From c51ba2e86853b690ab4431bd4c41bc243a63b9e4 Mon Sep 17 00:00:00 2001 From: Christophe Vandeplas Date: Wed, 17 Oct 2018 08:08:58 +0200 Subject: [PATCH] chg: MITRE relationships included in the respective cluster. --- ...re-enterprise-attack-course-of-action.json | 1939 ++++++++++++++++- ...mitre-enterprise-attack-intrusion-set.json | 449 +++- clusters/mitre-enterprise-attack-malware.json | 1472 ++++++++++++- clusters/mitre-enterprise-attack-tool.json | 391 +++- .../mitre-mobile-attack-course-of-action.json | 130 +- clusters/mitre-mobile-attack-malware.json | 299 ++- clusters/mitre-mobile-attack-tool.json | 11 +- clusters/mitre-pre-attack-attack-pattern.json | 301 ++- clusters/mitre-pre-attack-intrusion-set.json | 55 +- ...e-enterprise-attack-relationship_galaxy.py | 102 - ...mitre-mobile-attack-relationship_galaxy.py | 101 - ...te_mitre-pre-attack-relationship_galaxy.py | 102 - .../v2.0/create_mitre_relationships.py | 97 + 13 files changed, 5126 insertions(+), 323 deletions(-) delete mode 100644 tools/mitre-cti/v2.0/create_mitre-enterprise-attack-relationship_galaxy.py delete mode 100644 tools/mitre-cti/v2.0/create_mitre-mobile-attack-relationship_galaxy.py delete mode 100644 tools/mitre-cti/v2.0/create_mitre-pre-attack-relationship_galaxy.py create mode 100755 tools/mitre-cti/v2.0/create_mitre_relationships.py diff --git a/clusters/mitre-enterprise-attack-course-of-action.json b/clusters/mitre-enterprise-attack-course-of-action.json index 7bb5c69..4c29ae1 100644 --- a/clusters/mitre-enterprise-attack-course-of-action.json +++ b/clusters/mitre-enterprise-attack-course-of-action.json @@ -13,6 +13,15 @@ "meta": { "external_id": "T1122" }, + "related": [ + { + "dest-uuid": "9b52fca7-1a36-4da0-b62d-da5bd83b4d69", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "ff5d862a-ae6b-4833-8c15-e235d654d28e", "value": "Component Object Model Hijacking Mitigation - T1122" }, @@ -21,6 +30,15 @@ "meta": { "external_id": "T1041" }, + "related": [ + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "92c28497-2820-445e-9f3e-a03dd77dc0c8", "value": "Exfiltration Over Command and Control Channel Mitigation - T1041" }, @@ -29,6 +47,15 @@ "meta": { "external_id": "T1055" }, + "related": [ + { + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "74febc44-8955-4e4d-aca0-d4dad2f967d7", "value": "Process Injection Mitigation - T1055" }, @@ -37,6 +64,15 @@ "meta": { "external_id": "T1088" }, + "related": [ + { + "dest-uuid": "ca1a3f50-5ebd-41f8-8320-2c7d6a6e88be", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "beb45abb-11e8-4aef-9778-1f9ac249784f", "value": "Bypass User Account Control Mitigation - T1088" }, @@ -45,6 +81,15 @@ "meta": { "external_id": "T1059" }, + "related": [ + { + "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "f28a20fd-d173-4603-807e-2cb3f51bdf04", "value": "Command-Line Interface Mitigation - T1059" }, @@ -53,6 +98,15 @@ "meta": { "external_id": "T1038" }, + "related": [ + { + "dest-uuid": "46944654-fcc1-4f63-9dad-628102376586", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "96913243-2b5e-4483-a65c-bb152ddd2f04", "value": "DLL Search Order Hijacking Mitigation - T1038" }, @@ -61,6 +115,15 @@ "meta": { "external_id": "T1065" }, + "related": [ + { + "dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "a0d8db1d-a731-4428-8209-c07175f4b1fe", "value": "Uncommonly Used Port Mitigation - T1065" }, @@ -69,6 +132,15 @@ "meta": { "external_id": "T1135" }, + "related": [ + { + "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "1f34230d-b6ae-4dc7-8599-78c18820bd21", "value": "Network Share Discovery Mitigation - T1135" }, @@ -77,6 +149,15 @@ "meta": { "external_id": "T1121" }, + "related": [ + { + "dest-uuid": "215190a9-9f02-4e83-bb5f-e0589965a302", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "a90da496-b460-47e8-92e7-cc36eb00bd9a", "value": "Regsvcs/Regasm Mitigation - T1121" }, @@ -85,6 +166,15 @@ "meta": { "external_id": "T1017" }, + "related": [ + { + "dest-uuid": "327f3cc5-eea1-42d4-a6cd-ed34b7ce8f61", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "c88151a5-fe3f-4773-8147-d801587065a4", "value": "Application Deployment Software Mitigation - T1017" }, @@ -93,6 +183,15 @@ "meta": { "external_id": "T1043" }, + "related": [ + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "7c1796c7-9fc3-4c3e-9416-527295bf5d95", "value": "Commonly Used Port Mitigation - T1043" }, @@ -101,6 +200,15 @@ "meta": { "external_id": "T1047" }, + "related": [ + { + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "ba2ec548-fb75-4b8c-88d6-d91a77a943cf", "value": "Windows Management Instrumentation Mitigation - T1047" }, @@ -109,6 +217,15 @@ "meta": { "external_id": "T1179" }, + "related": [ + { + "dest-uuid": "66f73398-8394-4711-85e5-34c8540b22a5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "7aee8ea0-0baa-4232-b379-5d9ce98352cf", "value": "Hooking Mitigation - T1179" }, @@ -117,6 +234,15 @@ "meta": { "external_id": "T1169" }, + "related": [ + { + "dest-uuid": "9e80ddfb-ce32-4961-a778-ca6a10cfae72", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "23bff3ce-021c-4e7a-9aee-60fd40bc7c6c", "value": "Sudo Mitigation - T1169" }, @@ -125,6 +251,15 @@ "meta": { "external_id": "T1175" }, + "related": [ + { + "dest-uuid": "772bc7a8-a157-42cc-8728-d648e25c7fe7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "910482b1-6749-4934-abcb-3e34d58294fc", "value": "Distributed Component Object Model Mitigation - T1175" }, @@ -133,6 +268,15 @@ "meta": { "external_id": "T1034" }, + "related": [ + { + "dest-uuid": "c4ad009b-6e13-4419-8d21-918a1652de02", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "e0703d4f-3972-424a-8277-84004817e024", "value": "Path Interception Mitigation - T1034" }, @@ -141,6 +285,15 @@ "meta": { "external_id": "T1061" }, + "related": [ + { + "dest-uuid": "a6525aec-acc4-47fe-92f9-b9b4de4b9228", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "aaa92b37-f96c-4a0a-859c-b1cb6faeb13d", "value": "Graphical User Interface Mitigation - T1061" }, @@ -149,6 +302,15 @@ "meta": { "external_id": "T1096" }, + "related": [ + { + "dest-uuid": "f2d44246-91f1-478a-b6c8-1227e0ca109d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "ac008435-af58-4f77-988a-c9b96c5920f5", "value": "NTFS File Attributes Mitigation - T1096" }, @@ -157,6 +319,15 @@ "meta": { "external_id": "T1066" }, + "related": [ + { + "dest-uuid": "00d0b012-8a03-410e-95de-5826bf542de6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "4b998a71-7b8f-4dcc-8f3f-277f2e740271", "value": "Indicator Removal from Tools Mitigation - T1066" }, @@ -165,6 +336,15 @@ "meta": { "external_id": "T1164" }, + "related": [ + { + "dest-uuid": "6a3be63a-64c5-4678-a036-03ff8fc35300", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "61d02387-351a-453e-a575-160a9abc3e04", "value": "Re-opened Applications Mitigation - T1164" }, @@ -173,6 +353,15 @@ "meta": { "external_id": "T1159" }, + "related": [ + { + "dest-uuid": "dd901512-6e37-4155-943b-453e3777b125", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "121b2863-5b97-4538-acb3-f8aae070ec13", "value": "Launch Agent Mitigation - T1159" }, @@ -181,6 +370,15 @@ "meta": { "external_id": "T1144" }, + "related": [ + { + "dest-uuid": "6fb6408c-0db3-41d9-a3a1-a32e5f16454e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "1a7f5bd3-f6ee-4bd7-b949-2f3632ad6158", "value": "Gatekeeper Bypass Mitigation - T1144" }, @@ -189,6 +387,15 @@ "meta": { "external_id": "T1198" }, + "related": [ + { + "dest-uuid": "72b5ef57-325c-411b-93ca-a3ca6fa17e31", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "ef273807-c465-4728-9cee-5823422f42ee", "value": "SIP and Trust Provider Hijacking Mitigation - T1198" }, @@ -197,6 +404,15 @@ "meta": { "external_id": "T1115" }, + "related": [ + { + "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "19edfa02-1a5f-47e4-ad82-3288f57f64cf", "value": "Clipboard Data Mitigation - T1115" }, @@ -205,6 +421,15 @@ "meta": { "external_id": "T1027" }, + "related": [ + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "a09375e5-63d2-4b65-8b0d-1cfe3e6304ca", "value": "Obfuscated