ + { + "dest-uuid": "c8770c81-c29f-40d2-a140-38544206b2b4", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "f5cacc72-f02a-42d1-a020-7a59650086bb", "value": "HummingBad" }, @@ -227,6 +245,22 @@ "Bankosy" ] }, + "related": [ + { + "dest-uuid": "f8047de2-fefc-4ee0-825b-f1fae4b20c09", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "620981e8-49c8-486a-b30c-359702c8ffbc", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "3d3aa832-8847-47c5-9e31-ef13ab7ab6fb", "value": "GM Bot" }, @@ -256,6 +290,29 @@ "Backdoor:Java/Adwind" ] }, + "related": [ + { + "dest-uuid": "b76d9845-815c-4e77-9538-6b737269da2f", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "ab4694d6-7043-41f2-b328-d93bec9c1b22", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "dadccdda-a4c2-4021-90b9-61a394e602be", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "ce1a9641-5bb8-4a61-990a-870e9ef36ac1", "value": "Adwind" }, @@ -301,6 +358,15 @@ "https://www.symantec.com/security_response/writeup.jsp?docid=2015-101207-3555-99" ] }, + "related": [ + { + "dest-uuid": "c80a6bef-b3ce-44d0-b113-946e93124898", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "0c769e82-df28-4f65-97f5-7f3d88488f2e", "value": "Kemoge" }, @@ -682,6 +748,22 @@ "https://www.symantec.com/security_response/writeup.jsp?docid=2014-072316-5249-99" ] }, + "related": [ + { + "dest-uuid": "f8047de2-fefc-4ee0-825b-f1fae4b20c09", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "3d3aa832-8847-47c5-9e31-ef13ab7ab6fb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "620981e8-49c8-486a-b30c-359702c8ffbc", "value": "Bankosy" }, @@ -2138,6 +2220,15 @@ "IcicleGum" ] }, + "related": [ + { + "dest-uuid": "a5be6094-2d17-11e8-a5b1-ff153ed7d9c3", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "52c5f9b3-e9ed-4c86-b4a8-d4ebc68a4d7b", "value": "Igexin" }, @@ -3548,6 +3639,29 @@ "https://www.symantec.com/security_response/writeup.jsp?docid=2015-110509-4646-99" ] }, + "related": [ + { + "dest-uuid": "b76d9845-815c-4e77-9538-6b737269da2f", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "ab4694d6-7043-41f2-b328-d93bec9c1b22", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "ce1a9641-5bb8-4a61-990a-870e9ef36ac1", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "dadccdda-a4c2-4021-90b9-61a394e602be", "value": "Sockrat" }, @@ -3558,6 +3672,50 @@ "https://www.symantec.com/security_response/writeup.jsp?docid=2017-010508-5201-99" ] }, + "related": [ + { + "dest-uuid": "60c18d06-7b91-4742-bae3-647845cd9d81", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "1de47f51-1f20-403b-a2e1-5eaabe275faa", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "3948ce95-468e-4ce1-82b1-57439c6d6afd", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "8ae43c46-57ef-47d5-a77a-eebb35628db2", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729", "value": "Sofacy" }, @@ -4214,6 +4372,15 @@ "https://source.android.com/security/reports/Google_Android_Security_2017_Report_Final.pdf" ] }, + "related": [ + { + "dest-uuid": "52c5f9b3-e9ed-4c86-b4a8-d4ebc68a4d7b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "a5be6094-2d17-11e8-a5b1-ff153ed7d9c3", "value": "IcicleGum" }, @@ -4320,5 +4487,5 @@ "value": "Skygofree" } ], - "version": 10 + "version": 11 } diff --git a/clusters/banker.json b/clusters/banker.json index f72ab86..072777b 100644 --- a/clusters/banker.json +++ b/clusters/banker.json @@ -20,6 +20,22 @@ "Zbot" ] }, + "related": [ + { + "dest-uuid": "0ce448de-c2bb-4c6e-9ad7-c4030f02b4d7", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "e878d24d-f122-48c4-930c-f6b6d5f0ee28", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "f0ec2df5-2e38-4df3-970d-525352006f2e", "value": "Zeus" }, @@ -37,6 +53,15 @@ "Neverquest" ] }, + "related": [ + { + "dest-uuid": "e95dd1ba-7485-4c02-bf2e-14beedbcf053", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "f3813bbd-682c-400d-8165-778be6d3f91f", "value": "Vawtrak" }, @@ -52,6 +77,22 @@ "Feodo Version D" ] }, + "related": [ + { + "dest-uuid": "276c2c2e-09da-44cf-a3f7-806b3feb41da", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "7ca93488-c357-44c3-b246-3f88391aca5a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "44754726-e1d5-4e5f-a113-234c4a8ca65e", "value": "Dridex" }, @@ -71,6 +112,15 @@ "Papras" ] }, + "related": [ + { + "dest-uuid": "75b01a1e-3269-4f4c-bdba-37af4e9c3f54", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "b9448d2a-a23c-4bf2-92a1-d860716ba2f3", "value": "Gozi" }, @@ -259,6 +309,15 @@ "Dyreza" ] }, + "related": [ + { + "dest-uuid": "63c2a130-8a5b-452f-ad96-07cf0af12ffe", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "15e969e6-f031-4441-a49b-f401332e4b00", "value": "Dyre" }, @@ -278,6 +337,22 @@ "illi" ] }, + "related": [ + { + "dest-uuid": "96b2b31e-b191-43c4-9929-48ba1cbee62c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "75f53ead-1aee-4f91-8cb9-b4170d747cfc", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "5594b171-32ec-4145-b712-e7701effffdd", "value": "Tinba" }, @@ -294,6 +369,15 @@ "Emotet" ] }, + "related": [ + { + "dest-uuid": "3f7616bd-f1de-46ee-87c2-43c0c2edaa28", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "8e002f78-7fb8-4e70-afd7-0b4ac655be26", "value": "Geodo" }, @@ -311,6 +395,22 @@ "Cridex" ] }, + "related": [ + { + "dest-uuid": "276c2c2e-09da-44cf-a3f7-806b3feb41da", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "44754726-e1d5-4e5f-a113-234c4a8ca65e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "7ca93488-c357-44c3-b246-3f88391aca5a", "value": "Feodo" }, @@ -325,6 +425,15 @@ "Nimnul" ] }, + "related": [ + { + "dest-uuid": "8ed81090-f098-4878-b87e-2d801b170759", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "7e2288ec-e7d4-4833-9245-a2bc5ae40ee2", "value": "Ramnit" }, @@ -342,6 +451,22 @@ "Pinkslipbot" ] }, + "related": [ + { + "dest-uuid": "ac2ff27d-a7cb-46fe-ae32-cfe571dc614d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "6e1168e6-7768-4fa2-951f-6d6934531633", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "b2ec1f16-2a76-4910-adc5-ecb3570e7c1a", "value": "Qakbot" }, @@ -376,6 +501,15 @@ "Xbot" ] }, + "related": [ + { + "dest-uuid": "da21929e-40c0-443d-bdf4-6b60d15448b4", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "e683cd91-40b4-4e1c-be25-34a27610a22e", "value": "TinyNuke" }, @@ -542,6 +676,15 @@ "https://community.rsa.com/community/products/netwitness/blog/2017/12/08/gratefulpos-credit-card-stealing-malware-just-in-time-for-the-shopping-season" ] }, + "related": [ + { + "dest-uuid": "4cfe3f22-96b8-4d3d-a6cc-85835d9471e2", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "7d9362e5-e3cf-4640-88a2-3faf31952963", "value": "GratefulPOS" }, @@ -687,5 +830,5 @@ "value": "Kronos" } ], - "version": 11 + "version": 12 } diff --git a/clusters/botnet.json b/clusters/botnet.json index 15a4836..243fa61 100644 --- a/clusters/botnet.json +++ b/clusters/botnet.json @@ -48,6 +48,15 @@ "Kraken" ] }, + "related": [ + { + "dest-uuid": "e721809b-2785-4ce3-b95a-7fde2762f736", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "7296f769-9bb7-474d-bbc7-5839f71d052a", "value": "Marina Botnet" }, @@ -134,6 +143,22 @@ "https://en.wikipedia.org/wiki/Akbot" ] }, + "related": [ + { + "dest-uuid": "ac2ff27d-a7cb-46fe-ae32-cfe571dc614d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "b2ec1f16-2a76-4910-adc5-ecb3570e7c1a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "6e1168e6-7768-4fa2-951f-6d6934531633", "value": "Akbot" }, @@ -344,6 +369,15 @@ "Oficla" ] }, + "related": [ + { + "dest-uuid": "b3ea33fd-eaa0-4bab-9bd0-12534c9aa987", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "65a30580-d542-4113-b00f-7fab98bd046c", "value": "BredoLab" }, @@ -385,6 +419,15 @@ "Kracken" ] }, + "related": [ + { + "dest-uuid": "7296f769-9bb7-474d-bbc7-5839f71d052a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "e721809b-2785-4ce3-b95a-7fde2762f736", "value": "Kraken" }, @@ -455,6 +498,22 @@ "Kneber" ] }, + "related": [ + { + "dest-uuid": "0ce448de-c2bb-4c6e-9ad7-c4030f02b4d7", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f0ec2df5-2e38-4df3-970d-525352006f2e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "e878d24d-f122-48c4-930c-f6b6d5f0ee28", "value": "Zeus" }, @@ -480,6 +539,15 @@ "https://en.wikipedia.org/wiki/Botnet" ] }, + "related": [ + { + "dest-uuid": "7e2288ec-e7d4-4833-9245-a2bc5ae40ee2", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "8ed81090-f098-4878-b87e-2d801b170759", "value": "Ramnit" }, @@ -514,6 +582,15 @@ "https://en.wikipedia.org/wiki/Mirai_(malware)" ] }, + "related": [ + { + "dest-uuid": "dcbf1aaa-1fdd-4bfc-a35e-145ffdfb5ac5", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "fcdfd4af-da35-49a8-9610-19be8a487185", "value": "Mirai" }, @@ -538,6 +615,15 @@ "Okiru" ] }, + "related": [ + { + "dest-uuid": "1ad4697b-3388-48ed-8621-85abebf5dbbf", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "e77cf495-632a-4459-aad1-cdf29d73683f", "value": "Satori" }, @@ -653,6 +739,15 @@ "Mad Max" ] }, + "related": [ + { + "dest-uuid": "d3d56dd0-3409-470a-958b-a865fdd158f9", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "7a6fcec7-3408-4371-907b-cbf8fc931b66", "value": "Madmax" }, @@ -707,5 +802,5 @@ "value": "Bamital" } ], - "version": 8 + "version": 9 } diff --git a/clusters/exploit-kit.json b/clusters/exploit-kit.json index 8603845..69f08b3 100644 --- a/clusters/exploit-kit.json +++ b/clusters/exploit-kit.json @@ -233,6 +233,22 @@ "3ROS Exploit Kit" ] }, + "related": [ + { + "dest-uuid": "75f53ead-1aee-4f91-8cb9-b4170d747cfc", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "5594b171-32ec-4145-b712-e7701effffdd", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "96b2b31e-b191-43c4-9929-48ba1cbee62c", "value": "Hunter" }, @@ -291,6 +307,15 @@ "BHEK" ] }, + "related": [ + { + "dest-uuid": "2ea1f494-cf18-49fb-a043-36555131dd7c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "e6201dc3-01a7-40c5-ba72-02fa470ada53", "value": "BlackHole" }, @@ -354,6 +379,15 @@ "RIG-E" ] }, + "related": [ + { + "dest-uuid": "525ce93a-76a1-441a-9c45-0eac64d0ed12", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "6eb15569-4ddd-4820-9a44-7bca5b303b86", "value": "Empire" }, @@ -671,5 +705,5 @@ "value": "Unknown" } ], - "version": 7 + "version": 8 } diff --git a/clusters/microsoft-activity-group.json b/clusters/microsoft-activity-group.json index b440f7c..31e0526 100644 --- a/clusters/microsoft-activity-group.json +++ b/clusters/microsoft-activity-group.json @@ -15,6 +15,22 @@ "https://blogs.technet.microsoft.com/mmpc/2016/12/14/twin-zero-day-attacks-promethium-and-neodymium-target-individuals-in-europe/" ] }, + "related": [ + { + "dest-uuid": "efed95ba-d7e8-47ff-8c53-99c42426ee7c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "43894e2a-174e-4931-94a8-2296afe8f650", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "5744f91a-d2d8-4f92-920f-943dd80c578f", "value": "PROMETHIUM" }, @@ -25,6 +41,22 @@ "https://blogs.technet.microsoft.com/mmpc/2016/12/14/twin-zero-day-attacks-promethium-and-neodymium-target-individuals-in-europe/" ] }, + "related": [ + { + "dest-uuid": "025bdaa9-897d-4bad-afa6-013ba5734653", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "ada08ea8-4517-4eea-aff1-3ad69e5466bb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "47b5007a-3fb1-466a-9578-629e6e735493", "value": "NEODYMIUM" }, @@ -35,6 +67,15 @@ "https://blogs.technet.microsoft.com/mmpc/2016/12/09/windows-10-protection-detection-and-response-against-recent-attacks/" ] }, + "related": [ + { + "dest-uuid": "46670c51-fea4-45d6-bdd4-62e85a5c7404", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "99784b80-6298-45ba-885c-0ed37bfd8324", "value": "TERBIUM" }, @@ -60,6 +101,22 @@ "Grey-Cloud" ] }, + "related": [ + { + "dest-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "5b4ee3ea-eee3-4c8e-8323-85ae32658754", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "213cdde9-c11a-4ea9-8ce0-c868e9826fec", "value": "STRONTIUM" }, @@ -76,6 +133,15 @@ "darkhotel" ] }, + "related": [ + { + "dest-uuid": "b8c8b96d-61e6-47b1-8e38-fd8ad5d9854d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "b56af6ab-69f8-457a-bf50-c3aefa6dc14a", "value": "DUBNIUM" }, @@ -87,6 +153,22 @@ "http://download.microsoft.com/download/2/2/5/225BFE3E-E1DE-4F5B-A77B-71200928D209/Platinum%20feature%20article%20-%20Targeted%20attacks%20in%20South%20and%20Southeast%20Asia%20April%202016.pdf" ] }, + "related": [ + { + "dest-uuid": "f9c06633-dcff-48a1-8588-759e7cec5694", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "1fc5671f-5757-43bf-8d6d-a9a93b03713a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "154e97b5-47ef-415a-99a6-2157f1b50339", "value": "PLATINUM" }, @@ -121,5 +203,5 @@ "value": "ZIRCONIUM" } ], - "version": 3 + "version": 4 } diff --git a/clusters/mitre-enterprise-attack-intrusion-set.json b/clusters/mitre-enterprise-attack-intrusion-set.json index 2c194f2..46d59a7 100644 --- a/clusters/mitre-enterprise-attack-intrusion-set.json +++ b/clusters/mitre-enterprise-attack-intrusion-set.json @@ -20,6 +20,15 @@ "Poseidon Group" ] }, + "related": [ + { + "dest-uuid": "5fc09923-fcff-4e81-9cae-4518ef31cf4d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "7ecc3b4f-5cdb-457e-b55a-df376b359446", "value": "Poseidon Group - G0033" }, @@ -51,6 +60,15 @@ "PittyTiger" ] }, + "related": [ + { + "dest-uuid": "4d37813c-b8e9-4e58-a758-03168d8aa189", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "fe98767f-9df8-42b9-83c9-004b1dec8647", "value": "PittyTiger - G0011" }, @@ -66,6 +84,15 @@ "admin@338" ] }, + "related": [ + { + "dest-uuid": "ac4bce1f-b3ec-4c44-bd36-b6cc986b319b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "16ade1aa-0ea1-4bb7-88cc-9079df2ae756", "value": "admin@338 - G0018" }, @@ -111,6 +138,15 @@ "Sowbug" ] }, + "related": [ + { + "dest-uuid": "1ca3b039-404e-4132-88c2-4e41235cd2f5", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "d1acfbb3-647b-4723-9154-800ec119006e", "value": "Sowbug - G0054" }, @@ -136,6 +172,22 @@ "TG-4127" ] }, + "related": [ + { + "dest-uuid": "213cdde9-c11a-4ea9-8ce0-c868e9826fec", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "5b4ee3ea-eee3-4c8e-8323-85ae32658754", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", "value": "APT28 - G0007" }, @@ -150,6 +202,22 @@ "PLATINUM" ] }, + "related": [ + { + "dest-uuid": "154e97b5-47ef-415a-99a6-2157f1b50339", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "1fc5671f-5757-43bf-8d6d-a9a93b03713a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "f9c06633-dcff-48a1-8588-759e7cec5694", "value": "PLATINUM - G0068" }, @@ -168,6 +236,22 @@ "Blackfly" ] }, + "related": [ + { + "dest-uuid": "24110866-cb22-4c85-a7d2-0413e126694b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "090242d7-73fc-4738-af68-20162f7a5aae", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "c5947e1c-1cbc-434c-94b8-27c7e3be0fff", "value": "Winnti Group - G0044" }, @@ -191,6 +275,22 @@ "Black Vine" ] }, + "related": [ + { + "dest-uuid": "066d25c1-71bd-4bd4-8ca7-edbba00063f4", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "0286e80e-b0ed-464f-ad62-beec8536d0cb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "a653431d-6a5e-4600-8ad3-609b5af57064", "value": "Deep Panda - G0009" }, @@ -207,6 +307,15 @@ "Gaza Cybergang" ] }, + "related": [ + { + "dest-uuid": "f7c2e501-73b1-400f-a5d9-2e2e07b7dfde", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "df71bb3b-813c-45eb-a8bc-f2a419837411", "value": "Molerats - G0021" }, @@ -224,6 +333,15 @@ "ProjectSauron" ] }, + "related": [ + { + "dest-uuid": "f3179cfb-9c86-4980-bd6b-e4fa74adaaa7", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "277d2f87-2ae5-4730-a3aa-50c1fdff9656", "value": "Strider - G0041" }, @@ -240,6 +358,29 @@ "Quedagh" ] }, + "related": [ + { + "dest-uuid": "f512de42-f76b-40d2-9923-59e7dbdfec35", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "b47250ec-2094-4d06-b658-11456e05fe89", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "feac86e4-6bb2-4ba0-ac99-806aeb0a776c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "381fcf73-60f6-4ab2-9991-6af3cbc35192", "value": "Sandworm Team - G0034" }, @@ -255,6 +396,15 @@ "FIN6" ] }, + "related": [ + { + "dest-uuid": "647894f6-1723-4cba-aba4-0ef0966d5302", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "2a7914cf-dff3-428d-ab0f-1014d1c28aeb", "value": "FIN6 - G0037" }, @@ -270,6 +420,15 @@ "Dust Storm" ] }, + "related": [ + { + "dest-uuid": "9e71024e-817f-45b0-92a0-d886c30bc929", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "ae41895a-243f-4a65-b99b-d85022326c31", "value": "Dust Storm - G0031" }, @@ -285,6 +444,15 @@ "TA459" ] }, + "related": [ + { + "dest-uuid": "c6472ae1-c6ad-4cf1-8d6e-8c94b94fe314", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "62a64fd3-aaf7-4d09-a375-d6f8bb118481", "value": "TA459 - G0062" }, @@ -305,6 +473,22 @@ "TEMP.Reaper" ] }, + "related": [ + { + "dest-uuid": "bb446dc2-4fee-4212-8b2c-3ffa2917e338", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "50cd027f-df14-40b2-aa22-bf5de5061163", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "4a2ce82e-1a74-468a-a6fb-bbead541383c", "value": "APT37 - G0067" }, @@ -323,6 +507,71 @@ "Threat Group 2889" ] }, + "related": [ + { + "dest-uuid": "11e17436-6ede-4733-8547-4ce0254ea19e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "86724806-7ec9-4a48-a0a7-ecbde3bf4810", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "42be2a84-5a5c-4c6d-9864-3f09d75bb0ba", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "d56c99fa-4710-472c-81a6-41b7a84ea4be", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "a0082cfa-32e2-42b8-92d8-5c7a7409dcf1", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "ba724df5-9aa0-45ca-8e0e-7101c208ae48", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f98bac6b-12fd-4cad-be84-c84666932232", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f873db71-3d53-41d5-b141-530675ade27a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063", "value": "Cleaver - G0003" }, @@ -342,6 +591,15 @@ "DNSCALC" ] }, + "related": [ + { + "dest-uuid": "48146604-6693-4db1-bd94-159744726514", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "c47f937f-1022-4f42-8525-e7a4779a14cb", "value": "APT12 - G0005" }, @@ -359,6 +617,22 @@ "NEODYMIUM" ] }, + "related": [ + { + "dest-uuid": "47b5007a-3fb1-466a-9578-629e6e735493", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "ada08ea8-4517-4eea-aff1-3ad69e5466bb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "025bdaa9-897d-4bad-afa6-013ba5734653", "value": "NEODYMIUM - G0055" }, @@ -374,6 +648,15 @@ "APT34" ] }, + "related": [ + { + "dest-uuid": "73a521f6-3bc7-11e8-9e30-df7c90e50dda", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "68ba94ab-78b8-43e7-83e2-aed3466882c6", "value": "APT34 - G0057" }, @@ -389,6 +672,15 @@ "Moafee" ] }, + "related": [ + { + "dest-uuid": "a9b44750-992c-4743-8922-129880d277ea", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "2e5d3a83-fe00-41a5-9b60-237efc84832f", "value": "Moafee - G0002" }, @@ -408,6 +700,29 @@ "BRONZE UNION" ] }, + "related": [ + { + "dest-uuid": "834e0acd-d92a-4e38-bb14-dc4159d7cb32", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f1b9f7d6-6ab1-404b-91a6-a1ed1845c045", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "4af45fea-72d3-11e8-846c-d37699506c8d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "fb366179-766c-4a4a-afa1-52bff1fd601c", "value": "Threat Group-3390 - G0027" }, @@ -424,6 +739,15 @@ "DragonOK" ] }, + "related": [ + { + "dest-uuid": "a9b44750-992c-4743-8922-129880d277ea", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "f3bdec95-3d62-42d9-a840-29630f6cdc1a", "value": "DragonOK - G0017" }, @@ -442,6 +766,15 @@ "Comment Panda" ] }, + "related": [ + { + "dest-uuid": "1cb7e1cc-d695-42b1-92f4-fd0112a3c9be", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662", "value": "APT1 - G0006" }, @@ -457,6 +790,15 @@ "FIN10" ] }, + "related": [ + { + "dest-uuid": "6c74fda2-bb04-40bd-a166-8c2d4b952d33", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "fbe9387f-34e6-4828-ac28-3080020c597b", "value": "FIN10 - G0051" }, @@ -477,6 +819,29 @@ "OilRig" ] }, + "related": [ + { + "dest-uuid": "b96e02f1-4037-463f-b158-5a964352f8d9", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "42be2a84-5a5c-4c6d-9864-3f09d75bb0ba", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "a0082cfa-32e2-42b8-92d8-5c7a7409dcf1", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "4ca1929c-7d64-4aab-b849-badbfc0c760d", "value": "OilRig - G0049" }, @@ -492,6 +857,15 @@ "Charming Kitten" ] }, + "related": [ + { + "dest-uuid": "f98bac6b-12fd-4cad-be84-c84666932232", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "7636484c-adc5-45d4-9bfe-c3e062fbc4a0", "value": "Charming Kitten - G0058" }, @@ -558,6 +932,15 @@ "Musical Chairs" ] }, + "related": [ + { + "dest-uuid": "b3714d59-b61e-4713-903a-9b4f04ae7f3d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8", "value": "Night Dragon - G0014" }, @@ -575,6 +958,29 @@ "Naikon" ] }, + "related": [ + { + "dest-uuid": "2f1fd017-9df6-4759-91fb-e7039609b5ff", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "5e0a7cf2-6107-4d5f-9dd0-9df38b1fcba8", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f26144c5-8593-4e78-831a-11f6452d809b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "2a158b0a-7ef8-43cb-9985-bf34d1e12050", "value": "Naikon - G0019" }, @@ -607,6 +1013,22 @@ "OceanLotus Group" ] }, + "related": [ + { + "dest-uuid": "7e5a571f-dee2-4cae-a960-f8ab8a8fb1cf", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "aa29ae56-e54b-47a2-ad16-d3ab0242d5d7", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "247cb30b-955f-42eb-97a5-a89fef69341e", "value": "APT32 - G0050" }, @@ -623,6 +1045,15 @@ "TEMP.Zagros" ] }, + "related": [ + { + "dest-uuid": "a29af069-03c3-4534-b78b-7d1a77ea085b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "269e8108-68c6-4f99-b911-14b2e765dec2", "value": "MuddyWater - G0069" }, @@ -643,6 +1074,22 @@ "Operation Hangover" ] }, + "related": [ + { + "dest-uuid": "9559ecaf-2e75-48a7-aee8-9974020bc772", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "18d473a5-831b-47a5-97a1-a32156299825", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "17862c7d-9e60-48a0-b48e-da4dc4c3f6b0", "value": "Patchwork - G0040" }, @@ -659,6 +1106,29 @@ "APT30" ] }, + "related": [ + { + "dest-uuid": "2f1fd017-9df6-4759-91fb-e7039609b5ff", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "5e0a7cf2-6107-4d5f-9dd0-9df38b1fcba8", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f26144c5-8593-4e78-831a-11f6452d809b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "f047ee18-7985-4946-8bfb-4ed754d3a0dd", "value": "APT30 - G0013" }, @@ -669,6 +1139,22 @@ "https://attack.mitre.org/wiki/Group/G0042" ] }, + "related": [ + { + "dest-uuid": "17862c7d-9e60-48a0-b48e-da4dc4c3f6b0", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "18d473a5-831b-47a5-97a1-a32156299825", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "9559ecaf-2e75-48a7-aee8-9974020bc772", "value": "MONSOON - G0042" }, @@ -685,6 +1171,36 @@ "Deputy Dog" ] }, + "related": [ + { + "dest-uuid": "c5947e1c-1cbc-434c-94b8-27c7e3be0fff", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "24110866-cb22-4c85-a7d2-0413e126694b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "99e30d89-9361-4b73-a999-9e5ff9320bcb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "a0cb9370-e39b-44d5-9f50-ef78e412b973", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "090242d7-73fc-4738-af68-20162f7a5aae", "value": "APT17 - G0025" }, @@ -701,6 +1217,15 @@ "FIN7" ] }, + "related": [ + { + "dest-uuid": "00220228-a5a4-4032-a30d-826bb55aa3fb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "3753cc21-2dae-4dfb-8481-d004e74502cc", "value": "FIN7 - G0046" }, @@ -726,6 +1251,15 @@ "TG-0110" ] }, + "related": [ + { + "dest-uuid": "d144c83e-2302-4947-9e24-856fbf7949ae", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "0bbdf25b-30ff-4894-a1cd-49260d0dd2d9", "value": "APT3 - G0022" }, @@ -741,6 +1275,15 @@ "GCMAN" ] }, + "related": [ + { + "dest-uuid": "d93889de-b4bc-4a29-9ce7-d67717c140a0", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "0ea72cd5-ca30-46ba-bc04-378f701c658f", "value": "GCMAN - G0036" }, @@ -761,6 +1304,22 @@ "NICKEL ACADEMY" ] }, + "related": [ + { + "dest-uuid": "68391641-859f-4a9a-9a1e-3e5cf71ec376", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "027a1428-6e79-4a4b-82b9-e698e8525c2b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "c93fccb1-e8e8-42cf-ae33-2ad1d183913a", "value": "Lazarus Group - G0032" }, @@ -777,6 +1336,15 @@ "Spring Dragon" ] }, + "related": [ + { + "dest-uuid": "32fafa69-fe3c-49db-afd4-aac2664bcf0d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "88b7dbc2-32d3-4e31-af2f-3fc24e1582d7", "value": "Lotus Blossom - G0030" }, @@ -823,6 +1391,15 @@ "Energetic Bear" ] }, + "related": [ + { + "dest-uuid": "64d6559c-6d5c-4585-bbf9-c17868f763ee", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1", "value": "Dragonfly - G0035" }, @@ -838,6 +1415,15 @@ "Suckfly" ] }, + "related": [ + { + "dest-uuid": "5abb12e7-5066-4f84-a109-49a037205c76", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "5cbe0d3b-6fb1-471f-b591-4b192915116d", "value": "Suckfly - G0039" }, @@ -853,6 +1439,15 @@ "Stealth Falcon" ] }, + "related": [ + { + "dest-uuid": "dab75e38-6969-4e78-9304-dc269c3cbcf0", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "894aab42-3371-47b1-8859-a4a074c804c8", "value": "Stealth Falcon - G0038" }, @@ -871,6 +1466,15 @@ "Tick" ] }, + "related": [ + { + "dest-uuid": "add6554a-815a-4ac3-9b22-9337b9661ab8", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "93f52415-0fe4-4d3d-896c-fc9b8e88ab90", "value": "BRONZE BUTLER - G0060" }, @@ -886,6 +1490,15 @@ "Scarlet Mimic" ] }, + "related": [ + { + "dest-uuid": "0da10682-85c6-4c0b-bace-ba1f7adfb63e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "c5574ca0-d5a4-490a-b207-e4658e5fd1d7", "value": "Scarlet Mimic - G0029" }, @@ -920,6 +1533,22 @@ "WhiteBear" ] }, + "related": [ + { + "dest-uuid": "fa80877c-f509-4daf-8b62-20aba1635f68", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "c097471c-2405-4393-b6d7-afbcb5f0cd11", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "7a19ecb1-3c65-4de3-a230-993516aed6a6", "value": "Turla - G0010" }, @@ -940,6 +1569,15 @@ "Sneaky Panda" ] }, + "related": [ + { + "dest-uuid": "da754aeb-a86d-4874-b388-d1d2028a56be", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "03506554-5f37-4f8f-9ce4-0e9f01a1b484", "value": "Elderwood - G0066" }, @@ -959,6 +1597,15 @@ "CozyDuke" ] }, + "related": [ + { + "dest-uuid": "b2056ff0-00b9-482e-b11c-c771daa5f28a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "899ce53f-13a0-479b-a0e4-67d46e241542", "value": "APT29 - G0016" }, @@ -982,6 +1629,15 @@ "CVNX" ] }, + "related": [ + { + "dest-uuid": "56b37b05-72e7-4a89-ba8a-61ce45269a8c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "222fbd21-fc4f-4b7e-9f85-0e6e3a76c33f", "value": "menuPass - G0045" }, @@ -999,6 +1655,15 @@ "MSUpdater" ] }, + "related": [ + { + "dest-uuid": "0ca45163-e223-4167-b1af-f088ed14a93d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "5ce5392a-3a6c-4e07-9df3-9b6a9159ac45", "value": "Putter Panda - G0024" }, @@ -1018,6 +1683,22 @@ "Group 72" ] }, + "related": [ + { + "dest-uuid": "24110866-cb22-4c85-a7d2-0413e126694b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "090242d7-73fc-4738-af68-20162f7a5aae", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "a0cb9370-e39b-44d5-9f50-ef78e412b973", "value": "Axiom - G0001" }, @@ -1039,6 +1720,64 @@ "Cobalt Gypsy" ] }, + "related": [ + { + "dest-uuid": "ba724df5-9aa0-45ca-8e0e-7101c208ae48", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f98bac6b-12fd-4cad-be84-c84666932232", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f873db71-3d53-41d5-b141-530675ade27a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "86724806-7ec9-4a48-a0a7-ecbde3bf4810", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "42be2a84-5a5c-4c6d-9864-3f09d75bb0ba", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "d56c99fa-4710-472c-81a6-41b7a84ea4be", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "a0082cfa-32e2-42b8-92d8-5c7a7409dcf1", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13", "value": "Magic Hound - G0059" }, @@ -1055,6 +1794,15 @@ "FIN8" ] }, + "related": [ + { + "dest-uuid": "a78ae9fe-71cd-4563-9213-7b6260bd9a73", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "fd19bd82-1b14-49a1-a176-6cdc46b8a826", "value": "FIN8 - G0061" }, @@ -1071,6 +1819,22 @@ "PROMETHIUM" ] }, + "related": [ + { + "dest-uuid": "5744f91a-d2d8-4f92-920f-943dd80c578f", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "43894e2a-174e-4931-94a8-2296afe8f650", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "efed95ba-d7e8-47ff-8c53-99c42426ee7c", "value": "PROMETHIUM - G0056" }, @@ -1089,6 +1853,15 @@ "Carbon Spider" ] }, + "related": [ + { + "dest-uuid": "00220228-a5a4-4032-a30d-826bb55aa3fb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "55033a4d-3ffe-46b2-99b4-2c1541e9ce1c", "value": "Carbanak - G0008" }, @@ -1105,6 +1878,22 @@ "APT33" ] }, + "related": [ + { + "dest-uuid": "4f69ec6d-cb6b-42af-b8e2-920a2aa4be10", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "accd848b-b8f4-46ba-a408-9063b35cfbf2", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "fbd29c89-18ba-4c2d-b792-51c0adee049f", "value": "APT33 - G0064" }, @@ -1123,6 +1912,29 @@ "Dynamite Panda" ] }, + "related": [ + { + "dest-uuid": "9a683d9c-8f7d-43df-bba2-ad0ca71e277c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "2fb07fa4-0d7f-43c7-8ff4-b28404313fe7", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "8e28dbee-4e9e-4491-9a6c-ee9c9ec4b28b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "38fd6a28-3353-4f2b-bb2b-459fecd5c648", "value": "APT18 - G0026" }, @@ -1140,6 +1952,15 @@ "TEMP.Periscope" ] }, + "related": [ + { + "dest-uuid": "5b4b6980-3bc7-11e8-84d6-879aaac37dd9", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "7113eaa5-ba79-4fb3-b68a-398ee9cd698e", "value": "Leviathan - G0065" }, @@ -1157,6 +1978,15 @@ "CopyKittens" ] }, + "related": [ + { + "dest-uuid": "8cca9a1d-66e4-4bc4-ad49-95f759f4c1ae", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "dcd81c6e-ebf7-4a16-93e0-9a97fa49c88a", "value": "CopyKittens - G0052" }, @@ -1172,9 +2002,18 @@ "Gamaredon Group" ] }, + "related": [ + { + "dest-uuid": "1a77e156-76bc-43f5-bdd7-bd67f30fbbbb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "2e290bfe-93b5-48ce-97d6-edcd6d32b7cf", "value": "Gamaredon Group - G0047" } ], - "version": 4 + "version": 5 } diff --git a/clusters/mitre-enterprise-attack-malware.json b/clusters/mitre-enterprise-attack-malware.json index 06f1b54..42d6220 100644 --- a/clusters/mitre-enterprise-attack-malware.json +++ b/clusters/mitre-enterprise-attack-malware.json @@ -21,6 +21,15 @@ "Sasfis" ] }, + "related": [ + { + "dest-uuid": "6d1e2736-d363-49aa-9054-9c9e4ac0c520", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "2dd34b01-6110-4aac-835d-b5e7b936b0be", "value": "OLDBAIT - S0138" }, @@ -36,6 +45,15 @@ "PHOREAL" ] }, + "related": [ + { + "dest-uuid": "f9c6da03-8cb1-4383-9d52-a614c42082bf", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "f6ae7a52-f3b6-4525-9daf-640c083f006e", "value": "PHOREAL - S0158" }, @@ -99,6 +117,15 @@ "Hi-Zor" ] }, + "related": [ + { + "dest-uuid": "d22a3e65-75e5-4970-b424-bdc06ec33dba", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "5967cc93-57c9-404a-8ffd-097edfa7bdfc", "value": "Hi-Zor - S0087" }, @@ -115,6 +142,22 @@ "TEXTMATE" ] }, + "related": [ + { + "dest-uuid": "ee8ccb36-2596-43a3-a044-b8721dbeb2ab", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "17e919aa-4a49-445c-b103-dbb8df9e7351", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "4f6aa78c-c3d4-4883-9840-96ca2f5d6d47", "value": "TEXTMATE - S0146" }, @@ -147,6 +190,15 @@ "Black Energy" ] }, + "related": [ + { + "dest-uuid": "5a22cad7-65fa-4b7a-a7aa-7915a6101efa", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4", "value": "BlackEnergy - S0089" }, @@ -162,6 +214,15 @@ "XAgentOSX" ] }, + "related": [ + { + "dest-uuid": "5930509b-7793-4db9-bdfc-4edda7709d0d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "59a97b15-8189-4d51-9404-e1ce8ea4a069", "value": "XAgentOSX - S0161" }, @@ -193,6 +254,15 @@ "Havex" ] }, + "related": [ + { + "dest-uuid": "d7183f66-59ec-4803-be20-237b442259fc", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "083bb47b-02c8-4423-81a2-f9ef58572974", "value": "Backdoor.Oldrea - S0093" }, @@ -208,6 +278,15 @@ "NanHaiShu" ] }, + "related": [ + { + "dest-uuid": "7abd6950-7a07-4d9e-ade1-62414fa50619", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "705f0783-5f7d-4491-b6b7-9628e6e006d2", "value": "NanHaiShu - S0228" }, @@ -242,6 +321,15 @@ "HAYMAKER" ] }, + "related": [ + { + "dest-uuid": "d71604d2-a17e-4b4e-82be-19cb54f93161", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "dc5d1a33-62aa-4a0c-aa8c-589b87beb11e", "value": "ChChes - S0144" }, @@ -281,6 +369,15 @@ "9002 RAT" ] }, + "related": [ + { + "dest-uuid": "70c31066-237a-11e8-8eff-37ef1ad0c703", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "73a4793a-ce55-4159-b2a6-208ef29b326f", "value": "Hydraq - S0203" }, @@ -312,6 +409,15 @@ "Delphacy" ] }, + "related": [ + { + "dest-uuid": "837a295c-15ff-41c0-9b7e-5f2fb502b00a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "08d20cd2-f084-45ee-8558-fa6ef5a18519", "value": "Downdelph - S0134" }, @@ -343,6 +449,15 @@ "StreamEx" ] }, + "related": [ + { + "dest-uuid": "9991ace8-1a62-498c-a9ef-19d474deb505", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "91000a8a-58cc-4aba-9ad0-993ad6302b86", "value": "StreamEx - S0142" }, @@ -390,6 +505,15 @@ "Dofoil" ] }, + "related": [ + { + "dest-uuid": "81f41bae-2ba9-4cec-9613-776be71645ca", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "0c824410-58ff-49b2-9cf2-1c96b182bdf0", "value": "Smoke Loader - S0226" }, @@ -405,6 +529,22 @@ "Janicab" ] }, + "related": [ + { + "dest-uuid": "c3c20c4b-e12a-42e5-960a-eea4644014f4", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "4af4e96f-c92d-4a45-9958-a88ad8deb38d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "234e7770-99b0-4f65-b983-d3230f76a60b", "value": "Janicab - S0163" }, @@ -420,6 +560,15 @@ "WINERACK" ] }, + "related": [ + { + "dest-uuid": "49025073-4cd3-43b8-b893-e80a1d3adc04", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "49abab73-3c5c-476e-afd5-69b5c732d845", "value": "WINERACK - S0219" }, @@ -435,6 +584,15 @@ "WINDSHIELD" ] }, + "related": [ + { + "dest-uuid": "a89ed72c-202d-486b-9349-6ffc0a61e30a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "98e8a977-3416-43aa-87fa-33e287e9c14c", "value": "WINDSHIELD - S0155" }, @@ -450,6 +608,15 @@ "TinyZBot" ] }, + "related": [ + { + "dest-uuid": "e2cc27a2-4146-4f08-8e80-114a99204cea", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9", "value": "TinyZBot - S0004" }, @@ -466,6 +633,15 @@ "Lecna" ] }, + "related": [ + { + "dest-uuid": "cd6c5f27-cf7e-4529-ae9c-ab5b85102bde", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "fb261c56-b80e-43a9-8351-c84081e7213d", "value": "BACKSPACE - S0031" }, @@ -482,6 +658,15 @@ "ZeroT" ] }, + "related": [ + { + "dest-uuid": "ff00fa92-b32e-46b6-88ca-98357ebe3f54", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "4ab44516-ad75-4e43-a280-705dc0420e2f", "value": "ZeroT - S0230" }, @@ -532,6 +717,29 @@ "BUGJUICE" ] }, + "related": [ + { + "dest-uuid": "ad6a1b4a-6d79-40d4-adb7-1d7ca697347e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "90124cc8-1205-4e63-83ad-5c45a110b1e6", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "3df08e23-1d0b-41ed-b735-c4eca46ce48e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "17b40f60-729f-4fe8-8aea-cc9ee44a95d5", "value": "RedLeaves - S0153" }, @@ -592,6 +800,15 @@ "Duqu" ] }, + "related": [ + { + "dest-uuid": "809b54c3-dd6a-4ec9-8c3a-a27b9baa6732", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "68dca94f-c11d-421e-9287-7c501108e18c", "value": "Duqu - S0038" }, @@ -607,6 +824,15 @@ "HAPPYWORK" ] }, + "related": [ + { + "dest-uuid": "656cd201-d57a-4a2f-a201-531eb4922a72", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "211cfe9f-2676-4e1c-a5f5-2c8091da2a68", "value": "HAPPYWORK - S0214" }, @@ -653,6 +879,15 @@ "T9000" ] }, + "related": [ + { + "dest-uuid": "66575fb4-7f92-42d8-8c47-e68a26413081", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "876f6a77-fbc5-4e13-ab1a-5611986730a3", "value": "T9000 - S0098" }, @@ -668,6 +903,22 @@ "EvilGrab" ] }, + "related": [ + { + "dest-uuid": "c9b4ec27-0a43-4671-a967-bcac5df0e056", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "c542f369-f06d-4168-8c84-fdf5fc7f2a8d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "2f1a9fd0-3b7c-4d77-a358-78db13adbe78", "value": "EvilGrab - S0152" }, @@ -683,6 +934,15 @@ "BS2005" ] }, + "related": [ + { + "dest-uuid": "25cd01bc-1346-4415-8f8d-d3656309ef6b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "67fc172a-36fa-4a35-88eb-4ba730ed52a6", "value": "BS2005 - S0014" }, @@ -698,6 +958,15 @@ "WEBC2" ] }, + "related": [ + { + "dest-uuid": "b5be84b7-bf2c-40d0-85a9-14c040881a98", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "1d808f62-cf63-4063-9727-ff6132514c22", "value": "WEBC2 - S0109" }, @@ -719,6 +988,22 @@ "Korplug" ] }, + "related": [ + { + "dest-uuid": "663f8ef9-4c50-499a-b765-f377d23c1070", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f4b159ea-97e5-483b-854b-c48a78d562aa", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd", "value": "PlugX - S0013" }, @@ -765,6 +1050,15 @@ "Komplex" ] }, + "related": [ + { + "dest-uuid": "75c79f95-4c84-4650-9158-510f0ce4831d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "f108215f-3487-489d-be8b-80e346d32518", "value": "Komplex - S0162" }, @@ -780,6 +1074,15 @@ "Taidoor" ] }, + "related": [ + { + "dest-uuid": "cda7d605-23d0-4f93-a585-1276f094c04a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "b143dfa4-e944-43ff-8429-bfffc308c517", "value": "Taidoor - S0011" }, @@ -795,6 +1098,22 @@ "MoonWind" ] }, + "related": [ + { + "dest-uuid": "f266754c-d0aa-4918-95a3-73b28eaa66e3", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "76ec1827-68a1-488f-9899-2b788ea8db64", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "9ea525fa-b0a9-4dde-84f2-bcea0137b3c1", "value": "MoonWind - S0149" }, @@ -811,6 +1130,22 @@ "MSIL/Crimson" ] }, + "related": [ + { + "dest-uuid": "8d8efbc6-d1b7-4ec8-bab3-591edba337d0", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "858edfb8-793a-430b-8acc-4310e7d2f0d3", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "326af1cd-78e7-45b7-a326-125d2f7ef8f2", "value": "Crimson - S0115" }, @@ -875,6 +1210,15 @@ "HttpDump" ] }, + "related": [ + { + "dest-uuid": "08e2c9ef-aa62-429f-a6e5-e901ff6883cd", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "e066bf86-9cfb-407a-9d25-26fd5d91e360", "value": "HTTPBrowser - S0070" }, @@ -909,6 +1253,22 @@ "Poison Ivy" ] }, + "related": [ + { + "dest-uuid": "4e104fef-8a2c-4679-b497-6e86d7d47db0", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "2abe89de-46dd-4dae-ae22-b49a593aff54", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "b42378e0-f147-496f-992a-26a49705395b", "value": "PoisonIvy - S0012" }, @@ -924,6 +1284,15 @@ "SHUTTERSPEED" ] }, + "related": [ + { + "dest-uuid": "d909efe3-abc3-4be0-9640-e4727542fa2b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "4189a679-72ed-4a89-a57c-7f689712ecf8", "value": "SHUTTERSPEED - S0217" }, @@ -1017,6 +1386,15 @@ "sKyWIper" ] }, + "related": [ + { + "dest-uuid": "d7963066-62ed-4494-9b8c-4b8b691a7c82", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "ff6840c9-4c87-4d07-bbb6-9f50aa33d498", "value": "Flame - S0143" }, @@ -1032,6 +1410,15 @@ "RIPTIDE" ] }, + "related": [ + { + "dest-uuid": "91583583-95c0-444e-8175-483cbebc640b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "ad4f146f-e3ec-444a-ba71-24bffd7f0f8e", "value": "RIPTIDE - S0003" }, @@ -1166,6 +1553,15 @@ "XAPS" ] }, + "related": [ + { + "dest-uuid": "6d180bd7-3c77-4faf-b98b-dc2ab5f49101", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "7343e208-7cab-45f2-a47b-41ba5e2f0fab", "value": "XTunnel - S0117" }, @@ -1182,6 +1578,15 @@ "Naid" ] }, + "related": [ + { + "dest-uuid": "170db76b-93f7-4fd1-97fc-55937c079b66", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "48523614-309e-43bf-a2b8-705c2b45d7b2", "value": "Naid - S0205" }, @@ -1197,6 +1602,15 @@ "GeminiDuke" ] }, + "related": [ + { + "dest-uuid": "6a28a648-30c0-4d1d-bd67-81a8dc6486ba", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "199463de-d9be-46d6-bb41-07234c1dd5a6", "value": "GeminiDuke - S0049" }, @@ -1212,6 +1626,15 @@ "CORALDECK" ] }, + "related": [ + { + "dest-uuid": "becf81e5-f989-4093-a67d-d55a0483885f", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e", "value": "CORALDECK - S0212" }, @@ -1229,6 +1652,22 @@ "VIPER" ] }, + "related": [ + { + "dest-uuid": "3eca2d5f-41bf-4ad4-847f-df18befcdc44", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f6c137f0-979c-4ce2-a0e5-2a080a5a1746", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "96b08451-b27a-4ff6-893f-790e26393a8e", "value": "Sakula - S0074" }, @@ -1259,6 +1698,15 @@ "Prikormka" ] }, + "related": [ + { + "dest-uuid": "67ade442-63f2-4319-bdcd-d2564b963ed6", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "37cc7eb6-12e3-467b-82e8-f20f2cc73c69", "value": "Prikormka - S0113" }, @@ -1289,6 +1737,15 @@ "SLOWDRIFT" ] }, + "related": [ + { + "dest-uuid": "e5a9a2ec-348e-4a2f-98dd-16c3e8845576", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "414dc555-c79e-4b24-a2da-9b607f7eaf16", "value": "SLOWDRIFT - S0218" }, @@ -1307,6 +1764,15 @@ "Win32/USBStealer" ] }, + "related": [ + { + "dest-uuid": "44909efb-7cd3-42e3-b225-9f3e96b5f362", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "af2ad3b7-ab6a-4807-91fd-51bcaff9acbb", "value": "USBStealer - S0136" }, @@ -1322,6 +1788,15 @@ "CALENDAR" ] }, + "related": [ + { + "dest-uuid": "e2c18713-0a95-4092-a0e9-76358512daad", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "5a84dc36-df0d-4053-9b7c-f0c388a57283", "value": "CALENDAR - S0025" }, @@ -1336,6 +1811,15 @@ "Umbreon" ] }, + "related": [ + { + "dest-uuid": "2a18f5dd-40fc-444b-a7c6-85f94b3eee13", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "3d8e547d-9456-4f32-a895-dc86134e282f", "value": "Umbreon - S0221" }, @@ -1383,6 +1867,15 @@ "Regin" ] }, + "related": [ + { + "dest-uuid": "0cf21558-1217-4d36-9536-2919cfd44825", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "4c59cce8-cb48-4141-b9f1-f646edfaadb0", "value": "Regin - S0019" }, @@ -1460,6 +1953,15 @@ "RARSTONE" ] }, + "related": [ + { + "dest-uuid": "5d2dd6ad-6bb2-45d3-b295-e125d3399c8d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "8c553311-0baa-4146-997a-f79acef3d831", "value": "RARSTONE - S0055" }, @@ -1509,6 +2011,15 @@ "Pirpi" ] }, + "related": [ + { + "dest-uuid": "4859330d-c6a5-4b9c-b45b-536ec983cd4a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "58adaaa8-f1e8-4606-9a08-422e568461eb", "value": "SHOTPUT - S0063" }, @@ -1576,6 +2087,29 @@ "webhp" ] }, + "related": [ + { + "dest-uuid": "56660521-6db4-4e5a-a927-464f22954b7c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "0a32ceea-fa66-47ab-8bde-150dbd6d2e40", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "3e2c99f9-66cd-48be-86e9-d7c1c164d87c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "ccd61dfc-b03f-4689-8c18-7c97eab08472", "value": "CHOPSTICK - S0023" }, @@ -1639,6 +2173,15 @@ "Page" ] }, + "related": [ + { + "dest-uuid": "d70fd29d-590e-4ed5-b72f-6ce0142019c6", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "7551188b-8f91-4d34-8350-0d0c57b2b913", "value": "Elise - S0081" }, @@ -1654,6 +2197,15 @@ "KOMPROGO" ] }, + "related": [ + { + "dest-uuid": "321e2bd3-2d98-41d6-8402-3949f514c548", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "7dbb67c7-270a-40ad-836e-c45f8948aa5a", "value": "KOMPROGO - S0156" }, @@ -1669,6 +2221,15 @@ "BISCUIT" ] }, + "related": [ + { + "dest-uuid": "f1e05a12-ca50-41ab-a963-d7df5bcb141d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "b8eb28e4-48a6-40ae-951a-328714f75eda", "value": "BISCUIT - S0017" }, @@ -1684,6 +2245,15 @@ "Uroburos" ] }, + "related": [ + { + "dest-uuid": "22332d52-c0c2-443c-9ffb-f08c0d23722c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "80a014ba-3fef-4768-990b-37d8bd10d7f4", "value": "Uroburos - S0022" }, @@ -1701,6 +2271,22 @@ "DNSMessenger" ] }, + "related": [ + { + "dest-uuid": "ee8ccb36-2596-43a3-a044-b8721dbeb2ab", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "4f6aa78c-c3d4-4883-9840-96ca2f5d6d47", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "17e919aa-4a49-445c-b103-dbb8df9e7351", "value": "POWERSOURCE - S0145" }, @@ -1716,6 +2302,15 @@ "hcdLoader" ] }, + "related": [ + { + "dest-uuid": "12bb8f4f-af29-49a0-8c2c-d28468f28fd8", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "9e2bba94-950b-4fcf-8070-cb3f816c5f4e", "value": "hcdLoader - S0071" }, @@ -1796,6 +2391,15 @@ "Disttrack" ] }, + "related": [ + { + "dest-uuid": "776b1849-8d5b-4762-8ba1-cbbaddb4ce3a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "8901ac23-6b50-410c-b0dd-d8174a86f9b3", "value": "Shamoon - S0140" }, @@ -1811,6 +2415,15 @@ "FALLCHILL" ] }, + "related": [ + { + "dest-uuid": "e0bea149-2def-484f-b658-f782a4f94815", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "fece06b7-d4b1-42cf-b81a-5323c917546e", "value": "FALLCHILL - S0181" }, @@ -1842,6 +2455,15 @@ "Volgmer" ] }, + "related": [ + { + "dest-uuid": "0a52e73b-d7e9-45ae-9bda-46568f753931", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "495b6cdb-7b5a-4fbc-8d33-e7ef68806d08", "value": "Volgmer - S0180" }, @@ -1872,6 +2494,15 @@ "4H RAT" ] }, + "related": [ + { + "dest-uuid": "d8aad68d-a68f-42e1-b755-d5f383b73401", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "8e461ca3-0996-4e6e-a0df-e2a5bbc51ebc", "value": "4H RAT - S0065" }, @@ -1965,6 +2596,15 @@ "gh0st" ] }, + "related": [ + { + "dest-uuid": "1b1ae63f-bcee-4aba-8994-6c60cee5e16f", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "88c621a7-aef9-4ae0-94e3-1fc87123eb24", "value": "gh0st - S0032" }, @@ -1980,6 +2620,15 @@ "DOGCALL" ] }, + "related": [ + { + "dest-uuid": "a5e851b4-e046-43b6-bc6e-c6c008e3c5aa", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "0852567d-7958-4f4b-8947-4f840ec8d57d", "value": "DOGCALL - S0213" }, @@ -2011,6 +2660,50 @@ "SOURFACE" ] }, + "related": [ + { + "dest-uuid": "1de47f51-1f20-403b-a2e1-5eaabe275faa", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "3948ce95-468e-4ce1-82b1-57439c6d6afd", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "8ae43c46-57ef-47d5-a77a-eebb35628db2", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "60c18d06-7b91-4742-bae3-647845cd9d81", "value": "CORESHELL - S0137" }, @@ -2026,6 +2719,15 @@ "SOUNDBITE" ] }, + "related": [ + { + "dest-uuid": "f5ac89a7-e129-43b7-bd68-e3cb1e5a3ba2", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "9ca488bd-9587-48ef-b923-1743523e63b2", "value": "SOUNDBITE - S0157" }, @@ -2058,6 +2760,15 @@ "POORAIM" ] }, + "related": [ + { + "dest-uuid": "fe97ace3-9a80-42af-9eae-1f9245927e5d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "53d47b09-09c2-4015-8d37-6633ecd53f79", "value": "POORAIM - S0216" }, @@ -2136,6 +2847,22 @@ "HALFBAKED" ] }, + "related": [ + { + "dest-uuid": "2815a353-cd56-4ed0-8581-812b94f7a326", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "71ac10de-1103-40a7-b65b-f97dab9769bf", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "0ced8926-914e-4c78-bc93-356fb90dbd1f", "value": "HALFBAKED - S0151" }, @@ -2156,6 +2883,15 @@ "Sedreco" ] }, + "related": [ + { + "dest-uuid": "6374fc53-9a0d-41ba-b9cf-2a9765d69fbb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "fb575479-14ef-41e9-bfab-0b7cf10bec73", "value": "ADVSTORESHELL - S0045" }, @@ -2171,6 +2907,22 @@ "SNUGRIDE" ] }, + "related": [ + { + "dest-uuid": "6a42aa10-5b7e-43b0-8c58-414cdaeda453", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "12b524b9-0d94-400f-904f-615f4f764aaf", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "3240cbe4-c550-443b-aa76-cc2a7058b870", "value": "SNUGRIDE - S0159" }, @@ -2215,6 +2967,15 @@ "NetTraveler" ] }, + "related": [ + { + "dest-uuid": "59b70721-6fed-4805-afa5-4ff2554bef81", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "cafd0bf8-2b9c-46c7-ae3c-3e0f42c5062e", "value": "NetTraveler - S0033" }, @@ -2245,6 +3006,15 @@ "Dyre" ] }, + "related": [ + { + "dest-uuid": "15e969e6-f031-4441-a49b-f401332e4b00", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "63c2a130-8a5b-452f-ad96-07cf0af12ffe", "value": "Dyre - S0024" }, @@ -2297,6 +3067,15 @@ "ComRAT" ] }, + "related": [ + { + "dest-uuid": "9223bf17-7e32-4833-9574-9ffd8c929765", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "da5880b4-f7da-4869-85f2-e0aba84b8565", "value": "ComRAT - S0126" }, @@ -2312,6 +3091,15 @@ "POSHSPY" ] }, + "related": [ + { + "dest-uuid": "6e45f758-7bd9-44b8-a21c-7309614ae176", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "5e595477-2e78-4ce7-ae42-e0b059b17808", "value": "POSHSPY - S0150" }, @@ -2376,6 +3164,15 @@ "Winnti" ] }, + "related": [ + { + "dest-uuid": "9b3a4cff-1c5a-4fd6-b49c-27240b6d622c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "d3afa961-a80c-4043-9509-282cdf69ab21", "value": "Winnti - S0141" }, @@ -2452,6 +3249,15 @@ "Hikit" ] }, + "related": [ + { + "dest-uuid": "06953055-92ed-4936-8ffd-d9d72ab6bef6", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "95047f03-4811-4300-922e-1ba937d53a61", "value": "Hikit - S0009" }, @@ -2574,6 +3380,15 @@ "Trojan.GTALK" ] }, + "related": [ + { + "dest-uuid": "a379f09b-5cec-4bdb-9735-125cef2de073", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "f2e8c7a1-cae1-45c4-baf0-6f21bdcbb2c2", "value": "GLOOXMAIL - S0026" }, @@ -2638,6 +3453,15 @@ "NeD Worm" ] }, + "related": [ + { + "dest-uuid": "eedcf785-d011-4e17-96c4-6ff39138ada0", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "687c23e4-4e25-4ee7-a870-c5e002511f54", "value": "DustySky - S0062" }, @@ -2730,6 +3554,15 @@ "KARAE" ] }, + "related": [ + { + "dest-uuid": "70ca8408-bc45-4d39-acd2-9190ba15ea97", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322", "value": "KARAE - S0215" }, @@ -2869,6 +3702,15 @@ "PHOTO" ] }, + "related": [ + { + "dest-uuid": "eff68b97-f36e-4827-ab1a-90523c16774c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "94379dec-5c87-49db-b36e-66abc0b81344", "value": "Derusbi - S0021" }, @@ -2908,6 +3750,15 @@ "TadjMakhal" ] }, + "related": [ + { + "dest-uuid": "36c0faf0-428e-4e7f-93c5-824bb0495ac9", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "6b62e336-176f-417b-856a-8552dd8c44e1", "value": "Epic - S0091" }, @@ -2940,6 +3791,15 @@ "3PARA RAT" ] }, + "related": [ + { + "dest-uuid": "59fb0222-0e7d-4f5f-92ac-e68012fb927d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "7bec698a-7e20-4fd3-bb6a-12787770fb1a", "value": "3PARA RAT - S0066" }, @@ -2963,6 +3823,50 @@ "SofacyCarberp" ] }, + "related": [ + { + "dest-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "1de47f51-1f20-403b-a2e1-5eaabe275faa", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "3948ce95-468e-4ce1-82b1-57439c6d6afd", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "60c18d06-7b91-4742-bae3-647845cd9d81", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "8ae43c46-57ef-47d5-a77a-eebb35628db2", "value": "JHUHUGIT - S0044" }, @@ -2982,5 +3886,5 @@ "value": "ELMER - S0064" } ], - "version": 4 + "version": 5 } diff --git a/clusters/mitre-enterprise-attack-tool.json b/clusters/mitre-enterprise-attack-tool.json index 285c251..e25ef14 100644 --- a/clusters/mitre-enterprise-attack-tool.json +++ b/clusters/mitre-enterprise-attack-tool.json @@ -21,6 +21,15 @@ "Winexe" ] }, + "related": [ + { + "dest-uuid": "811bdec0-e236-48ae-b27c-1a8fe0bfc3a9", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "96fd6cc4-a693-4118-83ec-619e5352d07d", "value": "Winexe - S0191" }, @@ -176,6 +185,15 @@ "Mimikatz" ] }, + "related": [ + { + "dest-uuid": "7f3a035d-d83a-45b8-8111-412aa8ade802", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "value": "Mimikatz - S0002" }, @@ -518,6 +536,15 @@ "PsExec" ] }, + "related": [ + { + "dest-uuid": "6dd05630-9bd8-11e8-a8b9-47ce338a4367", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "value": "PsExec - S0029" }, @@ -534,6 +561,15 @@ "certutil.exe" ] }, + "related": [ + { + "dest-uuid": "3e205e84-9f90-4b4b-8896-c82189936a15", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "0a68f1f1-da74-4d28-8d9a-696c082706cc", "value": "certutil - S0160" }, @@ -662,6 +698,15 @@ "Pupy" ] }, + "related": [ + { + "dest-uuid": "bdb420be-5882-41c8-b439-02bbef69d83f", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "cb69b20d-56d0-41ab-8440-4a4b251614d4", "value": "Pupy - S0192" }, @@ -692,6 +737,22 @@ "Cobalt Strike" ] }, + "related": [ + { + "dest-uuid": "ca44dd5e-fd9e-48b5-99cb-0b2629b9265f", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "3da22160-12d9-4d27-a99f-338e8de3844a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "aafea02e-ece5-4bb2-91a6-3bf8c7f38a39", "value": "Cobalt Strike - S0154" }, @@ -711,5 +772,5 @@ "value": "Invoke-PSImage - S0231" } ], - "version": 4 + "version": 5 } diff --git a/clusters/mitre-intrusion-set.json b/clusters/mitre-intrusion-set.json index fc64bf1..88298f5 100644 --- a/clusters/mitre-intrusion-set.json +++ b/clusters/mitre-intrusion-set.json @@ -20,6 +20,15 @@ ], "uuid": "7ecc3b4f-5cdb-457e-b55a-df376b359446" }, + "related": [ + { + "dest-uuid": "5fc09923-fcff-4e81-9cae-4518ef31cf4d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Poseidon Group" }, { @@ -49,6 +58,15 @@ ], "uuid": "fe98767f-9df8-42b9-83c9-004b1dec8647" }, + "related": [ + { + "dest-uuid": "4d37813c-b8e9-4e58-a758-03168d8aa189", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "PittyTiger" }, { @@ -63,6 +81,15 @@ ], "uuid": "16ade1aa-0ea1-4bb7-88cc-9079df2ae756" }, + "related": [ + { + "dest-uuid": "ac4bce1f-b3ec-4c44-bd36-b6cc986b319b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "admin@338" }, { @@ -116,6 +143,22 @@ ], "uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c" }, + "related": [ + { + "dest-uuid": "213cdde9-c11a-4ea9-8ce0-c868e9826fec", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "5b4ee3ea-eee3-4c8e-8323-85ae32658754", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "APT28" }, { @@ -133,6 +176,22 @@ ], "uuid": "c5947e1c-1cbc-434c-94b8-27c7e3be0fff" }, + "related": [ + { + "dest-uuid": "24110866-cb22-4c85-a7d2-0413e126694b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "090242d7-73fc-4738-af68-20162f7a5aae", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Winnti Group" }, { @@ -155,6 +214,22 @@ ], "uuid": "a653431d-6a5e-4600-8ad3-609b5af57064" }, + "related": [ + { + "dest-uuid": "066d25c1-71bd-4bd4-8ca7-edbba00063f4", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "0286e80e-b0ed-464f-ad62-beec8536d0cb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Deep Panda" }, { @@ -171,6 +246,15 @@ ], "uuid": "df71bb3b-813c-45eb-a8bc-f2a419837411" }, + "related": [ + { + "dest-uuid": "f7c2e501-73b1-400f-a5d9-2e2e07b7dfde", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Molerats" }, { @@ -187,6 +271,15 @@ ], "uuid": "277d2f87-2ae5-4730-a3aa-50c1fdff9656" }, + "related": [ + { + "dest-uuid": "f3179cfb-9c86-4980-bd6b-e4fa74adaaa7", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Strider" }, { @@ -203,6 +296,29 @@ ], "uuid": "381fcf73-60f6-4ab2-9991-6af3cbc35192" }, + "related": [ + { + "dest-uuid": "f512de42-f76b-40d2-9923-59e7dbdfec35", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "b47250ec-2094-4d06-b658-11456e05fe89", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "feac86e4-6bb2-4ba0-ac99-806aeb0a776c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Sandworm Team" }, { @@ -217,6 +333,15 @@ ], "uuid": "2a7914cf-dff3-428d-ab0f-1014d1c28aeb" }, + "related": [ + { + "dest-uuid": "647894f6-1723-4cba-aba4-0ef0966d5302", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "FIN6" }, { @@ -231,6 +356,15 @@ ], "uuid": "ae41895a-243f-4a65-b99b-d85022326c31" }, + "related": [ + { + "dest-uuid": "9e71024e-817f-45b0-92a0-d886c30bc929", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Dust Storm" }, { @@ -248,6 +382,71 @@ ], "uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063" }, + "related": [ + { + "dest-uuid": "11e17436-6ede-4733-8547-4ce0254ea19e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "86724806-7ec9-4a48-a0a7-ecbde3bf4810", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "42be2a84-5a5c-4c6d-9864-3f09d75bb0ba", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "d56c99fa-4710-472c-81a6-41b7a84ea4be", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "a0082cfa-32e2-42b8-92d8-5c7a7409dcf1", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "ba724df5-9aa0-45ca-8e0e-7101c208ae48", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f98bac6b-12fd-4cad-be84-c84666932232", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f873db71-3d53-41d5-b141-530675ade27a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Cleaver" }, { @@ -266,6 +465,15 @@ ], "uuid": "c47f937f-1022-4f42-8525-e7a4779a14cb" }, + "related": [ + { + "dest-uuid": "48146604-6693-4db1-bd94-159744726514", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "APT12" }, { @@ -280,6 +488,15 @@ ], "uuid": "2e5d3a83-fe00-41a5-9b60-237efc84832f" }, + "related": [ + { + "dest-uuid": "a9b44750-992c-4743-8922-129880d277ea", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Moafee" }, { @@ -298,6 +515,29 @@ ], "uuid": "fb366179-766c-4a4a-afa1-52bff1fd601c" }, + "related": [ + { + "dest-uuid": "834e0acd-d92a-4e38-bb14-dc4159d7cb32", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f1b9f7d6-6ab1-404b-91a6-a1ed1845c045", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "4af45fea-72d3-11e8-846c-d37699506c8d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Threat Group-3390" }, { @@ -314,6 +554,15 @@ ], "uuid": "f3bdec95-3d62-42d9-a840-29630f6cdc1a" }, + "related": [ + { + "dest-uuid": "a9b44750-992c-4743-8922-129880d277ea", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "DragonOK" }, { @@ -331,6 +580,15 @@ ], "uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662" }, + "related": [ + { + "dest-uuid": "1cb7e1cc-d695-42b1-92f4-fd0112a3c9be", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "APT1" }, { @@ -359,6 +617,15 @@ ], "uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8" }, + "related": [ + { + "dest-uuid": "b3714d59-b61e-4713-903a-9b4f04ae7f3d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Night Dragon" }, { @@ -375,6 +642,29 @@ ], "uuid": "2a158b0a-7ef8-43cb-9985-bf34d1e12050" }, + "related": [ + { + "dest-uuid": "2f1fd017-9df6-4759-91fb-e7039609b5ff", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "5e0a7cf2-6107-4d5f-9dd0-9df38b1fcba8", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f26144c5-8593-4e78-831a-11f6452d809b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Naikon" }, { @@ -406,6 +696,22 @@ ], "uuid": "17862c7d-9e60-48a0-b48e-da4dc4c3f6b0" }, + "related": [ + { + "dest-uuid": "9559ecaf-2e75-48a7-aee8-9974020bc772", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "18d473a5-831b-47a5-97a1-a32156299825", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Patchwork" }, { @@ -421,6 +727,29 @@ ], "uuid": "f047ee18-7985-4946-8bfb-4ed754d3a0dd" }, + "related": [ + { + "dest-uuid": "2f1fd017-9df6-4759-91fb-e7039609b5ff", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "5e0a7cf2-6107-4d5f-9dd0-9df38b1fcba8", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f26144c5-8593-4e78-831a-11f6452d809b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "APT30" }, { @@ -437,6 +766,22 @@ ], "uuid": "9559ecaf-2e75-48a7-aee8-9974020bc772" }, + "related": [ + { + "dest-uuid": "17862c7d-9e60-48a0-b48e-da4dc4c3f6b0", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "18d473a5-831b-47a5-97a1-a32156299825", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "MONSOON" }, { @@ -452,6 +797,36 @@ ], "uuid": "090242d7-73fc-4738-af68-20162f7a5aae" }, + "related": [ + { + "dest-uuid": "c5947e1c-1cbc-434c-94b8-27c7e3be0fff", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "24110866-cb22-4c85-a7d2-0413e126694b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "99e30d89-9361-4b73-a999-9e5ff9320bcb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "a0cb9370-e39b-44d5-9f50-ef78e412b973", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "APT17" }, { @@ -467,6 +842,15 @@ ], "uuid": "3753cc21-2dae-4dfb-8481-d004e74502cc" }, + "related": [ + { + "dest-uuid": "00220228-a5a4-4032-a30d-826bb55aa3fb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "FIN7" }, { @@ -490,6 +874,15 @@ ], "uuid": "0bbdf25b-30ff-4894-a1cd-49260d0dd2d9" }, + "related": [ + { + "dest-uuid": "d144c83e-2302-4947-9e24-856fbf7949ae", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "APT3" }, { @@ -504,6 +897,15 @@ ], "uuid": "0ea72cd5-ca30-46ba-bc04-378f701c658f" }, + "related": [ + { + "dest-uuid": "d93889de-b4bc-4a29-9ce7-d67717c140a0", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "GCMAN" }, { @@ -521,6 +923,22 @@ ], "uuid": "c93fccb1-e8e8-42cf-ae33-2ad1d183913a" }, + "related": [ + { + "dest-uuid": "68391641-859f-4a9a-9a1e-3e5cf71ec376", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "027a1428-6e79-4a4b-82b9-e698e8525c2b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Lazarus Group" }, { @@ -537,6 +955,15 @@ ], "uuid": "88b7dbc2-32d3-4e31-af2f-3fc24e1582d7" }, + "related": [ + { + "dest-uuid": "32fafa69-fe3c-49db-afd4-aac2664bcf0d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Lotus Blossom" }, { @@ -582,6 +1009,29 @@ ], "uuid": "b96e02f1-4037-463f-b158-5a964352f8d9" }, + "related": [ + { + "dest-uuid": "4ca1929c-7d64-4aab-b849-badbfc0c760d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "42be2a84-5a5c-4c6d-9864-3f09d75bb0ba", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "a0082cfa-32e2-42b8-92d8-5c7a7409dcf1", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "OilRig" }, { @@ -597,6 +1047,15 @@ ], "uuid": "1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1" }, + "related": [ + { + "dest-uuid": "64d6559c-6d5c-4585-bbf9-c17868f763ee", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Dragonfly" }, { @@ -611,6 +1070,15 @@ ], "uuid": "5cbe0d3b-6fb1-471f-b591-4b192915116d" }, + "related": [ + { + "dest-uuid": "5abb12e7-5066-4f84-a109-49a037205c76", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Suckfly" }, { @@ -625,6 +1093,15 @@ ], "uuid": "894aab42-3371-47b1-8859-a4a074c804c8" }, + "related": [ + { + "dest-uuid": "dab75e38-6969-4e78-9304-dc269c3cbcf0", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Stealth Falcon" }, { @@ -639,6 +1116,15 @@ ], "uuid": "c5574ca0-d5a4-490a-b207-e4658e5fd1d7" }, + "related": [ + { + "dest-uuid": "0da10682-85c6-4c0b-bace-ba1f7adfb63e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Scarlet Mimic" }, { @@ -669,6 +1155,22 @@ ], "uuid": "7a19ecb1-3c65-4de3-a230-993516aed6a6" }, + "related": [ + { + "dest-uuid": "fa80877c-f509-4daf-8b62-20aba1635f68", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "c097471c-2405-4393-b6d7-afbcb5f0cd11", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Turla" }, { @@ -686,6 +1188,15 @@ ], "uuid": "899ce53f-13a0-479b-a0e4-67d46e241542" }, + "related": [ + { + "dest-uuid": "b2056ff0-00b9-482e-b11c-c771daa5f28a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "APT29" }, { @@ -700,6 +1211,15 @@ ], "uuid": "6c74fda2-bb04-40bd-a166-8c2d4b952d33" }, + "related": [ + { + "dest-uuid": "fbe9387f-34e6-4828-ac28-3080020c597b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "FIN10" }, { @@ -722,6 +1242,15 @@ ], "uuid": "222fbd21-fc4f-4b7e-9f85-0e6e3a76c33f" }, + "related": [ + { + "dest-uuid": "56b37b05-72e7-4a89-ba8a-61ce45269a8c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "menuPass" }, { @@ -738,6 +1267,15 @@ ], "uuid": "5ce5392a-3a6c-4e07-9df3-9b6a9159ac45" }, + "related": [ + { + "dest-uuid": "0ca45163-e223-4167-b1af-f088ed14a93d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Putter Panda" }, { @@ -756,6 +1294,22 @@ ], "uuid": "a0cb9370-e39b-44d5-9f50-ef78e412b973" }, + "related": [ + { + "dest-uuid": "24110866-cb22-4c85-a7d2-0413e126694b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "090242d7-73fc-4738-af68-20162f7a5aae", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Axiom" }, { @@ -771,6 +1325,15 @@ ], "uuid": "55033a4d-3ffe-46b2-99b4-2c1541e9ce1c" }, + "related": [ + { + "dest-uuid": "00220228-a5a4-4032-a30d-826bb55aa3fb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Carbanak" }, { @@ -788,6 +1351,29 @@ ], "uuid": "38fd6a28-3353-4f2b-bb2b-459fecd5c648" }, + "related": [ + { + "dest-uuid": "9a683d9c-8f7d-43df-bba2-ad0ca71e277c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "2fb07fa4-0d7f-43c7-8ff4-b28404313fe7", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "8e28dbee-4e9e-4491-9a6c-ee9c9ec4b28b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "APT18" }, { @@ -803,6 +1389,22 @@ ], "uuid": "7e5a571f-dee2-4cae-a960-f8ab8a8fb1cf" }, + "related": [ + { + "dest-uuid": "247cb30b-955f-42eb-97a5-a89fef69341e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "aa29ae56-e54b-47a2-ad16-d3ab0242d5d7", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "APT32" }, { @@ -817,8 +1419,17 @@ ], "uuid": "2e290bfe-93b5-48ce-97d6-edcd6d32b7cf" }, + "related": [ + { + "dest-uuid": "1a77e156-76bc-43f5-bdd7-bd67f30fbbbb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Gamaredon Group" } ], - "version": 6 + "version": 7 } diff --git a/clusters/mitre-malware.json b/clusters/mitre-malware.json index e2b9c4b..082cc8d 100644 --- a/clusters/mitre-malware.json +++ b/clusters/mitre-malware.json @@ -22,6 +22,15 @@ ], "uuid": "2dd34b01-6110-4aac-835d-b5e7b936b0be" }, + "related": [ + { + "dest-uuid": "6d1e2736-d363-49aa-9054-9c9e4ac0c520", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "OLDBAIT" }, { @@ -33,6 +42,15 @@ ], "uuid": "f5ac89a7-e129-43b7-bd68-e3cb1e5a3ba2" }, + "related": [ + { + "dest-uuid": "9ca488bd-9587-48ef-b923-1743523e63b2", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "SOUNDBITE" }, { @@ -83,6 +101,15 @@ ], "uuid": "5967cc93-57c9-404a-8ffd-097edfa7bdfc" }, + "related": [ + { + "dest-uuid": "d22a3e65-75e5-4970-b424-bdc06ec33dba", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Hi-Zor" }, { @@ -98,6 +125,22 @@ ], "uuid": "4f6aa78c-c3d4-4883-9840-96ca2f5d6d47" }, + "related": [ + { + "dest-uuid": "ee8ccb36-2596-43a3-a044-b8721dbeb2ab", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "17e919aa-4a49-445c-b103-dbb8df9e7351", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "TEXTMATE" }, { @@ -128,6 +171,15 @@ ], "uuid": "54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4" }, + "related": [ + { + "dest-uuid": "5a22cad7-65fa-4b7a-a7aa-7915a6101efa", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "BlackEnergy" }, { @@ -150,6 +202,15 @@ ], "uuid": "f9c6da03-8cb1-4383-9d52-a614c42082bf" }, + "related": [ + { + "dest-uuid": "f6ae7a52-f3b6-4525-9daf-640c083f006e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "PHOREAL" }, { @@ -165,6 +226,15 @@ ], "uuid": "083bb47b-02c8-4423-81a2-f9ef58572974" }, + "related": [ + { + "dest-uuid": "d7183f66-59ec-4803-be20-237b442259fc", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Backdoor.Oldrea" }, { @@ -183,6 +253,15 @@ ], "uuid": "dc5d1a33-62aa-4a0c-aa8c-589b87beb11e" }, + "related": [ + { + "dest-uuid": "d71604d2-a17e-4b4e-82be-19cb54f93161", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "ChChes" }, { @@ -205,6 +284,22 @@ ], "uuid": "71ac10de-1103-40a7-b65b-f97dab9769bf" }, + "related": [ + { + "dest-uuid": "0ced8926-914e-4c78-bc93-356fb90dbd1f", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "2815a353-cd56-4ed0-8581-812b94f7a326", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "HALFBAKED" }, { @@ -231,6 +326,15 @@ ], "uuid": "08d20cd2-f084-45ee-8558-fa6ef5a18519" }, + "related": [ + { + "dest-uuid": "837a295c-15ff-41c0-9b7e-5f2fb502b00a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Downdelph" }, { @@ -242,6 +346,15 @@ ], "uuid": "91000a8a-58cc-4aba-9ad0-993ad6302b86" }, + "related": [ + { + "dest-uuid": "9991ace8-1a62-498c-a9ef-19d474deb505", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "StreamEx" }, { @@ -280,6 +393,15 @@ ], "uuid": "75c79f95-4c84-4650-9158-510f0ce4831d" }, + "related": [ + { + "dest-uuid": "f108215f-3487-489d-be8b-80e346d32518", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Komplex" }, { @@ -291,6 +413,15 @@ ], "uuid": "c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9" }, + "related": [ + { + "dest-uuid": "e2cc27a2-4146-4f08-8e80-114a99204cea", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "TinyZBot" }, { @@ -306,6 +437,15 @@ ], "uuid": "fb261c56-b80e-43a9-8351-c84081e7213d" }, + "related": [ + { + "dest-uuid": "cd6c5f27-cf7e-4529-ae9c-ab5b85102bde", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "BACKSPACE" }, { @@ -378,6 +518,15 @@ ], "uuid": "68dca94f-c11d-421e-9287-7c501108e18c" }, + "related": [ + { + "dest-uuid": "809b54c3-dd6a-4ec9-8c3a-a27b9baa6732", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Duqu" }, { @@ -400,6 +549,15 @@ ], "uuid": "a89ed72c-202d-486b-9349-6ffc0a61e30a" }, + "related": [ + { + "dest-uuid": "98e8a977-3416-43aa-87fa-33e287e9c14c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "WINDSHIELD" }, { @@ -423,6 +581,15 @@ ], "uuid": "876f6a77-fbc5-4e13-ab1a-5611986730a3" }, + "related": [ + { + "dest-uuid": "66575fb4-7f92-42d8-8c47-e68a26413081", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "T9000" }, { @@ -434,6 +601,15 @@ ], "uuid": "67fc172a-36fa-4a35-88eb-4ba730ed52a6" }, + "related": [ + { + "dest-uuid": "25cd01bc-1346-4415-8f8d-d3656309ef6b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "BS2005" }, { @@ -445,6 +621,15 @@ ], "uuid": "1d808f62-cf63-4063-9727-ff6132514c22" }, + "related": [ + { + "dest-uuid": "b5be84b7-bf2c-40d0-85a9-14c040881a98", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "WEBC2" }, { @@ -464,6 +649,22 @@ ], "uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd" }, + "related": [ + { + "dest-uuid": "663f8ef9-4c50-499a-b765-f377d23c1070", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f4b159ea-97e5-483b-854b-c48a78d562aa", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "PlugX" }, { @@ -475,6 +676,15 @@ ], "uuid": "6e45f758-7bd9-44b8-a21c-7309614ae176" }, + "related": [ + { + "dest-uuid": "5e595477-2e78-4ce7-ae42-e0b059b17808", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "POSHSPY" }, { @@ -497,6 +707,15 @@ ], "uuid": "b143dfa4-e944-43ff-8429-bfffc308c517" }, + "related": [ + { + "dest-uuid": "cda7d605-23d0-4f93-a585-1276f094c04a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Taidoor" }, { @@ -508,6 +727,22 @@ ], "uuid": "9ea525fa-b0a9-4dde-84f2-bcea0137b3c1" }, + "related": [ + { + "dest-uuid": "f266754c-d0aa-4918-95a3-73b28eaa66e3", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "76ec1827-68a1-488f-9899-2b788ea8db64", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "MoonWind" }, { @@ -523,6 +758,22 @@ ], "uuid": "326af1cd-78e7-45b7-a326-125d2f7ef8f2" }, + "related": [ + { + "dest-uuid": "8d8efbc6-d1b7-4ec8-bab3-591edba337d0", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "858edfb8-793a-430b-8acc-4310e7d2f0d3", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Crimson" }, { @@ -574,6 +825,15 @@ ], "uuid": "e066bf86-9cfb-407a-9d25-26fd5d91e360" }, + "related": [ + { + "dest-uuid": "08e2c9ef-aa62-429f-a6e5-e901ff6883cd", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "HTTPBrowser" }, { @@ -606,6 +866,22 @@ ], "uuid": "b42378e0-f147-496f-992a-26a49705395b" }, + "related": [ + { + "dest-uuid": "4e104fef-8a2c-4679-b497-6e86d7d47db0", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "2abe89de-46dd-4dae-ae22-b49a593aff54", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "PoisonIvy" }, { @@ -659,6 +935,15 @@ ], "uuid": "ff6840c9-4c87-4d07-bbb6-9f50aa33d498" }, + "related": [ + { + "dest-uuid": "d7963066-62ed-4494-9b8c-4b8b691a7c82", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Flame" }, { @@ -670,6 +955,15 @@ ], "uuid": "ad4f146f-e3ec-444a-ba71-24bffd7f0f8e" }, + "related": [ + { + "dest-uuid": "91583583-95c0-444e-8175-483cbebc640b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "RIPTIDE" }, { @@ -728,6 +1022,15 @@ ], "uuid": "7343e208-7cab-45f2-a47b-41ba5e2f0fab" }, + "related": [ + { + "dest-uuid": "6d180bd7-3c77-4faf-b98b-dc2ab5f49101", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "XTunnel" }, { @@ -739,6 +1042,15 @@ ], "uuid": "199463de-d9be-46d6-bb41-07234c1dd5a6" }, + "related": [ + { + "dest-uuid": "6a28a648-30c0-4d1d-bd67-81a8dc6486ba", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "GeminiDuke" }, { @@ -755,6 +1067,22 @@ ], "uuid": "96b08451-b27a-4ff6-893f-790e26393a8e" }, + "related": [ + { + "dest-uuid": "3eca2d5f-41bf-4ad4-847f-df18befcdc44", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f6c137f0-979c-4ce2-a0e5-2a080a5a1746", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Sakula" }, { @@ -777,6 +1105,15 @@ ], "uuid": "37cc7eb6-12e3-467b-82e8-f20f2cc73c69" }, + "related": [ + { + "dest-uuid": "67ade442-63f2-4319-bdcd-d2564b963ed6", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Prikormka" }, { @@ -805,6 +1142,15 @@ ], "uuid": "af2ad3b7-ab6a-4807-91fd-51bcaff9acbb" }, + "related": [ + { + "dest-uuid": "44909efb-7cd3-42e3-b225-9f3e96b5f362", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "USBStealer" }, { @@ -816,6 +1162,15 @@ ], "uuid": "5a84dc36-df0d-4053-9b7c-f0c388a57283" }, + "related": [ + { + "dest-uuid": "e2c18713-0a95-4092-a0e9-76358512daad", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "CALENDAR" }, { @@ -827,6 +1182,15 @@ ], "uuid": "5930509b-7793-4db9-bdfc-4edda7709d0d" }, + "related": [ + { + "dest-uuid": "59a97b15-8189-4d51-9404-e1ce8ea4a069", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "XAgentOSX" }, { @@ -838,6 +1202,15 @@ ], "uuid": "4c59cce8-cb48-4141-b9f1-f646edfaadb0" }, + "related": [ + { + "dest-uuid": "0cf21558-1217-4d36-9536-2919cfd44825", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Regin" }, { @@ -871,6 +1244,15 @@ ], "uuid": "8c553311-0baa-4146-997a-f79acef3d831" }, + "related": [ + { + "dest-uuid": "5d2dd6ad-6bb2-45d3-b295-e125d3399c8d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "RARSTONE" }, { @@ -887,6 +1269,15 @@ ], "uuid": "58adaaa8-f1e8-4606-9a08-422e568461eb" }, + "related": [ + { + "dest-uuid": "4859330d-c6a5-4b9c-b45b-536ec983cd4a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "SHOTPUT" }, { @@ -929,6 +1320,29 @@ ], "uuid": "ccd61dfc-b03f-4689-8c18-7c97eab08472" }, + "related": [ + { + "dest-uuid": "56660521-6db4-4e5a-a927-464f22954b7c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "0a32ceea-fa66-47ab-8bde-150dbd6d2e40", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "3e2c99f9-66cd-48be-86e9-d7c1c164d87c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "CHOPSTICK" }, { @@ -967,6 +1381,15 @@ ], "uuid": "7551188b-8f91-4d34-8350-0d0c57b2b913" }, + "related": [ + { + "dest-uuid": "d70fd29d-590e-4ed5-b72f-6ce0142019c6", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Elise" }, { @@ -978,6 +1401,15 @@ ], "uuid": "b8eb28e4-48a6-40ae-951a-328714f75eda" }, + "related": [ + { + "dest-uuid": "f1e05a12-ca50-41ab-a963-d7df5bcb141d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "BISCUIT" }, { @@ -989,6 +1421,15 @@ ], "uuid": "80a014ba-3fef-4768-990b-37d8bd10d7f4" }, + "related": [ + { + "dest-uuid": "22332d52-c0c2-443c-9ffb-f08c0d23722c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Uroburos" }, { @@ -1005,6 +1446,22 @@ ], "uuid": "17e919aa-4a49-445c-b103-dbb8df9e7351" }, + "related": [ + { + "dest-uuid": "ee8ccb36-2596-43a3-a044-b8721dbeb2ab", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "4f6aa78c-c3d4-4883-9840-96ca2f5d6d47", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "POWERSOURCE" }, { @@ -1016,6 +1473,15 @@ ], "uuid": "9e2bba94-950b-4fcf-8070-cb3f816c5f4e" }, + "related": [ + { + "dest-uuid": "12bb8f4f-af29-49a0-8c2c-d28468f28fd8", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "hcdLoader" }, { @@ -1058,6 +1524,15 @@ ], "uuid": "8901ac23-6b50-410c-b0dd-d8174a86f9b3" }, + "related": [ + { + "dest-uuid": "776b1849-8d5b-4762-8ba1-cbbaddb4ce3a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Shamoon" }, { @@ -1069,6 +1544,15 @@ ], "uuid": "8e461ca3-0996-4e6e-a0df-e2a5bbc51ebc" }, + "related": [ + { + "dest-uuid": "d8aad68d-a68f-42e1-b755-d5f383b73401", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "4H RAT" }, { @@ -1125,6 +1609,15 @@ ], "uuid": "88c621a7-aef9-4ae0-94e3-1fc87123eb24" }, + "related": [ + { + "dest-uuid": "1b1ae63f-bcee-4aba-8994-6c60cee5e16f", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "gh0st" }, { @@ -1141,6 +1634,50 @@ ], "uuid": "60c18d06-7b91-4742-bae3-647845cd9d81" }, + "related": [ + { + "dest-uuid": "1de47f51-1f20-403b-a2e1-5eaabe275faa", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "3948ce95-468e-4ce1-82b1-57439c6d6afd", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "8ae43c46-57ef-47d5-a77a-eebb35628db2", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "CORESHELL" }, { @@ -1206,6 +1743,22 @@ ], "uuid": "4af4e96f-c92d-4a45-9958-a88ad8deb38d" }, + "related": [ + { + "dest-uuid": "234e7770-99b0-4f65-b983-d3230f76a60b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "c3c20c4b-e12a-42e5-960a-eea4644014f4", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Janicab" }, { @@ -1225,6 +1778,15 @@ ], "uuid": "fb575479-14ef-41e9-bfab-0b7cf10bec73" }, + "related": [ + { + "dest-uuid": "6374fc53-9a0d-41ba-b9cf-2a9765d69fbb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "ADVSTORESHELL" }, { @@ -1247,6 +1809,15 @@ ], "uuid": "cafd0bf8-2b9c-46c7-ae3c-3e0f42c5062e" }, + "related": [ + { + "dest-uuid": "59b70721-6fed-4805-afa5-4ff2554bef81", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "NetTraveler" }, { @@ -1258,6 +1829,15 @@ ], "uuid": "63c2a130-8a5b-452f-ad96-07cf0af12ffe" }, + "related": [ + { + "dest-uuid": "15e969e6-f031-4441-a49b-f401332e4b00", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Dyre" }, { @@ -1286,6 +1866,15 @@ ], "uuid": "da5880b4-f7da-4869-85f2-e0aba84b8565" }, + "related": [ + { + "dest-uuid": "9223bf17-7e32-4833-9574-9ffd8c929765", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "ComRAT" }, { @@ -1299,6 +1888,15 @@ ], "uuid": "d3afa961-a80c-4043-9509-282cdf69ab21" }, + "related": [ + { + "dest-uuid": "9b3a4cff-1c5a-4fd6-b49c-27240b6d622c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Winnti" }, { @@ -1315,6 +1913,29 @@ ], "uuid": "3df08e23-1d0b-41ed-b735-c4eca46ce48e" }, + "related": [ + { + "dest-uuid": "ad6a1b4a-6d79-40d4-adb7-1d7ca697347e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "17b40f60-729f-4fe8-8aea-cc9ee44a95d5", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "90124cc8-1205-4e63-83ad-5c45a110b1e6", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "RedLeaves" }, { @@ -1371,6 +1992,15 @@ ], "uuid": "95047f03-4811-4300-922e-1ba937d53a61" }, + "related": [ + { + "dest-uuid": "06953055-92ed-4936-8ffd-d9d72ab6bef6", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Hikit" }, { @@ -1382,6 +2012,22 @@ ], "uuid": "c542f369-f06d-4168-8c84-fdf5fc7f2a8d" }, + "related": [ + { + "dest-uuid": "2f1a9fd0-3b7c-4d77-a358-78db13adbe78", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "c9b4ec27-0a43-4671-a967-bcac5df0e056", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "EvilGrab" }, { @@ -1424,6 +2070,15 @@ ], "uuid": "f2e8c7a1-cae1-45c4-baf0-6f21bdcbb2c2" }, + "related": [ + { + "dest-uuid": "a379f09b-5cec-4bdb-9735-125cef2de073", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "GLOOXMAIL" }, { @@ -1462,6 +2117,15 @@ ], "uuid": "321e2bd3-2d98-41d6-8402-3949f514c548" }, + "related": [ + { + "dest-uuid": "7dbb67c7-270a-40ad-836e-c45f8948aa5a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "KOMPROGO" }, { @@ -1477,6 +2141,15 @@ ], "uuid": "687c23e4-4e25-4ee7-a870-c5e002511f54" }, + "related": [ + { + "dest-uuid": "eedcf785-d011-4e17-96c4-6ff39138ada0", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "DustySky" }, { @@ -1573,6 +2246,22 @@ ], "uuid": "12b524b9-0d94-400f-904f-615f4f764aaf" }, + "related": [ + { + "dest-uuid": "3240cbe4-c550-443b-aa76-cc2a7058b870", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "6a42aa10-5b7e-43b0-8c58-414cdaeda453", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "SNUGRIDE" }, { @@ -1619,6 +2308,15 @@ ], "uuid": "94379dec-5c87-49db-b36e-66abc0b81344" }, + "related": [ + { + "dest-uuid": "eff68b97-f36e-4827-ab1a-90523c16774c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Derusbi" }, { @@ -1637,6 +2335,15 @@ ], "uuid": "6b62e336-176f-417b-856a-8552dd8c44e1" }, + "related": [ + { + "dest-uuid": "36c0faf0-428e-4e7f-93c5-824bb0495ac9", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Epic" }, { @@ -1664,6 +2371,15 @@ ], "uuid": "7bec698a-7e20-4fd3-bb6a-12787770fb1a" }, + "related": [ + { + "dest-uuid": "59fb0222-0e7d-4f5f-92ac-e68012fb927d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "3PARA RAT" }, { @@ -1685,6 +2401,50 @@ ], "uuid": "8ae43c46-57ef-47d5-a77a-eebb35628db2" }, + "related": [ + { + "dest-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "1de47f51-1f20-403b-a2e1-5eaabe275faa", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "3948ce95-468e-4ce1-82b1-57439c6d6afd", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "60c18d06-7b91-4742-bae3-647845cd9d81", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "JHUHUGIT" }, { @@ -1699,5 +2459,5 @@ "value": "ELMER" } ], - "version": 4 + "version": 5 } diff --git a/clusters/mitre-mobile-attack-intrusion-set.json b/clusters/mitre-mobile-attack-intrusion-set.json index 3bb5862..c62a195 100644 --- a/clusters/mitre-mobile-attack-intrusion-set.json +++ b/clusters/mitre-mobile-attack-intrusion-set.json @@ -30,9 +30,53 @@ "TG-4127" ] }, + "related": [ + { + "dest-uuid": "8ae43c46-57ef-47d5-a77a-eebb35628db2", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "1de47f51-1f20-403b-a2e1-5eaabe275faa", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "3948ce95-468e-4ce1-82b1-57439c6d6afd", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "60c18d06-7b91-4742-bae3-647845cd9d81", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", "value": "APT28 - G0007" } ], - "version": 3 + "version": 4 } diff --git a/clusters/mitre-mobile-attack-malware.json b/clusters/mitre-mobile-attack-malware.json index e4ae4bc..02e6941 100644 --- a/clusters/mitre-mobile-attack-malware.json +++ b/clusters/mitre-mobile-attack-malware.json @@ -98,6 +98,15 @@ "Kemoge" ] }, + "related": [ + { + "dest-uuid": "0c769e82-df28-4f65-97f5-7f3d88488f2e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "c80a6bef-b3ce-44d0-b113-946e93124898", "value": "Shedun - MOB-S0010" }, @@ -145,6 +154,15 @@ "Pegasus" ] }, + "related": [ + { + "dest-uuid": "9d7c772b-43f1-49cf-bc70-7a7cd2ed34c8", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "33d9d91d-aad9-49d5-a516-220ce101ac8a", "value": "Pegasus - MOB-S0005" }, @@ -175,6 +193,15 @@ "HummingBad" ] }, + "related": [ + { + "dest-uuid": "f5cacc72-f02a-42d1-a020-7a59650086bb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "c8770c81-c29f-40d2-a140-38544206b2b4", "value": "HummingBad - MOB-S0038" }, @@ -205,6 +232,15 @@ "Dendroid" ] }, + "related": [ + { + "dest-uuid": "ea3a8c25-4adb-4538-bf11-55259bdba15f", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "317a2c10-d489-431e-b6b2-f0251fddc88e", "value": "Dendroid - MOB-S0017" }, @@ -356,6 +392,29 @@ "X-Agent" ] }, + "related": [ + { + "dest-uuid": "ccd61dfc-b03f-4689-8c18-7c97eab08472", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "0a32ceea-fa66-47ab-8bde-150dbd6d2e40", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "3e2c99f9-66cd-48be-86e9-d7c1c164d87c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "56660521-6db4-4e5a-a927-464f22954b7c", "value": "X-Agent - MOB-S0030" }, @@ -522,6 +581,15 @@ "Chrysaor" ] }, + "related": [ + { + "dest-uuid": "9d7c772b-43f1-49cf-bc70-7a7cd2ed34c8", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "93799a9d-3537-43d8-b6f4-17215de1657c", "value": "Pegasus for Android - MOB-S0032" }, @@ -542,5 +610,5 @@ "value": "XcodeGhost - MOB-S0013" } ], - "version": 3 + "version": 4 } diff --git a/clusters/mitre-mobile-attack-tool.json b/clusters/mitre-mobile-attack-tool.json index 1eb659b..36c7a0c 100644 --- a/clusters/mitre-mobile-attack-tool.json +++ b/clusters/mitre-mobile-attack-tool.json @@ -20,9 +20,18 @@ "Xbot" ] }, + "related": [ + { + "dest-uuid": "e683cd91-40b4-4e1c-be25-34a27610a22e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "da21929e-40c0-443d-bdf4-6b60d15448b4", "value": "Xbot - MOB-S0014" } ], - "version": 3 + "version": 4 } diff --git a/clusters/mitre-pre-attack-intrusion-set.json b/clusters/mitre-pre-attack-intrusion-set.json index 379e7fb..ae7fd50 100644 --- a/clusters/mitre-pre-attack-intrusion-set.json +++ b/clusters/mitre-pre-attack-intrusion-set.json @@ -45,6 +45,22 @@ "TG-4127" ] }, + "related": [ + { + "dest-uuid": "213cdde9-c11a-4ea9-8ce0-c868e9826fec", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "5b4ee3ea-eee3-4c8e-8323-85ae32658754", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", "value": "APT28 - G0007" }, @@ -63,6 +79,71 @@ "Threat Group 2889" ] }, + "related": [ + { + "dest-uuid": "11e17436-6ede-4733-8547-4ce0254ea19e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "86724806-7ec9-4a48-a0a7-ecbde3bf4810", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "42be2a84-5a5c-4c6d-9864-3f09d75bb0ba", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "d56c99fa-4710-472c-81a6-41b7a84ea4be", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "a0082cfa-32e2-42b8-92d8-5c7a7409dcf1", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "ba724df5-9aa0-45ca-8e0e-7101c208ae48", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f98bac6b-12fd-4cad-be84-c84666932232", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f873db71-3d53-41d5-b141-530675ade27a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063", "value": "Cleaver - G0003" }, @@ -82,6 +163,15 @@ "DNSCALC" ] }, + "related": [ + { + "dest-uuid": "48146604-6693-4db1-bd94-159744726514", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "c47f937f-1022-4f42-8525-e7a4779a14cb", "value": "APT12 - G0005" }, @@ -100,6 +190,15 @@ "Comment Panda" ] }, + "related": [ + { + "dest-uuid": "1cb7e1cc-d695-42b1-92f4-fd0112a3c9be", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662", "value": "APT1 - G0006" }, @@ -117,6 +216,15 @@ "Musical Chairs" ] }, + "related": [ + { + "dest-uuid": "b3714d59-b61e-4713-903a-9b4f04ae7f3d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8", "value": "Night Dragon - G0014" }, @@ -133,9 +241,39 @@ "Deputy Dog" ] }, + "related": [ + { + "dest-uuid": "c5947e1c-1cbc-434c-94b8-27c7e3be0fff", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "24110866-cb22-4c85-a7d2-0413e126694b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "99e30d89-9361-4b73-a999-9e5ff9320bcb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "a0cb9370-e39b-44d5-9f50-ef78e412b973", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "090242d7-73fc-4738-af68-20162f7a5aae", "value": "APT17 - G0025" } ], - "version": 3 + "version": 4 } diff --git a/clusters/mitre-tool.json b/clusters/mitre-tool.json index b89eab1..c02d55a 100644 --- a/clusters/mitre-tool.json +++ b/clusters/mitre-tool.json @@ -111,6 +111,15 @@ ], "uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60" }, + "related": [ + { + "dest-uuid": "7f3a035d-d83a-45b8-8111-412aa8ade802", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Mimikatz" }, { @@ -271,6 +280,15 @@ ], "uuid": "3e205e84-9f90-4b4b-8896-c82189936a15" }, + "related": [ + { + "dest-uuid": "0a68f1f1-da74-4d28-8d9a-696c082706cc", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "certutil" }, { @@ -366,6 +384,15 @@ ], "uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db" }, + "related": [ + { + "dest-uuid": "6dd05630-9bd8-11e8-a8b9-47ce338a4367", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "PsExec" }, { @@ -410,6 +437,22 @@ ], "uuid": "3da22160-12d9-4d27-a99f-338e8de3844a" }, + "related": [ + { + "dest-uuid": "ca44dd5e-fd9e-48b5-99cb-0b2629b9265f", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "aafea02e-ece5-4bb2-91a6-3bf8c7f38a39", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "value": "Cobalt Strike" }, { @@ -429,5 +472,5 @@ "value": "Reg" } ], - "version": 4 + "version": 5 } diff --git a/clusters/ransomware.json b/clusters/ransomware.json index ef4416e..14334ca 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -1771,6 +1771,15 @@ "Purge Ransomware" ] }, + "related": [ + { + "dest-uuid": "5541471c-8d15-4aec-9996-e24b59c3e3d6", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "fe16edbe-3050-4276-bac3-c7ff5fd4174a", "value": "Globe3 Ransomware" }, @@ -2251,6 +2260,15 @@ "https://id-ransomware.blogspot.co.il/2016/12/roga-ransomware.html" ] }, + "related": [ + { + "dest-uuid": "175ebcc0-d74f-49b2-9226-c660ca1fe2e8", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "cd1eb48e-070b-418e-8d83-4644a388f8ae", "value": "Roga" }, @@ -4152,6 +4170,15 @@ "Trojan.Encoder.6491" ] }, + "related": [ + { + "dest-uuid": "f855609e-b7ab-41e8-aafa-62016f8f4e1a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "a57a8bc3-8c33-43e8-b237-25edcd5f532a", "value": "Windows_Security Ransonware" }, @@ -4282,6 +4309,15 @@ "Purge Ransomware" ] }, + "related": [ + { + "dest-uuid": "fe16edbe-3050-4276-bac3-c7ff5fd4174a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "5541471c-8d15-4aec-9996-e24b59c3e3d6", "value": "Globe2 Ransomware" }, @@ -4602,6 +4638,15 @@ "Fabiansomeware" ] }, + "related": [ + { + "dest-uuid": "d5d3f9de-21b5-482e-b716-5f2f13182990", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "e38b8876-5780-4574-9adf-304e9d659bdb", "value": "Apocalypse" }, @@ -4700,6 +4745,15 @@ "Rakhni" ] }, + "related": [ + { + "dest-uuid": "c85a41a8-a0a1-4963-894f-84bb980e6e86", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "af50d07e-3fc5-4014-9ac5-f5466cf042bc", "value": "Bandarchor" }, @@ -4796,6 +4850,15 @@ "Salami" ] }, + "related": [ + { + "dest-uuid": "b95aa3fb-9f32-450e-8058-67d94f196913", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "eee75995-321f-477f-8b57-eee4eedf4ba3", "value": "Booyah" }, @@ -4903,6 +4966,15 @@ "http://www.bleepingcomputer.com/forums/t/625820/central-security-treatment-organization-ransomware-help-topic-cry-extension/" ] }, + "related": [ + { + "dest-uuid": "629f6986-2c1f-4d0a-b805-e4ef3e2ce634", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "8ff729d9-aee5-4b85-a59d-3f57e105be40", "value": "Central Security Treatment Organization" }, @@ -5071,6 +5143,15 @@ "Central Security Treatment Organization" ] }, + "related": [ + { + "dest-uuid": "8ff729d9-aee5-4b85-a59d-3f57e105be40", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "629f6986-2c1f-4d0a-b805-e4ef3e2ce634", "value": "CryLocker" }, @@ -5173,6 +5254,15 @@ "http://news.softpedia.com/news/new-cryptobit-ransomware-could-be-decryptable-503239.shtml" ] }, + "related": [ + { + "dest-uuid": "681f212a-af1b-4e40-a718-81b0dc46dc52", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "1903ed75-05f7-4019-b0b7-7a8f23f22194", "value": "CryptoBit" }, @@ -5216,6 +5306,15 @@ "READ IF YOU WANT YOUR FILES BACK.html" ] }, + "related": [ + { + "dest-uuid": "b817ce63-f1c3-49de-bd8b-fd56c3f956c9", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "26c8b446-305c-4057-83bc-85b09630281e", "value": "CryptoFortress" }, @@ -5522,6 +5621,15 @@ "CryptProjectXXX" ] }, + "related": [ + { + "dest-uuid": "e272d0b5-cdfc-422a-bb78-9214475daec5", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "255aac37-e4d2-4eeb-b8de-143f9c2321bd", "value": "CryptXXX" }, @@ -5543,6 +5651,15 @@ "CryptProjectXXX" ] }, + "related": [ + { + "dest-uuid": "255aac37-e4d2-4eeb-b8de-143f9c2321bd", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "e272d0b5-cdfc-422a-bb78-9214475daec5", "value": "CryptXXX 2.0" }, @@ -5959,6 +6076,15 @@ "Trojan.Encoder.6491" ] }, + "related": [ + { + "dest-uuid": "a57a8bc3-8c33-43e8-b237-25edcd5f532a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "f855609e-b7ab-41e8-aafa-62016f8f4e1a", "value": "Encoder.xxxx" }, @@ -6170,6 +6296,15 @@ "Roga" ] }, + "related": [ + { + "dest-uuid": "cd1eb48e-070b-418e-8d83-4644a388f8ae", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "175ebcc0-d74f-49b2-9226-c660ca1fe2e8", "value": "Free-Freedom" }, @@ -6264,6 +6399,15 @@ "http://www.bleepingcomputer.com/forums/t/611342/gnl-locker-support-and-help-topic-locked-and-unlock-files-instructionshtml/" ] }, + "related": [ + { + "dest-uuid": "78ef77ac-a570-4fb9-af80-d04c09dff9ab", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "390abe30-8b9e-439e-a6d3-2ee978f05fba", "value": "GNL Locker" }, @@ -7128,6 +7272,15 @@ "Booyah" ] }, + "related": [ + { + "dest-uuid": "eee75995-321f-477f-8b57-eee4eedf4ba3", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "b95aa3fb-9f32-450e-8058-67d94f196913", "value": "MM Locker" }, @@ -7152,6 +7305,15 @@ "CryptoBit" ] }, + "related": [ + { + "dest-uuid": "1903ed75-05f7-4019-b0b7-7a8f23f22194", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "681f212a-af1b-4e40-a718-81b0dc46dc52", "value": "Mobef" }, @@ -7361,6 +7523,15 @@ "Cryakl" ] }, + "related": [ + { + "dest-uuid": "4f3e494e-0e37-4894-94b2-741a8100f07a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "3c51fc0e-42d8-4ff0-b1bd-5c8c20271a39", "value": "Offline ransomware" }, @@ -7456,6 +7627,15 @@ "https://www.bleepingcomputer.com/news/security/new-macos-patcher-ransomware-locks-data-for-good-no-way-to-recover-your-files/" ] }, + "related": [ + { + "dest-uuid": "091c9923-5939-4bde-9db5-56abfb51f1a2", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "e211ea8d-5042-48ae-86c6-15186d1f8dba", "value": "Patcher" }, @@ -7741,6 +7921,15 @@ "Bandarchor" ] }, + "related": [ + { + "dest-uuid": "af50d07e-3fc5-4014-9ac5-f5466cf042bc", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "c85a41a8-a0a1-4963-894f-84bb980e6e86", "value": "Rakhni" }, @@ -8140,6 +8329,15 @@ "Atom" ] }, + "related": [ + { + "dest-uuid": "ff471870-7c9a-4122-ba89-489fc819660b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "503c9910-902f-4bae-8c33-ea29db8bdd7f", "value": "Shark" }, @@ -8515,6 +8713,15 @@ "Teerac" ] }, + "related": [ + { + "dest-uuid": "26c8b446-305c-4057-83bc-85b09630281e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "b817ce63-f1c3-49de-bd8b-fd56c3f956c9", "value": "TorrentLocker" }, @@ -8734,6 +8941,15 @@ "Zlader" ] }, + "related": [ + { + "dest-uuid": "2195387d-ad9c-47e6-8f14-a49388b26eab", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "63a82b7f-9a71-47a8-9a79-14acc6595da5", "value": "VaultCrypt" }, @@ -8930,6 +9146,15 @@ "CrypVault" ] }, + "related": [ + { + "dest-uuid": "63a82b7f-9a71-47a8-9a79-14acc6595da5", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "2195387d-ad9c-47e6-8f14-a49388b26eab", "value": "Zlader" }, @@ -8959,6 +9184,15 @@ "GNL Locker" ] }, + "related": [ + { + "dest-uuid": "390abe30-8b9e-439e-a6d3-2ee978f05fba", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "78ef77ac-a570-4fb9-af80-d04c09dff9ab", "value": "Zyklon" }, @@ -9283,6 +9517,15 @@ "Patcher" ] }, + "related": [ + { + "dest-uuid": "e211ea8d-5042-48ae-86c6-15186d1f8dba", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "091c9923-5939-4bde-9db5-56abfb51f1a2", "value": "FileCoder" }, @@ -9348,6 +9591,15 @@ "http://www.zdnet.com/article/cryakl-ransomware-decryption-keys-now-available-for-free/" ] }, + "related": [ + { + "dest-uuid": "3c51fc0e-42d8-4ff0-b1bd-5c8c20271a39", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "4f3e494e-0e37-4894-94b2-741a8100f07a", "value": "Cryakl" }, @@ -9445,6 +9697,15 @@ "https://www.bleepingcomputer.com/news/security/black-ruby-ransomware-skips-victims-in-iran-and-adds-a-miner-for-good-measure/" ] }, + "related": [ + { + "dest-uuid": "b4433e66-9bc4-11e8-8f4e-7363f5526636", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "abf3001c-396c-11e8-8da6-ef501eef12e1", "value": "Black Ruby" }, @@ -10063,6 +10324,15 @@ "https://www.accenture.com/t20180803T064557Z__w__/us-en/_acnmedia/PDF-83/Accenture-Cyber-Threatscape-Report-2018.pdf" ] }, + "related": [ + { + "dest-uuid": "abf3001c-396c-11e8-8da6-ef501eef12e1", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "b4433e66-9bc4-11e8-8f4e-7363f5526636", "value": "Black Ruby" }, @@ -10077,5 +10347,5 @@ "value": "Unnamed Android Ransomware" } ], - "version": 27 + "version": 28 } diff --git a/clusters/rat.json b/clusters/rat.json index f4630a4..588d917 100644 --- a/clusters/rat.json +++ b/clusters/rat.json @@ -71,6 +71,22 @@ "Gen:Trojan.Heur.PT" ] }, + "related": [ + { + "dest-uuid": "b42378e0-f147-496f-992a-26a49705395b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "2abe89de-46dd-4dae-ae22-b49a593aff54", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "4e104fef-8a2c-4679-b497-6e86d7d47db0", "value": "PoisonIvy" }, @@ -120,6 +136,15 @@ "https://krebsonsecurity.com/2014/05/blackshades-trojan-users-had-it-coming/" ] }, + "related": [ + { + "dest-uuid": "8c3202d5-1671-46ec-9d42-cb50dbe2f667", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "3a1fc564-3705-4cc0-8f80-13c58d470d34", "value": "Blackshades" }, @@ -135,6 +160,15 @@ "Dark Comet" ] }, + "related": [ + { + "dest-uuid": "9ad11139-e928-45cf-a0b4-937290642e92", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "8a21ae06-d257-48a0-989b-1c9aebedabc2", "value": "DarkComet" }, @@ -223,6 +257,29 @@ "JBifrost" ] }, + "related": [ + { + "dest-uuid": "ab4694d6-7043-41f2-b328-d93bec9c1b22", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "ce1a9641-5bb8-4a61-990a-870e9ef36ac1", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "dadccdda-a4c2-4021-90b9-61a394e602be", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "b76d9845-815c-4e77-9538-6b737269da2f", "value": "Adwind RAT" }, @@ -392,6 +449,15 @@ "Njw0rm" ] }, + "related": [ + { + "dest-uuid": "c01ef312-dfd6-403f-a8b5-67fc11a550a7", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "7fb493bb-756b-42a2-8f6d-59e254f4f2cc", "value": "NJRat" }, @@ -570,6 +636,15 @@ "https://github.com/nyx0/Dendroid" ] }, + "related": [ + { + "dest-uuid": "317a2c10-d489-431e-b6b2-f0251fddc88e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "ea3a8c25-4adb-4538-bf11-55259bdba15f", "value": "Dendroid" }, @@ -871,6 +946,15 @@ "https://leakforums.net/thread-36962" ] }, + "related": [ + { + "dest-uuid": "e38b8876-5780-4574-9adf-304e9d659bdb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "d5d3f9de-21b5-482e-b716-5f2f13182990", "value": "Apocalypse" }, @@ -944,6 +1028,15 @@ "Njw0rm" ] }, + "related": [ + { + "dest-uuid": "7fb493bb-756b-42a2-8f6d-59e254f4f2cc", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "c01ef312-dfd6-403f-a8b5-67fc11a550a7", "value": "Kiler RAT" }, @@ -1009,6 +1102,15 @@ "https://github.com/n1nj4sec/pupy" ] }, + "related": [ + { + "dest-uuid": "cb69b20d-56d0-41ab-8440-4a4b251614d4", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "bdb420be-5882-41c8-b439-02bbef69d83f", "value": "Pupy" }, @@ -1074,6 +1176,15 @@ "Shark" ] }, + "related": [ + { + "dest-uuid": "503c9910-902f-4bae-8c33-ea29db8bdd7f", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "ff471870-7c9a-4122-ba89-489fc819660b", "value": "SharK" }, @@ -1369,6 +1480,15 @@ "https://www.symantec.com/security_response/writeup.jsp?docid=2002-021310-3452-99" ] }, + "related": [ + { + "dest-uuid": "2be434d3-03df-4236-9e7e-130c2efa8b33", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "281563d8-14f8-43a8-a0cb-2f0198f7146c", "value": "NetDevil" }, @@ -1379,6 +1499,15 @@ "https://www.digitrustgroup.com/nanocore-not-your-average-rat/" ] }, + "related": [ + { + "dest-uuid": "a8111fb7-d4c4-4671-a6f9-f62fea8bad60", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "6c3c111a-93af-428a-bee0-feacbee0237d", "value": "NanoCore" }, @@ -1428,6 +1557,15 @@ "NetDevil" ] }, + "related": [ + { + "dest-uuid": "281563d8-14f8-43a8-a0cb-2f0198f7146c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "2be434d3-03df-4236-9e7e-130c2efa8b33", "value": "Net Devil" }, @@ -1537,6 +1675,15 @@ "https://attack.mitre.org/wiki/Software/S0126" ] }, + "related": [ + { + "dest-uuid": "da5880b4-f7da-4869-85f2-e0aba84b8565", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "9223bf17-7e32-4833-9574-9ffd8c929765", "value": "ComRAT" }, @@ -1548,6 +1695,15 @@ "https://attack.mitre.org/wiki/Software/S0065" ] }, + "related": [ + { + "dest-uuid": "8e461ca3-0996-4e6e-a0df-e2a5bbc51ebc", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "d8aad68d-a68f-42e1-b755-d5f383b73401", "value": "4H RAT" }, @@ -1605,6 +1761,22 @@ "Korplug" ] }, + "related": [ + { + "dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f4b159ea-97e5-483b-854b-c48a78d562aa", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "663f8ef9-4c50-499a-b765-f377d23c1070", "value": "PlugX" }, @@ -1728,6 +1900,15 @@ "https://github.com/hussein-aitlahcen/BlackHole" ] }, + "related": [ + { + "dest-uuid": "e6201dc3-01a7-40c5-ba72-02fa470ada53", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "2ea1f494-cf18-49fb-a043-36555131dd7c", "value": "BlackHole" }, @@ -1759,6 +1940,15 @@ "https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199_useda.html" ] }, + "related": [ + { + "dest-uuid": "dd4358a4-7a43-42f7-8322-0f941ee61e57", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "6ac125c8-6f00-490f-a43b-30b36d715431", "value": "FINSPY" }, @@ -1829,6 +2019,22 @@ "https://www.cobaltstrike.com/" ] }, + "related": [ + { + "dest-uuid": "3da22160-12d9-4d27-a99f-338e8de3844a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "aafea02e-ece5-4bb2-91a6-3bf8c7f38a39", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "ca44dd5e-fd9e-48b5-99cb-0b2629b9265f", "value": "Cobalt Strike" }, @@ -1844,6 +2050,22 @@ "VIPER" ] }, + "related": [ + { + "dest-uuid": "96b08451-b27a-4ff6-893f-790e26393a8e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f6c137f0-979c-4ce2-a0e5-2a080a5a1746", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "3eca2d5f-41bf-4ad4-847f-df18befcdc44", "value": "Sakula" }, @@ -1855,6 +2077,15 @@ "https://attack.mitre.org/wiki/Software/S0071" ] }, + "related": [ + { + "dest-uuid": "9e2bba94-950b-4fcf-8070-cb3f816c5f4e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "12bb8f4f-af29-49a0-8c2c-d28468f28fd8", "value": "hcdLoader" }, @@ -1865,6 +2096,22 @@ "http://www.connect-trojan.net/2015/01/crimson-rat-3.0.0.html" ] }, + "related": [ + { + "dest-uuid": "326af1cd-78e7-45b7-a326-125d2f7ef8f2", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "858edfb8-793a-430b-8acc-4310e7d2f0d3", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "8d8efbc6-d1b7-4ec8-bab3-591edba337d0", "value": "Crimson" }, @@ -1875,6 +2122,15 @@ "http://hack-defender.blogspot.fr/2015/12/kjw0rm-v05x.html" ] }, + "related": [ + { + "dest-uuid": "b3f7a454-3b23-4149-99aa-0132323814d0", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "a7bffc6a-5b47-410b-b039-def16050adcb", "value": "KjW0rm" }, @@ -1925,6 +2181,15 @@ "https://books.google.fr/books?isbn=2212290136" ] }, + "related": [ + { + "dest-uuid": "7bec698a-7e20-4fd3-bb6a-12787770fb1a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "59fb0222-0e7d-4f5f-92ac-e68012fb927d", "value": "3PARA RAT" }, @@ -1948,6 +2213,15 @@ "KONNI" ] }, + "related": [ + { + "dest-uuid": "24ee55e3-697f-482f-8fa8-d05999df40cd", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "5b930a23-7d88-481f-8791-abc7b3dd93d2", "value": "Konni" }, @@ -2013,6 +2287,15 @@ "https://www.fidelissecurity.com/threatgeek/2016/01/introducing-hi-zor-rat" ] }, + "related": [ + { + "dest-uuid": "5967cc93-57c9-404a-8ffd-097edfa7bdfc", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "d22a3e65-75e5-4970-b424-bdc06ec33dba", "value": "Hi-Zor" }, @@ -2080,6 +2363,15 @@ "http://securityaffairs.co/wordpress/43889/cyber-crime/new-rat-trochilus.html" ] }, + "related": [ + { + "dest-uuid": "5e15e4ca-0e04-4af1-ab2a-779dbcad545d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "8204723f-aefc-4c90-9178-8fe53e8d6f33", "value": "Trochilus" }, @@ -2091,6 +2383,15 @@ "https://www.alienvault.com/blogs/security-essentials/matryoshka-malware-from-copykittens-group" ] }, + "related": [ + { + "dest-uuid": "cb6c49ab-b9ac-459f-b765-05cbe2e63b0d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "33b86249-5455-4698-a5e5-0c9591e673b9", "value": "Matryoshka" }, @@ -2165,6 +2466,15 @@ "qrat" ] }, + "related": [ + { + "dest-uuid": "c3a784ee-cef7-4604-a5ba-ec7b193a5152", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "179288c9-4ff1-4a7e-b728-35dd2e6aac43", "value": "Qarallax" }, @@ -2177,6 +2487,22 @@ "https://attack.mitre.org/wiki/Software/S0149" ] }, + "related": [ + { + "dest-uuid": "9ea525fa-b0a9-4dde-84f2-bcea0137b3c1", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "76ec1827-68a1-488f-9899-2b788ea8db64", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "f266754c-d0aa-4918-95a3-73b28eaa66e3", "value": "MoonWind" }, @@ -2221,6 +2547,29 @@ "http://blog.jpcert.or.jp/2017/04/redleaves---malware-based-on-open-source-rat.html" ] }, + "related": [ + { + "dest-uuid": "17b40f60-729f-4fe8-8aea-cc9ee44a95d5", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "90124cc8-1205-4e63-83ad-5c45a110b1e6", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "3df08e23-1d0b-41ed-b735-c4eca46ce48e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "ad6a1b4a-6d79-40d4-adb7-1d7ca697347e", "value": "RedLeaves" }, @@ -2317,6 +2666,22 @@ "http://blog.talosintelligence.com/2017/03/dnsmessenger.html" ] }, + "related": [ + { + "dest-uuid": "4f6aa78c-c3d4-4883-9840-96ca2f5d6d47", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "17e919aa-4a49-445c-b103-dbb8df9e7351", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "ee8ccb36-2596-43a3-a044-b8721dbeb2ab", "value": "DNSMessenger" }, @@ -2380,6 +2745,15 @@ "https://www.us-cert.gov/ncas/alerts/TA17-318A" ] }, + "related": [ + { + "dest-uuid": "fece06b7-d4b1-42cf-b81a-5323c917546e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "e0bea149-2def-484f-b658-f782a4f94815", "value": "FALLCHILL" }, @@ -2539,5 +2913,5 @@ "value": "Hallaj PRO RAT" } ], - "version": 12 + "version": 13 } diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 9051c30..251b002 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -59,6 +59,15 @@ "GIF89a" ] }, + "related": [ + { + "dest-uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "1cb7e1cc-d695-42b1-92f4-fd0112a3c9be", "value": "Comment Crew" }, @@ -104,6 +113,22 @@ "Sunshop Group" ] }, + "related": [ + { + "dest-uuid": "066d25c1-71bd-4bd4-8ca7-edbba00063f4", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "0286e80e-b0ed-464f-ad62-beec8536d0cb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "103ebfd8-4280-4027-b61a-69bd9967ad6c", "value": "Codoso" }, @@ -113,6 +138,15 @@ "https://www.cylance.com/hubfs/2015_cylance_website/assets/operation-dust-storm/Op_Dust_Storm_Report.pdf" ] }, + "related": [ + { + "dest-uuid": "ae41895a-243f-4a65-b99b-d85022326c31", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "9e71024e-817f-45b0-92a0-d886c30bc929", "value": "Dust Storm" }, @@ -235,6 +269,15 @@ "TG-6952" ] }, + "related": [ + { + "dest-uuid": "5ce5392a-3a6c-4e07-9df3-9b6a9159ac45", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "0ca45163-e223-4167-b1af-f088ed14a93d", "value": "Putter Panda" }, @@ -268,6 +311,15 @@ "Boyusec" ] }, + "related": [ + { + "dest-uuid": "0bbdf25b-30ff-4894-a1cd-49260d0dd2d9", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "d144c83e-2302-4947-9e24-856fbf7949ae", "value": "UPS" }, @@ -304,6 +356,15 @@ "Pioneer" ] }, + "related": [ + { + "dest-uuid": "b56af6ab-69f8-457a-bf50-c3aefa6dc14a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "b8c8b96d-61e6-47b1-8e38-fd8ad5d9854d", "value": "DarkHotel" }, @@ -338,6 +399,15 @@ "APT 12" ] }, + "related": [ + { + "dest-uuid": "c47f937f-1022-4f42-8525-e7a4779a14cb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "48146604-6693-4db1-bd94-159744726514", "value": "IXESHE" }, @@ -389,6 +459,22 @@ "Tailgater Team" ] }, + "related": [ + { + "dest-uuid": "090242d7-73fc-4738-af68-20162f7a5aae", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "24110866-cb22-4c85-a7d2-0413e126694b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "99e30d89-9361-4b73-a999-9e5ff9320bcb", "value": "Aurora Panda" }, @@ -419,6 +505,29 @@ "APT18" ] }, + "related": [ + { + "dest-uuid": "38fd6a28-3353-4f2b-bb2b-459fecd5c648", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "2fb07fa4-0d7f-43c7-8ff4-b28404313fe7", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "8e28dbee-4e9e-4491-9a6c-ee9c9ec4b28b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "9a683d9c-8f7d-43df-bba2-ad0ca71e277c", "value": "Wekby" }, @@ -483,6 +592,36 @@ "Barium" ] }, + "related": [ + { + "dest-uuid": "c5947e1c-1cbc-434c-94b8-27c7e3be0fff", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "090242d7-73fc-4738-af68-20162f7a5aae", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "99e30d89-9361-4b73-a999-9e5ff9320bcb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "a0cb9370-e39b-44d5-9f50-ef78e412b973", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "24110866-cb22-4c85-a7d2-0413e126694b", "value": "Axiom" }, @@ -515,6 +654,29 @@ "Sh3llCr3w" ] }, + "related": [ + { + "dest-uuid": "a653431d-6a5e-4600-8ad3-609b5af57064", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "0286e80e-b0ed-464f-ad62-beec8536d0cb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "103ebfd8-4280-4027-b61a-69bd9967ad6c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "066d25c1-71bd-4bd4-8ca7-edbba00063f4", "value": "Shell Crew" }, @@ -559,6 +721,36 @@ "Lotus Panda" ] }, + "related": [ + { + "dest-uuid": "2a158b0a-7ef8-43cb-9985-bf34d1e12050", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "5e0a7cf2-6107-4d5f-9dd0-9df38b1fcba8", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f26144c5-8593-4e78-831a-11f6452d809b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f047ee18-7985-4946-8bfb-4ed754d3a0dd", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "2f1fd017-9df6-4759-91fb-e7039609b5ff", "value": "Naikon" }, @@ -590,6 +782,15 @@ "Eslie" ] }, + "related": [ + { + "dest-uuid": "88b7dbc2-32d3-4e31-af2f-3fc24e1582d7", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "32fafa69-fe3c-49db-afd4-aac2664bcf0d", "value": "Lotus Blossom" }, @@ -603,6 +804,36 @@ "Elise" ] }, + "related": [ + { + "dest-uuid": "2a158b0a-7ef8-43cb-9985-bf34d1e12050", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "2f1fd017-9df6-4759-91fb-e7039609b5ff", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f26144c5-8593-4e78-831a-11f6452d809b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f047ee18-7985-4946-8bfb-4ed754d3a0dd", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "5e0a7cf2-6107-4d5f-9dd0-9df38b1fcba8", "value": "Lotus Panda" }, @@ -617,6 +848,29 @@ "TEMP.Avengers" ] }, + "related": [ + { + "dest-uuid": "a653431d-6a5e-4600-8ad3-609b5af57064", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "066d25c1-71bd-4bd4-8ca7-edbba00063f4", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "103ebfd8-4280-4027-b61a-69bd9967ad6c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "0286e80e-b0ed-464f-ad62-beec8536d0cb", "value": "Hurricane Panda" }, @@ -664,6 +918,29 @@ "Iron Tiger APT" ] }, + "related": [ + { + "dest-uuid": "fb366179-766c-4a4a-afa1-52bff1fd601c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f1b9f7d6-6ab1-404b-91a6-a1ed1845c045", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "4af45fea-72d3-11e8-846c-d37699506c8d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "834e0acd-d92a-4e38-bb14-dc4159d7cb32", "value": "Emissary Panda" }, @@ -711,6 +988,15 @@ "Stone Panda" ] }, + "related": [ + { + "dest-uuid": "222fbd21-fc4f-4b7e-9f85-0e6e3a76c33f", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "56b37b05-72e7-4a89-ba8a-61ce45269a8c", "value": "Stone Panda" }, @@ -765,6 +1051,15 @@ "https://kc.mcafee.com/corporate/index?page=content&id=KB71150" ] }, + "related": [ + { + "dest-uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "b3714d59-b61e-4713-903a-9b4f04ae7f3d", "value": "Night Dragon" }, @@ -915,6 +1210,15 @@ "MANGANESE" ] }, + "related": [ + { + "dest-uuid": "fe98767f-9df8-42b9-83c9-004b1dec8647", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "4d37813c-b8e9-4e58-a758-03168d8aa189", "value": "Pitty Panda" }, @@ -955,6 +1259,15 @@ "Sneaky Panda" ] }, + "related": [ + { + "dest-uuid": "03506554-5f37-4f8f-9ce4-0e9f01a1b484", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "da754aeb-a86d-4874-b388-d1d2028a56be", "value": "Beijing Group" }, @@ -1006,6 +1319,29 @@ "Wkysol" ] }, + "related": [ + { + "dest-uuid": "38fd6a28-3353-4f2b-bb2b-459fecd5c648", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "9a683d9c-8f7d-43df-bba2-ad0ca71e277c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "8e28dbee-4e9e-4491-9a6c-ee9c9ec4b28b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "2fb07fa4-0d7f-43c7-8ff4-b28404313fe7", "value": "Samurai Panda" }, @@ -1071,6 +1407,15 @@ "admin@338" ] }, + "related": [ + { + "dest-uuid": "16ade1aa-0ea1-4bb7-88cc-9079df2ae756", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "ac4bce1f-b3ec-4c44-bd36-b6cc986b319b", "value": "Temper Panda" }, @@ -1124,6 +1469,55 @@ "estimative-language:likelihood-probability=\"very-likely\"" ], "type": "similar" + }, + { + "dest-uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f98bac6b-12fd-4cad-be84-c84666932232", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "86724806-7ec9-4a48-a0a7-ecbde3bf4810", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "42be2a84-5a5c-4c6d-9864-3f09d75bb0ba", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "d56c99fa-4710-472c-81a6-41b7a84ea4be", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "a0082cfa-32e2-42b8-92d8-5c7a7409dcf1", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "ba724df5-9aa0-45ca-8e0e-7101c208ae48", @@ -1160,6 +1554,43 @@ "Ghambar" ] }, + "related": [ + { + "dest-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "86724806-7ec9-4a48-a0a7-ecbde3bf4810", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "42be2a84-5a5c-4c6d-9864-3f09d75bb0ba", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "d56c99fa-4710-472c-81a6-41b7a84ea4be", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "a0082cfa-32e2-42b8-92d8-5c7a7409dcf1", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "11e17436-6ede-4733-8547-4ce0254ea19e", "value": "Cutting Kitten" }, @@ -1200,6 +1631,71 @@ "Newsbeef" ] }, + "related": [ + { + "dest-uuid": "7636484c-adc5-45d4-9bfe-c3e062fbc4a0", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "ba724df5-9aa0-45ca-8e0e-7101c208ae48", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f873db71-3d53-41d5-b141-530675ade27a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "86724806-7ec9-4a48-a0a7-ecbde3bf4810", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "42be2a84-5a5c-4c6d-9864-3f09d75bb0ba", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "d56c99fa-4710-472c-81a6-41b7a84ea4be", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "a0082cfa-32e2-42b8-92d8-5c7a7409dcf1", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "f98bac6b-12fd-4cad-be84-c84666932232", "value": "Charming Kitten" }, @@ -1212,6 +1708,22 @@ ], "synonyms": [] }, + "related": [ + { + "dest-uuid": "fbd29c89-18ba-4c2d-b792-51c0adee049f", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "accd848b-b8f4-46ba-a408-9063b35cfbf2", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "4f69ec6d-cb6b-42af-b8e2-920a2aa4be10", "value": "APT33" }, @@ -1282,6 +1794,55 @@ "estimative-language:likelihood-probability=\"very-likely\"" ], "type": "similar" + }, + { + "dest-uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f98bac6b-12fd-4cad-be84-c84666932232", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "86724806-7ec9-4a48-a0a7-ecbde3bf4810", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "42be2a84-5a5c-4c6d-9864-3f09d75bb0ba", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "d56c99fa-4710-472c-81a6-41b7a84ea4be", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "a0082cfa-32e2-42b8-92d8-5c7a7409dcf1", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "f873db71-3d53-41d5-b141-530675ade27a", @@ -1332,6 +1893,71 @@ "Group 41" ] }, + "related": [ + { + "dest-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "11e17436-6ede-4733-8547-4ce0254ea19e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "42be2a84-5a5c-4c6d-9864-3f09d75bb0ba", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "d56c99fa-4710-472c-81a6-41b7a84ea4be", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "a0082cfa-32e2-42b8-92d8-5c7a7409dcf1", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "ba724df5-9aa0-45ca-8e0e-7101c208ae48", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f98bac6b-12fd-4cad-be84-c84666932232", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f873db71-3d53-41d5-b141-530675ade27a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "86724806-7ec9-4a48-a0a7-ecbde3bf4810", "value": "Cleaver" }, @@ -1426,6 +2052,22 @@ "Group 74" ] }, + "related": [ + { + "dest-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "213cdde9-c11a-4ea9-8ce0-c868e9826fec", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "5b4ee3ea-eee3-4c8e-8323-85ae32658754", "value": "Sofacy" }, @@ -1482,6 +2124,15 @@ "Hammer Toss" ] }, + "related": [ + { + "dest-uuid": "899ce53f-13a0-479b-a0e4-67d46e241542", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "b2056ff0-00b9-482e-b11c-c771daa5f28a", "value": "APT 29" }, @@ -1539,6 +2190,22 @@ "Hippo Team" ] }, + "related": [ + { + "dest-uuid": "7a19ecb1-3c65-4de3-a230-993516aed6a6", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "c097471c-2405-4393-b6d7-afbcb5f0cd11", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "fa80877c-f509-4daf-8b62-20aba1635f68", "value": "Turla Group" }, @@ -1580,6 +2247,15 @@ "Koala Team" ] }, + "related": [ + { + "dest-uuid": "1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "64d6559c-6d5c-4585-bbf9-c17868f763ee", "value": "Energetic Bear" }, @@ -1623,6 +2299,29 @@ "TEMP.Noble" ] }, + "related": [ + { + "dest-uuid": "381fcf73-60f6-4ab2-9991-6af3cbc35192", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "b47250ec-2094-4d06-b658-11456e05fe89", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "feac86e4-6bb2-4ba0-ac99-806aeb0a776c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "f512de42-f76b-40d2-9923-59e7dbdfec35", "value": "Sandworm" }, @@ -1637,6 +2336,29 @@ "Sandworm" ] }, + "related": [ + { + "dest-uuid": "381fcf73-60f6-4ab2-9991-6af3cbc35192", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f512de42-f76b-40d2-9923-59e7dbdfec35", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "feac86e4-6bb2-4ba0-ac99-806aeb0a776c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "b47250ec-2094-4d06-b658-11456e05fe89", "value": "TeleBots" }, @@ -1661,6 +2383,22 @@ "FIN7" ] }, + "related": [ + { + "dest-uuid": "3753cc21-2dae-4dfb-8481-d004e74502cc", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "55033a4d-3ffe-46b2-99b4-2c1541e9ce1c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "00220228-a5a4-4032-a30d-826bb55aa3fb", "value": "Anunak" }, @@ -1688,6 +2426,15 @@ "Anger Bear" ] }, + "related": [ + { + "dest-uuid": "90ef600f-5198-44a9-a2c6-de4b4d9d8624", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "82c1c7fa-c67b-4be6-9be8-8aa400ef2445", "value": "TeamSpy Crew" }, @@ -1705,6 +2452,15 @@ "meta": { "country": "RU" }, + "related": [ + { + "dest-uuid": "82c1c7fa-c67b-4be6-9be8-8aa400ef2445", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "90ef600f-5198-44a9-a2c6-de4b4d9d8624", "value": "Berserk Bear" }, @@ -1804,6 +2560,22 @@ "Operation GhostSecret" ] }, + "related": [ + { + "dest-uuid": "c93fccb1-e8e8-42cf-ae33-2ad1d183913a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "027a1428-6e79-4a4b-82b9-e698e8525c2b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "68391641-859f-4a9a-9a1e-3e5cf71ec376", "value": "Lazarus Group" }, @@ -1937,6 +2709,15 @@ "FruityArmor" ] }, + "related": [ + { + "dest-uuid": "894aab42-3371-47b1-8859-a4a074c804c8", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "dab75e38-6969-4e78-9304-dc269c3cbcf0", "value": "Stealth Falcon" }, @@ -1951,6 +2732,22 @@ "Operation Erebus" ] }, + "related": [ + { + "dest-uuid": "4a2ce82e-1a74-468a-a6fb-bbead541383c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "50cd027f-df14-40b2-aa22-bf5de5061163", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "bb446dc2-4fee-4212-8b2c-3ffa2917e338", "value": "ScarCruft" }, @@ -2007,6 +2804,22 @@ "Sarit" ] }, + "related": [ + { + "dest-uuid": "17862c7d-9e60-48a0-b48e-da4dc4c3f6b0", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "9559ecaf-2e75-48a7-aee8-9974020bc772", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "18d473a5-831b-47a5-97a1-a32156299825", "value": "Dropping Elephant" }, @@ -2029,6 +2842,15 @@ "http://researchcenter.paloaltonetworks.com/2016/01/scarlet-mimic-years-long-espionage-targets-minority-activists/" ] }, + "related": [ + { + "dest-uuid": "c5574ca0-d5a4-490a-b207-e4658e5fd1d7", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "0da10682-85c6-4c0b-bace-ba1f7adfb63e", "value": "Scarlet Mimic" }, @@ -2041,6 +2863,15 @@ "https://attack.mitre.org/wiki/Groups" ] }, + "related": [ + { + "dest-uuid": "7ecc3b4f-5cdb-457e-b55a-df376b359446", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "5fc09923-fcff-4e81-9cae-4518ef31cf4d", "value": "Poseidon Group" }, @@ -2069,6 +2900,22 @@ "Moafee" ] }, + "related": [ + { + "dest-uuid": "2e5d3a83-fe00-41a5-9b60-237efc84832f", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f3bdec95-3d62-42d9-a840-29630f6cdc1a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "a9b44750-992c-4743-8922-129880d277ea", "value": "DragonOK" }, @@ -2097,6 +2944,29 @@ "Emissary Panda" ] }, + "related": [ + { + "dest-uuid": "fb366179-766c-4a4a-afa1-52bff1fd601c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "834e0acd-d92a-4e38-bb14-dc4159d7cb32", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "4af45fea-72d3-11e8-846c-d37699506c8d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "f1b9f7d6-6ab1-404b-91a6-a1ed1845c045", "value": "Threat Group-3390" }, @@ -2127,6 +2997,15 @@ "Project Sauron" ] }, + "related": [ + { + "dest-uuid": "277d2f87-2ae5-4730-a3aa-50c1fdff9656", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "f3179cfb-9c86-4980-bd6b-e4fa74adaaa7", "value": "ProjectSauron" }, @@ -2165,6 +3044,36 @@ "APT30" ] }, + "related": [ + { + "dest-uuid": "2a158b0a-7ef8-43cb-9985-bf34d1e12050", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "2f1fd017-9df6-4759-91fb-e7039609b5ff", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "5e0a7cf2-6107-4d5f-9dd0-9df38b1fcba8", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f047ee18-7985-4946-8bfb-4ed754d3a0dd", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "f26144c5-8593-4e78-831a-11f6452d809b", "value": "APT 30" }, @@ -2184,6 +3093,15 @@ "https://securelist.com/blog/research/73638/apt-style-bank-robberies-increase-with-metel-gcman-and-carbanak-2-0-attacks/" ] }, + "related": [ + { + "dest-uuid": "0ea72cd5-ca30-46ba-bc04-378f701c658f", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "d93889de-b4bc-4a29-9ce7-d67717c140a0", "value": "GCMAN" }, @@ -2196,6 +3114,15 @@ "http://www.symantec.com/connect/blogs/indian-organizations-targeted-suckfly-attacks" ] }, + "related": [ + { + "dest-uuid": "5cbe0d3b-6fb1-471f-b591-4b192915116d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "5abb12e7-5066-4f84-a109-49a037205c76", "value": "Suckfly" }, @@ -2206,6 +3133,15 @@ "https://www2.fireeye.com/rs/848-DID-242/images/rpt-fin6.pdf" ] }, + "related": [ + { + "dest-uuid": "2a7914cf-dff3-428d-ab0f-1014d1c28aeb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "647894f6-1723-4cba-aba4-0ef0966d5302", "value": "FIN6" }, @@ -2271,6 +3207,85 @@ "Crambus" ] }, + "related": [ + { + "dest-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "11e17436-6ede-4733-8547-4ce0254ea19e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "86724806-7ec9-4a48-a0a7-ecbde3bf4810", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "d56c99fa-4710-472c-81a6-41b7a84ea4be", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "a0082cfa-32e2-42b8-92d8-5c7a7409dcf1", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "4ca1929c-7d64-4aab-b849-badbfc0c760d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "b96e02f1-4037-463f-b158-5a964352f8d9", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "ba724df5-9aa0-45ca-8e0e-7101c208ae48", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f98bac6b-12fd-4cad-be84-c84666932232", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f873db71-3d53-41d5-b141-530675ade27a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "42be2a84-5a5c-4c6d-9864-3f09d75bb0ba", "value": "OilRig" }, @@ -2302,6 +3317,15 @@ "https://blogs.technet.microsoft.com/mmpc/2016/12/09/windows-10-protection-detection-and-response-against-recent-attacks/" ] }, + "related": [ + { + "dest-uuid": "99784b80-6298-45ba-885c-0ed37bfd8324", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "46670c51-fea4-45d6-bdd4-62e85a5c7404", "value": "TERBIUM" }, @@ -2320,6 +3344,15 @@ "Moonlight" ] }, + "related": [ + { + "dest-uuid": "df71bb3b-813c-45eb-a8bc-f2a419837411", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "f7c2e501-73b1-400f-a5d9-2e2e07b7dfde", "value": "Molerats" }, @@ -2335,6 +3368,22 @@ "StrongPity" ] }, + "related": [ + { + "dest-uuid": "efed95ba-d7e8-47ff-8c53-99c42426ee7c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "5744f91a-d2d8-4f92-920f-943dd80c578f", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "43894e2a-174e-4931-94a8-2296afe8f650", "value": "PROMETHIUM" }, @@ -2345,6 +3394,22 @@ "https://blogs.technet.microsoft.com/mmpc/2016/12/14/twin-zero-day-attacks-promethium-and-neodymium-target-individuals-in-europe/" ] }, + "related": [ + { + "dest-uuid": "025bdaa9-897d-4bad-afa6-013ba5734653", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "47b5007a-3fb1-466a-9578-629e6e735493", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "ada08ea8-4517-4eea-aff1-3ad69e5466bb", "value": "NEODYMIUM" }, @@ -2474,6 +3539,15 @@ "EQGRP" ] }, + "related": [ + { + "dest-uuid": "2f3311cd-8476-4be7-9005-ead920afc781", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "7036fb3d-86b7-4d9c-bc66-1e1ead8b7840", "value": "Equation Group" }, @@ -2486,6 +3560,15 @@ "https://researchcenter.paloaltonetworks.com/2017/07/unit42-oilrig-uses-ismdoor-variant-possibly-linked-greenbug-threat-group/" ] }, + "related": [ + { + "dest-uuid": "a0082cfa-32e2-42b8-92d8-5c7a7409dcf1", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "47204403-34c9-4d25-a006-296a0939d1a2", "value": "Greenbug" }, @@ -2496,6 +3579,15 @@ "http://researchcenter.paloaltonetworks.com/2017/02/unit-42-title-gamaredon-group-toolset-evolution" ] }, + "related": [ + { + "dest-uuid": "2e290bfe-93b5-48ce-97d6-edcd6d32b7cf", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "1a77e156-76bc-43f5-bdd7-bd67f30fbbbb", "value": "Gamaredon Group" }, @@ -2628,6 +3720,15 @@ "the Lamberts" ] }, + "related": [ + { + "dest-uuid": "7036fb3d-86b7-4d9c-bc66-1e1ead8b7840", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "2f3311cd-8476-4be7-9005-ead920afc781", "value": "Longhorn" }, @@ -2677,6 +3778,22 @@ "APT 32" ] }, + "related": [ + { + "dest-uuid": "247cb30b-955f-42eb-97a5-a89fef69341e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "7e5a571f-dee2-4cae-a960-f8ab8a8fb1cf", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "aa29ae56-e54b-47a2-ad16-d3ab0242d5d7", "value": "APT32" }, @@ -2719,6 +3836,22 @@ "TwoForOne" ] }, + "related": [ + { + "dest-uuid": "f9c06633-dcff-48a1-8588-759e7cec5694", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "154e97b5-47ef-415a-99a6-2157f1b50339", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "1fc5671f-5757-43bf-8d6d-a9a93b03713a", "value": "PLATINUM" }, @@ -2739,6 +3872,29 @@ ], "victimology": "Ukraine, Electric Utilities" }, + "related": [ + { + "dest-uuid": "381fcf73-60f6-4ab2-9991-6af3cbc35192", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f512de42-f76b-40d2-9923-59e7dbdfec35", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "b47250ec-2094-4d06-b658-11456e05fe89", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "feac86e4-6bb2-4ba0-ac99-806aeb0a776c", "value": "ELECTRUM" }, @@ -2768,6 +3924,15 @@ "http://files.shareholder.com/downloads/AMDA-254Q5F/0x0x938351/665BA6A3-9573-486C-B96F-80FA35759E8C/FEYE_rpt-mtrends-2017_FINAL2.pdf" ] }, + "related": [ + { + "dest-uuid": "fd19bd82-1b14-49a1-a176-6cdc46b8a826", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "a78ae9fe-71cd-4563-9213-7b6260bd9a73", "value": "FIN8" }, @@ -2830,6 +3995,15 @@ "https://www.proofpoint.com/us/threat-insight/post/apt-targets-financial-analysts#.WS3IBVFV4no.twitter" ] }, + "related": [ + { + "dest-uuid": "62a64fd3-aaf7-4d09-a375-d6f8bb118481", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "c6472ae1-c6ad-4cf1-8d6e-8c94b94fe314", "value": "TA459" }, @@ -2912,6 +4086,15 @@ "RedBaldKnight" ] }, + "related": [ + { + "dest-uuid": "93f52415-0fe4-4d3d-896c-fc9b8e88ab90", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "add6554a-815a-4ac3-9b22-9337b9661ab8", "value": "Tick" }, @@ -2924,6 +4107,22 @@ "JerseyMikes" ] }, + "related": [ + { + "dest-uuid": "7a19ecb1-3c65-4de3-a230-993516aed6a6", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "fa80877c-f509-4daf-8b62-20aba1635f68", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "c097471c-2405-4393-b6d7-afbcb5f0cd11", "value": "APT 26" }, @@ -3034,6 +4233,15 @@ "Slayer Kitten" ] }, + "related": [ + { + "dest-uuid": "dcd81c6e-ebf7-4a16-93e0-9a97fa49c88a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "8cca9a1d-66e4-4bc4-ad49-95f759f4c1ae", "value": "CopyKittens" }, @@ -3126,6 +4334,29 @@ "Sykipot" ] }, + "related": [ + { + "dest-uuid": "38fd6a28-3353-4f2b-bb2b-459fecd5c648", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "9a683d9c-8f7d-43df-bba2-ad0ca71e277c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "2fb07fa4-0d7f-43c7-8ff4-b28404313fe7", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "8e28dbee-4e9e-4491-9a6c-ee9c9ec4b28b", "value": "Maverick Panda" }, @@ -3243,6 +4474,71 @@ "Group 41" ] }, + "related": [ + { + "dest-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "11e17436-6ede-4733-8547-4ce0254ea19e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "86724806-7ec9-4a48-a0a7-ecbde3bf4810", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "42be2a84-5a5c-4c6d-9864-3f09d75bb0ba", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "a0082cfa-32e2-42b8-92d8-5c7a7409dcf1", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "ba724df5-9aa0-45ca-8e0e-7101c208ae48", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f98bac6b-12fd-4cad-be84-c84666932232", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f873db71-3d53-41d5-b141-530675ade27a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "d56c99fa-4710-472c-81a6-41b7a84ea4be", "value": "Clever Kitten" }, @@ -3451,6 +4747,15 @@ "https://www.cfr.org/interactive/cyber-operations/sowbug" ] }, + "related": [ + { + "dest-uuid": "d1acfbb3-647b-4723-9154-800ec119006e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "1ca3b039-404e-4132-88c2-4e41235cd2f5", "value": "Sowbug" }, @@ -3481,6 +4786,15 @@ "TEMP.Zagros" ] }, + "related": [ + { + "dest-uuid": "269e8108-68c6-4f99-b911-14b2e765dec2", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "a29af069-03c3-4534-b78b-7d1a77ea085b", "value": "MuddyWater" }, @@ -3558,6 +4872,22 @@ "Ricochet Chollima" ] }, + "related": [ + { + "dest-uuid": "4a2ce82e-1a74-468a-a6fb-bbead541383c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "bb446dc2-4fee-4212-8b2c-3ffa2917e338", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "50cd027f-df14-40b2-aa22-bf5de5061163", "value": "APT37" }, @@ -3586,6 +4916,15 @@ "TEMP.Periscope" ] }, + "related": [ + { + "dest-uuid": "7113eaa5-ba79-4fb3-b68a-398ee9cd698e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "5b4b6980-3bc7-11e8-84d6-879aaac37dd9", "value": "Leviathan" }, @@ -3612,6 +4951,15 @@ "APT 34" ] }, + "related": [ + { + "dest-uuid": "68ba94ab-78b8-43e7-83e2-aed3466882c6", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "73a521f6-3bc7-11e8-9e30-df7c90e50dda", "value": "APT34" }, @@ -3684,6 +5032,92 @@ ], "victimology": "Oil and Gas, Manufacturing, Europe, MENA, North America" }, + "related": [ + { + "dest-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "11e17436-6ede-4733-8547-4ce0254ea19e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "86724806-7ec9-4a48-a0a7-ecbde3bf4810", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "42be2a84-5a5c-4c6d-9864-3f09d75bb0ba", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "d56c99fa-4710-472c-81a6-41b7a84ea4be", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "4ca1929c-7d64-4aab-b849-badbfc0c760d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "b96e02f1-4037-463f-b158-5a964352f8d9", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "ba724df5-9aa0-45ca-8e0e-7101c208ae48", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f98bac6b-12fd-4cad-be84-c84666932232", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f873db71-3d53-41d5-b141-530675ade27a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "47204403-34c9-4d25-a006-296a0939d1a2", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "a0082cfa-32e2-42b8-92d8-5c7a7409dcf1", "value": "CHRYSENE" }, @@ -3703,6 +5137,22 @@ ], "victimology": "Electric Utilities, US" }, + "related": [ + { + "dest-uuid": "c93fccb1-e8e8-42cf-ae33-2ad1d183913a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "68391641-859f-4a9a-9a1e-3e5cf71ec376", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "027a1428-6e79-4a4b-82b9-e698e8525c2b", "value": "COVELLITE" }, @@ -3751,6 +5201,22 @@ ], "victimology": "Petrochemical, Aerospace, Saudi Arabia" }, + "related": [ + { + "dest-uuid": "fbd29c89-18ba-4c2d-b792-51c0adee049f", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "4f69ec6d-cb6b-42af-b8e2-920a2aa4be10", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "accd848b-b8f4-46ba-a408-9063b35cfbf2", "value": "MAGNALLIUM" }, @@ -3799,6 +5265,29 @@ "Iron Tiger" ] }, + "related": [ + { + "dest-uuid": "fb366179-766c-4a4a-afa1-52bff1fd601c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "834e0acd-d92a-4e38-bb14-dc4159d7cb32", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f1b9f7d6-6ab1-404b-91a6-a1ed1845c045", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "4af45fea-72d3-11e8-846c-d37699506c8d", "value": "LuckyMouse" }, @@ -3878,5 +5367,5 @@ "value": "RedAlpha" } ], - "version": 51 + "version": 52 } diff --git a/clusters/tool.json b/clusters/tool.json index fcfe7cb..6cc4dae 100644 --- a/clusters/tool.json +++ b/clusters/tool.json @@ -29,6 +29,22 @@ "Banking" ] }, + "related": [ + { + "dest-uuid": "96b2b31e-b191-43c4-9929-48ba1cbee62c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "5594b171-32ec-4145-b712-e7701effffdd", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "75f53ead-1aee-4f91-8cb9-b4170d747cfc", "value": "Tinba" }, @@ -49,6 +65,22 @@ "Backdoor" ] }, + "related": [ + { + "dest-uuid": "663f8ef9-4c50-499a-b765-f377d23c1070", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "f4b159ea-97e5-483b-854b-c48a78d562aa", "value": "PlugX" }, @@ -93,6 +125,22 @@ "Backdoor" ] }, + "related": [ + { + "dest-uuid": "4e104fef-8a2c-4679-b497-6e86d7d47db0", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "b42378e0-f147-496f-992a-26a49705395b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "2abe89de-46dd-4dae-ae22-b49a593aff54", "value": "Poison Ivy" }, @@ -172,6 +220,15 @@ "PWS" ] }, + "related": [ + { + "dest-uuid": "7551188b-8f91-4d34-8350-0d0c57b2b913", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "d70fd29d-590e-4ed5-b72f-6ce0142019c6", "value": "Elise Backdoor" }, @@ -209,6 +266,22 @@ "AndroidOS" ] }, + "related": [ + { + "dest-uuid": "3d3aa832-8847-47c5-9e31-ef13ab7ab6fb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "620981e8-49c8-486a-b30c-359702c8ffbc", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "f8047de2-fefc-4ee0-825b-f1fae4b20c09", "value": "Slempo" }, @@ -285,6 +358,15 @@ "Backdoor" ] }, + "related": [ + { + "dest-uuid": "6c3c111a-93af-428a-bee0-feacbee0237d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "a8111fb7-d4c4-4671-a6f9-f62fea8bad60", "value": "NanoCoreRAT" }, @@ -300,6 +382,22 @@ "Backdoor" ] }, + "related": [ + { + "dest-uuid": "3eca2d5f-41bf-4ad4-847f-df18befcdc44", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "96b08451-b27a-4ff6-893f-790e26393a8e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "f6c137f0-979c-4ce2-a0e5-2a080a5a1746", "value": "Sakula" }, @@ -328,6 +426,15 @@ "Backdoor" ] }, + "related": [ + { + "dest-uuid": "94379dec-5c87-49db-b36e-66abc0b81344", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "eff68b97-f36e-4827-ab1a-90523c16774c", "value": "Derusbi" }, @@ -347,6 +454,22 @@ "Backdoor" ] }, + "related": [ + { + "dest-uuid": "2f1a9fd0-3b7c-4d77-a358-78db13adbe78", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "c542f369-f06d-4168-8c84-fdf5fc7f2a8d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "c9b4ec27-0a43-4671-a967-bcac5df0e056", "value": "EvilGrab" }, @@ -369,6 +492,15 @@ "Dropper" ] }, + "related": [ + { + "dest-uuid": "48523614-309e-43bf-a2b8-705c2b45d7b2", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "170db76b-93f7-4fd1-97fc-55937c079b66", "value": "Trojan.Naid" }, @@ -404,6 +536,15 @@ "Backdoor" ] }, + "related": [ + { + "dest-uuid": "cafd0bf8-2b9c-46c7-ae3c-3e0f42c5062e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "59b70721-6fed-4805-afa5-4ff2554bef81", "value": "NetTraveler" }, @@ -423,6 +564,15 @@ "Backdoor" ] }, + "related": [ + { + "dest-uuid": "d3afa961-a80c-4043-9509-282cdf69ab21", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "9b3a4cff-1c5a-4fd6-b49c-27240b6d622c", "value": "Winnti" }, @@ -440,6 +590,15 @@ "HackTool" ] }, + "related": [ + { + "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "7f3a035d-d83a-45b8-8111-412aa8ade802", "value": "Mimikatz" }, @@ -454,6 +613,15 @@ "Backdoor" ] }, + "related": [ + { + "dest-uuid": "1d808f62-cf63-4063-9727-ff6132514c22", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "b5be84b7-bf2c-40d0-85a9-14c040881a98", "value": "WEBC2" }, @@ -471,6 +639,15 @@ "Backdoor" ] }, + "related": [ + { + "dest-uuid": "58adaaa8-f1e8-4606-9a08-422e568461eb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "4859330d-c6a5-4b9c-b45b-536ec983cd4a", "value": "Pirpi" }, @@ -484,6 +661,15 @@ "Backdoor" ] }, + "related": [ + { + "dest-uuid": "8c553311-0baa-4146-997a-f79acef3d831", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "5d2dd6ad-6bb2-45d3-b295-e125d3399c8d", "value": "RARSTONE" }, @@ -501,6 +687,15 @@ "Backdoor" ] }, + "related": [ + { + "dest-uuid": "fb261c56-b80e-43a9-8351-c84081e7213d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "cd6c5f27-cf7e-4529-ae9c-ab5b85102bde", "value": "Backspace" }, @@ -578,6 +773,15 @@ "Backdoor" ] }, + "related": [ + { + "dest-uuid": "6b62e336-176f-417b-856a-8552dd8c44e1", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "36c0faf0-428e-4e7f-93c5-824bb0495ac9", "value": "Wipbot" }, @@ -598,15 +802,42 @@ "Rootkit" ] }, + "related": [ + { + "dest-uuid": "80a014ba-3fef-4768-990b-37d8bd10d7f4", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "22332d52-c0c2-443c-9ffb-f08c0d23722c", "value": "Turla" }, { + "related": [ + { + "dest-uuid": "96fd6cc4-a693-4118-83ec-619e5352d07d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "811bdec0-e236-48ae-b27c-1a8fe0bfc3a9", "value": "Winexe" }, { "description": "RAT initialy identified in 2011 and still actively used.", + "related": [ + { + "dest-uuid": "8a21ae06-d257-48a0-989b-1c9aebedabc2", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "9ad11139-e928-45cf-a0b4-937290642e92", "value": "Dark Comet" }, @@ -687,6 +918,15 @@ "https://blog.malwarebytes.org/intelligence/2012/06/you-dirty-rat-part-2-blackshades-net/" ] }, + "related": [ + { + "dest-uuid": "3a1fc564-3705-4cc0-8f80-13c58d470d34", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "8c3202d5-1671-46ec-9d42-cb50dbe2f667", "value": "Blackshades" }, @@ -706,6 +946,29 @@ "Backdoor" ] }, + "related": [ + { + "dest-uuid": "ccd61dfc-b03f-4689-8c18-7c97eab08472", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "56660521-6db4-4e5a-a927-464f22954b7c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "3e2c99f9-66cd-48be-86e9-d7c1c164d87c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "0a32ceea-fa66-47ab-8bde-150dbd6d2e40", "value": "CHOPSTICK" }, @@ -726,6 +989,15 @@ "Backdoor" ] }, + "related": [ + { + "dest-uuid": "fb575479-14ef-41e9-bfab-0b7cf10bec73", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "6374fc53-9a0d-41ba-b9cf-2a9765d69fbb", "value": "EVILTOSS" }, @@ -745,6 +1017,50 @@ "Backdoor" ] }, + "related": [ + { + "dest-uuid": "8ae43c46-57ef-47d5-a77a-eebb35628db2", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "1de47f51-1f20-403b-a2e1-5eaabe275faa", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "3948ce95-468e-4ce1-82b1-57439c6d6afd", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "60c18d06-7b91-4742-bae3-647845cd9d81", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "43cd8a09-9c80-48c8-9568-1992433af60a", "value": "GAMEFISH" }, @@ -758,6 +1074,50 @@ "Sofacy" ] }, + "related": [ + { + "dest-uuid": "60c18d06-7b91-4742-bae3-647845cd9d81", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "3948ce95-468e-4ce1-82b1-57439c6d6afd", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "8ae43c46-57ef-47d5-a77a-eebb35628db2", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "1de47f51-1f20-403b-a2e1-5eaabe275faa", "value": "SOURFACE" }, @@ -777,6 +1137,15 @@ "PWS" ] }, + "related": [ + { + "dest-uuid": "2dd34b01-6110-4aac-835d-b5e7b936b0be", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "6d1e2736-d363-49aa-9054-9c9e4ac0c520", "value": "OLDBAIT" }, @@ -790,6 +1159,50 @@ "Sofacy" ] }, + "related": [ + { + "dest-uuid": "60c18d06-7b91-4742-bae3-647845cd9d81", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "1de47f51-1f20-403b-a2e1-5eaabe275faa", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "df36267b-7267-4c23-a7a1-cf94ef1b3729", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "8ae43c46-57ef-47d5-a77a-eebb35628db2", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "43cd8a09-9c80-48c8-9568-1992433af60a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "3948ce95-468e-4ce1-82b1-57439c6d6afd", "value": "CORESHELL" }, @@ -799,6 +1212,15 @@ "Havex" ] }, + "related": [ + { + "dest-uuid": "083bb47b-02c8-4423-81a2-f9ef58572974", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "d7183f66-59ec-4803-be20-237b442259fc", "value": "Havex RAT" }, @@ -809,6 +1231,15 @@ "https://www.sentinelone.com/blog/understanding-kjw0rm-malware-we-dive-in-to-the-tv5-cyber-attack/" ] }, + "related": [ + { + "dest-uuid": "a7bffc6a-5b47-410b-b039-def16050adcb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "b3f7a454-3b23-4149-99aa-0132323814d0", "value": "KjW0rm" }, @@ -833,10 +1264,28 @@ "value": "AmmyAdmin" }, { + "related": [ + { + "dest-uuid": "33b86249-5455-4698-a5e5-0c9591e673b9", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "cb6c49ab-b9ac-459f-b765-05cbe2e63b0d", "value": "Matryoshka" }, { + "related": [ + { + "dest-uuid": "c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "e2cc27a2-4146-4f08-8e80-114a99204cea", "value": "TinyZBot" }, @@ -863,14 +1312,41 @@ "WarriorPride" ] }, + "related": [ + { + "dest-uuid": "4c59cce8-cb48-4141-b9f1-f646edfaadb0", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "0cf21558-1217-4d36-9536-2919cfd44825", "value": "Regin" }, { + "related": [ + { + "dest-uuid": "68dca94f-c11d-421e-9287-7c501108e18c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "809b54c3-dd6a-4ec9-8c3a-a27b9baa6732", "value": "Duqu" }, { + "related": [ + { + "dest-uuid": "ff6840c9-4c87-4d07-bbb6-9f50aa33d498", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "d7963066-62ed-4494-9b8c-4b8b691a7c82", "value": "Flame" }, @@ -952,6 +1428,15 @@ "http://researchcenter.paloaltonetworks.com/2016/02/t9000-advanced-modular-backdoor-uses-complex-anti-analysis-techniques/" ] }, + "related": [ + { + "dest-uuid": "876f6a77-fbc5-4e13-ab1a-5611986730a3", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "66575fb4-7f92-42d8-8c47-e68a26413081", "value": "T9000" }, @@ -973,6 +1458,15 @@ "http://www.symantec.com/connect/blogs/trojantaidoor-takes-aim-policy-think-tanks" ] }, + "related": [ + { + "dest-uuid": "b143dfa4-e944-43ff-8429-bfffc308c517", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "cda7d605-23d0-4f93-a585-1276f094c04a", "value": "Taidoor" }, @@ -1030,6 +1524,15 @@ "value": "Preshin" }, { + "related": [ + { + "dest-uuid": "65a30580-d542-4113-b00f-7fab98bd046c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "b3ea33fd-eaa0-4bab-9bd0-12534c9aa987", "value": "Oficla" }, @@ -1061,6 +1564,15 @@ "http://www.clearskysec.com/dustysky/" ] }, + "related": [ + { + "dest-uuid": "687c23e4-4e25-4ee7-a870-c5e002511f54", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "eedcf785-d011-4e17-96c4-6ff39138ada0", "value": "NeD Worm" }, @@ -1088,6 +1600,22 @@ "http://blog.avast.com/2013/07/22/multisystem-trojan-janicab-attacks-windows-and-macosx-via-scripts/" ] }, + "related": [ + { + "dest-uuid": "234e7770-99b0-4f65-b983-d3230f76a60b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "4af4e96f-c92d-4a45-9958-a88ad8deb38d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "c3c20c4b-e12a-42e5-960a-eea4644014f4", "value": "Janicab" }, @@ -1130,6 +1658,15 @@ "Geodo" ] }, + "related": [ + { + "dest-uuid": "8e002f78-7fb8-4e70-afd7-0b4ac655be26", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "3f7616bd-f1de-46ee-87c2-43c0c2edaa28", "value": "Emotet" }, @@ -1144,6 +1681,15 @@ "BS2005" ] }, + "related": [ + { + "dest-uuid": "67fc172a-36fa-4a35-88eb-4ba730ed52a6", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "25cd01bc-1346-4415-8f8d-d3656309ef6b", "value": "Hoardy" }, @@ -1165,6 +1711,15 @@ "TokenControl" ] }, + "related": [ + { + "dest-uuid": "e066bf86-9cfb-407a-9d25-26fd5d91e360", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "08e2c9ef-aa62-429f-a6e5-e901ff6883cd", "value": "HTTPBrowser" }, @@ -1185,6 +1740,15 @@ "Ursnif" ] }, + "related": [ + { + "dest-uuid": "b9448d2a-a23c-4bf2-92a1-d860716ba2f3", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "75b01a1e-3269-4f4c-bdba-37af4e9c3f54", "value": "Snifula" }, @@ -1234,6 +1798,15 @@ "RIPTIDE" ] }, + "related": [ + { + "dest-uuid": "ad4f146f-e3ec-444a-ba71-24bffd7f0f8e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "91583583-95c0-444e-8175-483cbebc640b", "value": "Etumbot" }, @@ -1261,6 +1834,15 @@ "https://blog.bit9.com/2013/02/25/bit9-security-incident-update/" ] }, + "related": [ + { + "dest-uuid": "95047f03-4811-4300-922e-1ba937d53a61", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "06953055-92ed-4936-8ffd-d9d72ab6bef6", "value": "Hikit" }, @@ -1348,6 +1930,29 @@ "Backdoor" ] }, + "related": [ + { + "dest-uuid": "ccd61dfc-b03f-4689-8c18-7c97eab08472", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "56660521-6db4-4e5a-a927-464f22954b7c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "0a32ceea-fa66-47ab-8bde-150dbd6d2e40", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "3e2c99f9-66cd-48be-86e9-d7c1c164d87c", "value": "X-Agent" }, @@ -1357,6 +1962,15 @@ "XTunnel" ] }, + "related": [ + { + "dest-uuid": "7343e208-7cab-45f2-a47b-41ba5e2f0fab", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "6d180bd7-3c77-4faf-b98b-dc2ab5f49101", "value": "X-Tunnel" }, @@ -1393,6 +2007,15 @@ "https://www.arbornetworks.com/blog/asert/mad-max-dga/" ] }, + "related": [ + { + "dest-uuid": "7a6fcec7-3408-4371-907b-cbf8fc931b66", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "d3d56dd0-3409-470a-958b-a865fdd158f9", "value": "Mad Max" }, @@ -1406,6 +2029,22 @@ "Backdoor" ] }, + "related": [ + { + "dest-uuid": "8d8efbc6-d1b7-4ec8-bab3-591edba337d0", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "326af1cd-78e7-45b7-a326-125d2f7ef8f2", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "858edfb8-793a-430b-8acc-4310e7d2f0d3", "value": "Crimson" }, @@ -1419,6 +2058,15 @@ "Backdoor" ] }, + "related": [ + { + "dest-uuid": "37cc7eb6-12e3-467b-82e8-f20f2cc73c69", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "67ade442-63f2-4319-bdcd-d2564b963ed6", "value": "Prikormka" }, @@ -1429,6 +2077,15 @@ "https://www.f-secure.com/documents/996508/1030745/nanhaishu_whitepaper.pdf" ] }, + "related": [ + { + "dest-uuid": "705f0783-5f7d-4491-b6b7-9628e6e006d2", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "7abd6950-7a07-4d9e-ade1-62414fa50619", "value": "NanHaiShu" }, @@ -1439,6 +2096,15 @@ "http://blog.trendmicro.com/trendlabs-security-intelligence/pokemon-themed-umbreon-linux-rootkit-hits-x86-arm-systems/" ] }, + "related": [ + { + "dest-uuid": "3d8e547d-9456-4f32-a895-dc86134e282f", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "2a18f5dd-40fc-444b-a7c6-85f94b3eee13", "value": "Umbreon" }, @@ -1494,6 +2160,29 @@ "Backdoor:Java/Adwind" ] }, + "related": [ + { + "dest-uuid": "b76d9845-815c-4e77-9538-6b737269da2f", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "ce1a9641-5bb8-4a61-990a-870e9ef36ac1", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "dadccdda-a4c2-4021-90b9-61a394e602be", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "ab4694d6-7043-41f2-b328-d93bec9c1b22", "value": "Adwind" }, @@ -1515,6 +2204,22 @@ "Cridex" ] }, + "related": [ + { + "dest-uuid": "44754726-e1d5-4e5f-a113-234c4a8ca65e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "7ca93488-c357-44c3-b246-3f88391aca5a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "276c2c2e-09da-44cf-a3f7-806b3feb41da", "value": "Dridex" }, @@ -1564,6 +2269,22 @@ "PinkSlipBot" ] }, + "related": [ + { + "dest-uuid": "b2ec1f16-2a76-4910-adc5-ecb3570e7c1a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "6e1168e6-7768-4fa2-951f-6d6934531633", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "ac2ff27d-a7cb-46fe-ae32-cfe571dc614d", "value": "Akbot" }, @@ -1579,6 +2300,15 @@ "https://www.sophos.com/medialibrary/PDFs/technical%20papers/sophos-vawtrak-international-crimeware-as-a-service-tpna.pdf" ] }, + "related": [ + { + "dest-uuid": "f3813bbd-682c-400d-8165-778be6d3f91f", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "e95dd1ba-7485-4c02-bf2e-14beedbcf053", "value": "Vawtrak" }, @@ -1589,6 +2319,15 @@ "https://github.com/adaptivethreat/Empire" ] }, + "related": [ + { + "dest-uuid": "6eb15569-4ddd-4820-9a44-7bca5b303b86", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "525ce93a-76a1-441a-9c45-0eac64d0ed12", "value": "Empire" }, @@ -1641,6 +2380,15 @@ "Linux/Mirai" ] }, + "related": [ + { + "dest-uuid": "fcdfd4af-da35-49a8-9610-19be8a487185", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "dcbf1aaa-1fdd-4bfc-a35e-145ffdfb5ac5", "value": "Mirai" }, @@ -1668,6 +2416,15 @@ "https://www.virusbulletin.com/conference/vb2014/abstracts/back-blackenergy-2014-targeted-attacks-ukraine-and-poland/" ] }, + "related": [ + { + "dest-uuid": "54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "5a22cad7-65fa-4b7a-a7aa-7915a6101efa", "value": "BlackEnergy" }, @@ -1712,6 +2469,15 @@ "https://attack.mitre.org/wiki/Software/S0049" ] }, + "related": [ + { + "dest-uuid": "199463de-d9be-46d6-bb41-07234c1dd5a6", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "6a28a648-30c0-4d1d-bd67-81a8dc6486ba", "value": "GeminiDuke" }, @@ -1727,6 +2493,22 @@ "Zbot" ] }, + "related": [ + { + "dest-uuid": "f0ec2df5-2e38-4df3-970d-525352006f2e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "e878d24d-f122-48c4-930c-f6b6d5f0ee28", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "0ce448de-c2bb-4c6e-9ad7-c4030f02b4d7", "value": "Zeus" }, @@ -1777,6 +2559,15 @@ "https://en.wikipedia.org/wiki/Shamoon" ] }, + "related": [ + { + "dest-uuid": "8901ac23-6b50-410c-b0dd-d8174a86f9b3", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "776b1849-8d5b-4762-8ba1-cbbaddb4ce3a", "value": "Shamoon" }, @@ -1833,6 +2624,15 @@ "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx" ] }, + "related": [ + { + "dest-uuid": "4ab44516-ad75-4e43-a280-705dc0420e2f", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "ff00fa92-b32e-46b6-88ca-98357ebe3f54", "value": "ZeroT" }, @@ -1843,6 +2643,15 @@ "https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar" ] }, + "related": [ + { + "dest-uuid": "91000a8a-58cc-4aba-9ad0-993ad6302b86", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "9991ace8-1a62-498c-a9ef-19d474deb505", "value": "StreamEx" }, @@ -1986,6 +2795,15 @@ "Backdoor" ] }, + "related": [ + { + "dest-uuid": "88c621a7-aef9-4ae0-94e3-1fc87123eb24", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "1b1ae63f-bcee-4aba-8994-6c60cee5e16f", "value": "gh0st" }, @@ -2116,6 +2934,15 @@ "Backdoor" ] }, + "related": [ + { + "dest-uuid": "179288c9-4ff1-4a7e-b728-35dd2e6aac43", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "c3a784ee-cef7-4604-a5ba-ec7b193a5152", "value": "qrat" }, @@ -2312,6 +3139,15 @@ "http://www.enigmasoftware.com/trochilusrat-removal/" ] }, + "related": [ + { + "dest-uuid": "8204723f-aefc-4c90-9178-8fe53e8d6f33", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "5e15e4ca-0e04-4af1-ab2a-779dbcad545d", "value": "Trochilus" }, @@ -2322,6 +3158,22 @@ "http://researchcenter.paloaltonetworks.com/2017/03/unit42-trochilus-rat-new-moonwind-rat-used-attack-thai-utility-organizations/" ] }, + "related": [ + { + "dest-uuid": "f266754c-d0aa-4918-95a3-73b28eaa66e3", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "9ea525fa-b0a9-4dde-84f2-bcea0137b3c1", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "76ec1827-68a1-488f-9899-2b788ea8db64", "value": "MoonWind" }, @@ -2336,6 +3188,22 @@ "Pegasus spyware" ] }, + "related": [ + { + "dest-uuid": "33d9d91d-aad9-49d5-a516-220ce101ac8a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "93799a9d-3537-43d8-b6f4-17215de1657c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "9d7c772b-43f1-49cf-bc70-7a7cd2ed34c8", "value": "Chrysaor" }, @@ -2377,6 +3245,15 @@ "http://contagiodump.blogspot.lu/2013/03/mandiant-apt1-samples-categorized-by.html" ] }, + "related": [ + { + "dest-uuid": "b8eb28e4-48a6-40ae-951a-328714f75eda", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "f1e05a12-ca50-41ab-a963-d7df5bcb141d", "value": "BISCUIT" }, @@ -2397,6 +3274,15 @@ "http://contagiodump.blogspot.lu/2013/03/mandiant-apt1-samples-categorized-by.html" ] }, + "related": [ + { + "dest-uuid": "5a84dc36-df0d-4053-9b7c-f0c388a57283", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "e2c18713-0a95-4092-a0e9-76358512daad", "value": "CALENDAR" }, @@ -2463,6 +3349,15 @@ "TROJAN.GTALK" ] }, + "related": [ + { + "dest-uuid": "f2e8c7a1-cae1-45c4-baf0-6f21bdcbb2c2", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "a379f09b-5cec-4bdb-9735-125cef2de073", "value": "GLOOXMAIL" }, @@ -2830,6 +3725,15 @@ "https://www.fireeye.com/blog/threat-research/2017/04/apt10_menupass_grou.html" ] }, + "related": [ + { + "dest-uuid": "dc5d1a33-62aa-4a0c-aa8c-589b87beb11e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "d71604d2-a17e-4b4e-82be-19cb54f93161", "value": "HAYMAKER" }, @@ -2840,6 +3744,29 @@ "https://www.fireeye.com/blog/threat-research/2017/04/apt10_menupass_grou.html" ] }, + "related": [ + { + "dest-uuid": "ad6a1b4a-6d79-40d4-adb7-1d7ca697347e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "17b40f60-729f-4fe8-8aea-cc9ee44a95d5", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "3df08e23-1d0b-41ed-b735-c4eca46ce48e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "90124cc8-1205-4e63-83ad-5c45a110b1e6", "value": "BUGJUICE" }, @@ -2850,6 +3777,22 @@ "https://www.fireeye.com/blog/threat-research/2017/04/apt10_menupass_grou.html" ] }, + "related": [ + { + "dest-uuid": "3240cbe4-c550-443b-aa76-cc2a7058b870", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "12b524b9-0d94-400f-904f-615f4f764aaf", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "6a42aa10-5b7e-43b0-8c58-414cdaeda453", "value": "SNUGRIDE" }, @@ -2901,6 +3844,15 @@ "BlackOasis" ] }, + "related": [ + { + "dest-uuid": "6ac125c8-6f00-490f-a43b-30b36d715431", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "dd4358a4-7a43-42f7-8322-0f941ee61e57", "value": "FINSPY" }, @@ -3163,6 +4115,15 @@ "Dofoil" ] }, + "related": [ + { + "dest-uuid": "0c824410-58ff-49b2-9cf2-1c96b182bdf0", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "81f41bae-2ba9-4cec-9613-776be71645ca", "value": "Smoke Loader" }, @@ -3207,6 +4168,15 @@ "http://blog.talosintelligence.com/2017/05/konni-malware-under-radar-for-years.html" ] }, + "related": [ + { + "dest-uuid": "5b930a23-7d88-481f-8791-abc7b3dd93d2", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "24ee55e3-697f-482f-8fa8-d05999df40cd", "value": "KONNI" }, @@ -3240,6 +4210,15 @@ "trojan-banker.androidos.svpeng.ae" ] }, + "related": [ + { + "dest-uuid": "426ead34-b3e6-45c7-ba22-5b8f3b8214bd", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "a33df440-f112-4a5e-a290-3c65dae6091d", "value": "Svpeng" }, @@ -3377,6 +4356,15 @@ "https://www.us-cert.gov/ncas/alerts/TA17-318B" ] }, + "related": [ + { + "dest-uuid": "495b6cdb-7b5a-4fbc-8d33-e7ef68806d08", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "0a52e73b-d7e9-45ae-9bda-46568f753931", "value": "Volgmer" }, @@ -3521,6 +4509,15 @@ "https://community.rsa.com/community/products/netwitness/blog/2017/12/08/gratefulpos-credit-card-stealing-malware-just-in-time-for-the-shopping-season" ] }, + "related": [ + { + "dest-uuid": "7d9362e5-e3cf-4640-88a2-3faf31952963", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "4cfe3f22-96b8-4d3d-a6cc-85835d9471e2", "value": "GratefulPOS" }, @@ -3555,6 +4552,15 @@ "Okiru" ] }, + "related": [ + { + "dest-uuid": "e77cf495-632a-4459-aad1-cdf29d73683f", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "1ad4697b-3388-48ed-8621-85abebf5dbbf", "value": "Satori" }, @@ -3595,6 +4601,15 @@ "https://www.welivesecurity.com/2017/12/21/sednit-update-fancy-bear-spent-year/" ] }, + "related": [ + { + "dest-uuid": "af2ad3b7-ab6a-4807-91fd-51bcaff9acbb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "44909efb-7cd3-42e3-b225-9f3e96b5f362", "value": "USBStealer" }, @@ -3605,6 +4620,15 @@ "https://www.welivesecurity.com/2017/12/21/sednit-update-fancy-bear-spent-year/" ] }, + "related": [ + { + "dest-uuid": "08d20cd2-f084-45ee-8558-fa6ef5a18519", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "837a295c-15ff-41c0-9b7e-5f2fb502b00a", "value": "Downdelph" }, @@ -3759,6 +4783,15 @@ "Hydraq" ] }, + "related": [ + { + "dest-uuid": "73a4793a-ce55-4159-b2a6-208ef29b326f", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "70c31066-237a-11e8-8eff-37ef1ad0c703", "value": "Aurora" }, @@ -3875,6 +4908,15 @@ "FE_APT_InfoStealer_Win_CORALDECK_1" ] }, + "related": [ + { + "dest-uuid": "8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "becf81e5-f989-4093-a67d-d55a0483885f", "value": "CORALDECK" }, @@ -3890,6 +4932,15 @@ "APT.Backdoor.Win.DOGCALL" ] }, + "related": [ + { + "dest-uuid": "0852567d-7958-4f4b-8947-4f840ec8d57d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "a5e851b4-e046-43b6-bc6e-c6c008e3c5aa", "value": "DOGCALL" }, @@ -3918,6 +4969,15 @@ "Downloader.APT.HAPPYWORK" ] }, + "related": [ + { + "dest-uuid": "211cfe9f-2676-4e1c-a5f5-2c8091da2a68", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "656cd201-d57a-4a2f-a201-531eb4922a72", "value": "HAPPYWORK" }, @@ -3933,6 +4993,15 @@ "Backdoor.APT.Karae" ] }, + "related": [ + { + "dest-uuid": "3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "70ca8408-bc45-4d39-acd2-9190ba15ea97", "value": "KARAE" }, @@ -3959,6 +5028,15 @@ "Backdoor.APT.POORAIM" ] }, + "related": [ + { + "dest-uuid": "53d47b09-09c2-4015-8d37-6633ecd53f79", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "fe97ace3-9a80-42af-9eae-1f9245927e5d", "value": "POORAIM" }, @@ -3999,6 +5077,15 @@ "APT.Backdoor.SHUTTERSPEED" ] }, + "related": [ + { + "dest-uuid": "4189a679-72ed-4a89-a57c-7f689712ecf8", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "d909efe3-abc3-4be0-9640-e4727542fa2b", "value": "SHUTTERSPEED" }, @@ -4014,6 +5101,15 @@ "APT.Downloader.SLOWDRIFT" ] }, + "related": [ + { + "dest-uuid": "414dc555-c79e-4b24-a2da-9b607f7eaf16", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "e5a9a2ec-348e-4a2f-98dd-16c3e8845576", "value": "SLOWDRIFT" }, @@ -4055,6 +5151,15 @@ "Backdoor.APT.WINERACK" ] }, + "related": [ + { + "dest-uuid": "49abab73-3c5c-476e-afd5-69b5c732d845", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "49025073-4cd3-43b8-b893-e80a1d3adc04", "value": "WINERACK" }, @@ -4431,6 +5536,22 @@ "HALFBAKED" ] }, + "related": [ + { + "dest-uuid": "0ced8926-914e-4c78-bc93-356fb90dbd1f", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "71ac10de-1103-40a7-b65b-f97dab9769bf", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "2815a353-cd56-4ed0-8581-812b94f7a326", "value": "VB Flash" }, @@ -4554,6 +5675,15 @@ "https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/SamSam-The-Almost-Six-Million-Dollar-Ransomware.pdf" ] }, + "related": [ + { + "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "6dd05630-9bd8-11e8-a8b9-47ce338a4367", "value": "PsExec" }, @@ -4578,5 +5708,5 @@ "value": "KEYMARBLE" } ], - "version": 83 + "version": 84 } diff --git a/tools/gen_mapping.py b/tools/gen_mapping.py new file mode 100755 index 0000000..37a7e72 --- /dev/null +++ b/tools/gen_mapping.py @@ -0,0 +1,204 @@ +#!/usr/bin/env python3 +''' +Author: Christophe Vandeplas +License: AGPL v3 + +This builds an automatic mapping between the galaxy clusters of the same type. +The mapping is made by using the synonyms documented in each cluster. + +The output is saved in the cluster files themselves, if a change is done the version number is increased. +(commented out) The output is saved in a file called "mapping_XXX.json". +''' +import json +import os + + +# Some galaxy clusters have overlapping synonyms, while not being of the same type. +# This type_mapping is there to distinguish galaxies based on their type. +# Example: A galaxy of type 'actor' should not map to a galaxy of type 'tool', even if the name/synonym is the same. +type_mapping = { + 'ransomware': 'tool', + # 'mitre-pre-attack-relationship': '', + # 'mitre-enterprise-attack-course-of-action': '', + 'mitre-enterprise-attack-intrusion-set': 'actor', + 'mitre-intrusion-set': 'actor', + 'rat': 'tool', + 'stealer': 'tool', + 'mitre-enterprise-attack-malware': 'tool', + # 'mitre-attack-pattern': '', + # 'mitre-mobile-attack-relationship': '', + # 'mitre-enterprise-attack-attack-pattern': '', + 'microsoft-activity-group': 'actor', + # 'mitre-course-of-action': '', + 'exploit-kit': 'tool', + 'mitre-mobile-attack-tool': 'tool', + 'backdoor': 'tool', + # 'mitre-pre-attack-attack-pattern': '', + 'mitre-mobile-attack-intrusion-set': 'tool', + 'mitre-tool': 'tool', + # 'mitre-mobile-attack-attack-pattern': '', + 'mitre-mobile-attack-malware': 'tool', + 'tool': 'tool', + # 'preventive-measure': '', + # 'sector': '', + 'mitre-malware': 'tool', + 'banker': 'tool', + # 'branded-vulnerability': '', + 'botnet': 'tool', + # 'cert-eu-govsector': '', + 'threat-actor': 'actor', + 'mitre-enterprise-attack-tool': 'tool', + 'android': 'tool', + # 'mitre-mobile-attack-course-of-action': '', + 'mitre-pre-attack-intrusion-set': 'actor', + # 'mitre-enterprise-attack-relationship': '', + 'tds': 'tool' +} + + +def loadjsons(path): + """ + Find all Jsons and load them in a dict + """ + files = [] + data = [] + for name in os.listdir(path): + if os.path.isfile(os.path.join(path, name)) and name.endswith('.json'): + files.append(name) + for jfile in files: + data.append(json.load(open("%s/%s" % (path, jfile)))) + return data + + +def printjson(s): + print(json.dumps(s, sort_keys=True, indent=4, separators=(',', ': '))) + + +def to_tag(t, v): + return 'misp-galaxy:{}="{}"'.format(t, v) + + +def get_cluster_uuid(cluster): + uuid = cluster.get('uuid') + if not uuid: # FIXME are these bugs in the format? - mitre-tool.json + uuid = cluster['meta'].get('uuid') + if not uuid: + print(cluster) + exit("ERROR: missing UUID in cluster") + return uuid + + +if __name__ == '__main__': + path = '../clusters' + jsons = loadjsons(path) + mappings = {} + for k, v in type_mapping.items(): + if v not in mappings: + mappings[v] = [] + + for djson in jsons: + galaxy = djson['type'] + + # ignore the galaxies that are not relevant for us + if galaxy not in type_mapping: + continue + + # process the entries in each cluster + clusters = djson.get('values') + for cluster in clusters: + names = [cluster['value']] + + if 'meta' in cluster and 'synonyms' in cluster['meta']: + names += [s for s in cluster['meta']['synonyms']] + + # check if the entry is already in our mappings dict + seen_once = False + for mapping in mappings[type_mapping[galaxy]]: + seen = False + # name is known, add the synonyms and tags + for name in names: + if name in mapping['names']: + seen = True + seen_once = True + # we have a match in this mapping, add name and synonyms + if seen: + for name in names: + if name not in mapping['names']: + mapping['names'].append(name) + tag = to_tag(galaxy, cluster['value']) + if tag not in mapping['values']: + mapping['values'].append(tag) + uuid = get_cluster_uuid(cluster) + if uuid not in mapping['uuids']: + mapping['uuids'].append(uuid) + + # it's not in any mapping, add it + if not seen_once: + mapping = {} + mapping['names'] = names + mapping['values'] = [to_tag(galaxy, cluster['value'])] + uuid = get_cluster_uuid(cluster) + mapping['uuids'] = [uuid] + mappings[type_mapping[galaxy]].append(mapping) + + # We have our nice mapping. + # Now we only need to add it again in the original files. + for name in os.listdir(path): + # skip files that are not relevant + if not (os.path.isfile(os.path.join(path, name)) and name.endswith('.json')): + continue + + # load json + with open(os.path.join(path, name), 'r') as f_in: + file_json = json.load(f_in) + galaxy = file_json['type'] + + # ignore the galaxies that are not relevant for us + if galaxy not in type_mapping: + continue + + changed = False + for cluster in file_json['values']: + for mapping in mappings[type_mapping[galaxy]]: + cluster_uuid = get_cluster_uuid(cluster) + if cluster_uuid not in mapping['uuids']: + continue + # uuid is in the mappings + for uuid in mapping['uuids']: + # skip self + if uuid == cluster_uuid: + continue + # skip existing entries + if 'related' in cluster: + if any(v['dest-uuid'] == uuid for v in cluster['related']): + continue + # initialize array + if 'related' not in cluster: + cluster['related'] = [] + # automated things are set to likely + # manual validation can upgrade to very-likely or almost-certain + cluster['related'].append({"dest-uuid": uuid, + "type": "similar", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ] + }) + changed = True + if changed: + file_json['version'] += 1 + + # save result to the original file + with open(os.path.join(path, name), 'w') as f_out: + json.dump(file_json, f_out, indent=2, sort_keys=True, ensure_ascii=False) + + print("Updated file {}".format(name)) + print("All done, please don't forget to ./validate_all.sh and ./jq_all_the_things.sh") + + # # simply dump the mapping_json to files. This is not really needed anymore + # for galaxy_type, vals in mappings.items(): + # for mapping in vals: + # mapping['names'].sort() + # mapping['values'].sort() + # with open('mapping_{}.json'.format(galaxy_type), 'w') as f: + # json.dump(vals, f, sort_keys=True, indent=4, separators=(',', ': ')) + # print("File saved as mapping_{}.json".format(galaxy_type))