Files or Information Mitigation - T1027" }, @@ -213,6 +438,15 @@ "meta": { "external_id": "T1136" }, + "related": [ + { + "dest-uuid": "e01be9c5-e763-4caf-aeb7-000b416aef67", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "9a5b7194-88e0-4579-b82f-e3c27b8cca80", "value": "Create Account Mitigation - T1136" }, @@ -221,6 +455,15 @@ "meta": { "external_id": "T1192" }, + "related": [ + { + "dest-uuid": "20138b9d-1aac-4a26-8654-a36b6bbf2bba", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "ad7f983d-d5a8-4fce-a38c-b68eda61bf4e", "value": "Spearphishing Link Mitigation - T1192" }, @@ -229,6 +472,15 @@ "meta": { "external_id": "T1194" }, + "related": [ + { + "dest-uuid": "d3df754e-997b-4cf9-97d4-70feb3120847", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "c861bcb1-946f-450d-ab75-d4e3c1103a56", "value": "Spearphishing via Service Mitigation - T1194" }, @@ -237,6 +489,15 @@ "meta": { "external_id": "T1060" }, + "related": [ + { + "dest-uuid": "9422fc14-1c43-410d-ab0f-a709b76c72dc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "8b36d944-f274-4d46-9acd-dbba6927ce7a", "value": "Registry Run Keys / Start Folder Mitigation - T1060" }, @@ -245,6 +506,15 @@ "meta": { "external_id": "T1104" }, + "related": [ + { + "dest-uuid": "84e02621-8fdf-470f-bd58-993bb6a89d91", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "514e7371-a344-4de7-8ec3-3aa42b801d52", "value": "Multi-Stage Channels Mitigation - T1104" }, @@ -253,6 +523,15 @@ "meta": { "external_id": "T1074" }, + "related": [ + { + "dest-uuid": "7dd95ff6-712e-4056-9626-312ea4ab4c5e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "4320b080-9ae9-4541-9b8b-bcd0961dbbbd", "value": "Data Staged Mitigation - T1074" }, @@ -261,6 +540,15 @@ "meta": { "external_id": "T1160" }, + "related": [ + { + "dest-uuid": "e99ec083-abdd-48de-ad87-4dbf6f8ba2a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "402e92cd-5608-4f4b-9a34-a2c962e4bcd7", "value": "Launch Daemon Mitigation - T1160" }, @@ -269,6 +557,15 @@ "meta": { "external_id": "T1025" }, + "related": [ + { + "dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "39706d54-0d06-4a25-816a-78cc43455100", "value": "Data from Removable Media Mitigation - T1025" }, @@ -277,6 +574,15 @@ "meta": { "external_id": "T1147" }, + "related": [ + { + "dest-uuid": "ce73ea43-8e77-47ba-9c11-5e9c9c58b9ff", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "12cba7de-0a22-4a56-b51e-c514c67c3b43", "value": "Hidden Users Mitigation - T1147" }, @@ -285,6 +591,15 @@ "meta": { "external_id": "T1216" }, + "related": [ + { + "dest-uuid": "f6fe9070-7a65-49ea-ae72-76292f42cebe", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "51048ba0-a5aa-41e7-bf5d-993cd217dfb2", "value": "Signed Script Proxy Execution Mitigation - T1216" }, @@ -293,6 +608,15 @@ "meta": { "external_id": "T1039" }, + "related": [ + { + "dest-uuid": "ae676644-d2d2-41b7-af7e-9bed1b55898c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "d9727aee-48b8-4fdb-89e2-4c49746ba4dd", "value": "Data from Network Shared Drive Mitigation - T1039" }, @@ -301,6 +625,15 @@ "meta": { "external_id": "T1157" }, + "related": [ + { + "dest-uuid": "aa8bfbc9-78dc-41a4-a03b-7453e0fdccda", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "dc43c2fe-355e-4a79-9570-3267b0992784", "value": "Dylib Hijacking Mitigation - T1157" }, @@ -309,6 +642,15 @@ "meta": { "external_id": "T1098" }, + "related": [ + { + "dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "fdb1ae84-7b00-4d3d-b7dc-c774beef6425", "value": "Account Manipulation Mitigation - T1098" }, @@ -317,6 +659,15 @@ "meta": { "external_id": "T1086" }, + "related": [ + { + "dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "d0415180-51e9-40ce-b57c-c332b0b441f2", "value": "PowerShell Mitigation - T1086" }, @@ -325,6 +676,15 @@ "meta": { "external_id": "T1187" }, + "related": [ + { + "dest-uuid": "b77cf5f3-6060-475d-bd60-40ccbf28fdc2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "7009ba4d-83d4-4851-9fbb-e09e28497765", "value": "Forced Authentication Mitigation - T1187" }, @@ -333,6 +693,15 @@ "meta": { "external_id": "T1082" }, + "related": [ + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "c620e3a1-fff5-424f-abea-d2b0f3616f67", "value": "System Information Discovery Mitigation - T1082" }, @@ -341,6 +710,15 @@ "meta": { "external_id": "T1211" }, + "related": [ + { + "dest-uuid": "fe926152-f431-4baf-956c-4ad3cb0bf23b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "37a3f3f5-76e6-43fe-b935-f1f494c95725", "value": "Exploitation for Defense Evasion Mitigation - T1211" }, @@ -349,6 +727,15 @@ "meta": { "external_id": "T1004" }, + "related": [ + { + "dest-uuid": "514ede4c-78b3-4d78-a38b-daddf6217a79", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "313c8b20-4d49-40c1-9ac0-4c573aca28f3", "value": "Winlogon Helper DLL Mitigation - T1004" }, @@ -357,6 +744,15 @@ "meta": { "external_id": "T1174" }, + "related": [ + { + "dest-uuid": "b8c5c9dd-a662-479d-9428-ae745872537c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "00d7d21b-69d6-4797-88a2-c86f3fc97651", "value": "Password Filter DLL Mitigation - T1174" }, @@ -365,6 +761,15 @@ "meta": { "external_id": "T1128" }, + "related": [ + { + "dest-uuid": "bb0e0cb5-f3e4-4118-a4cb-6bf13bfbc9f2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "624d063d-cda8-4616-b4e4-54c04e427aec", "value": "Netsh Helper DLL Mitigation - T1128" }, @@ -373,6 +778,15 @@ "meta": { "external_id": "T1126" }, + "related": [ + { + "dest-uuid": "e7eab98d-ae11-4491-bd28-a53ba875865a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "94e95eeb-7cdb-4bd7-afba-f32fda303dbb", "value": "Network Share Connection Removal Mitigation - T1126" }, @@ -381,6 +795,15 @@ "meta": { "external_id": "T1090" }, + "related": [ + { + "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "d75a3d1b-b536-4f15-a23c-f4bcc17837b8", "value": "Connection Proxy Mitigation - T1090" }, @@ -389,6 +812,15 @@ "meta": { "external_id": "T1201" }, + "related": [ + { + "dest-uuid": "b6075259-dba3-44e9-87c7-e954f37ec0d5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "49961e75-b493-423a-9ec7-ac2d6f55384a", "value": "Password Policy Discovery Mitigation - T1201" }, @@ -397,6 +829,15 @@ "meta": { "external_id": "T1217" }, + "related": [ + { + "dest-uuid": "5e4a2073-9643-44cb-a0b5-e7f4048446c7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "1c0b39f9-a0c5-42b2-abd8-dc8f1eb74e67", "value": "Browser Bookmark Discovery Mitigation - T1217" }, @@ -405,6 +846,15 @@ "meta": { "external_id": "T1209" }, + "related": [ + { + "dest-uuid": "dce31a00-1e90-4655-b0f9-e2e71a748a87", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "a1482e43-f3ff-4fbd-94de-ad1244738166", "value": "Time Providers Mitigation - T1209" }, @@ -413,6 +863,15 @@ "meta": { "external_id": "T1010" }, + "related": [ + { + "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "25d5e1d8-c6fb-4735-bc57-115a21222f4b", "value": "Application Window Discovery Mitigation - T1010" }, @@ -421,6 +880,15 @@ "meta": { "external_id": "T1133" }, + "related": [ + { + "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "d4fd04e0-d1a4-4b5a-a5bb-16683cdbcce2", "value": "External Remote Services Mitigation - T1133" }, @@ -429,6 +897,15 @@ "meta": { "external_id": "T1075" }, + "related": [ + { + "dest-uuid": "c23b740b-a42b-47a1-aec2-9d48ddd547ff", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "bcee7b05-89a6-41a5-b7aa-fce4da7ede9e", "value": "Pass the Hash Mitigation - T1075" }, @@ -437,6 +914,15 @@ "meta": { "external_id": "T1087" }, + "related": [ + { + "dest-uuid": "72b74d71-8169-42aa-92e0-e7b04b9f5a08", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "5c49bc54-9929-48ca-b581-7018219b5a97", "value": "Account Discovery Mitigation - T1087" }, @@ -445,6 +931,15 @@ "meta": { "external_id": "T1127" }, + "related": [ + { + "dest-uuid": "ff25900d-76d5-449b-a351-8824e62fc81b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "823fbfe9-b015-4bf3-9e67-d340c7373ca0", "value": "Trusted Developer Utilities Mitigation - T1127" }, @@ -453,6 +948,15 @@ "meta": { "external_id": "T1097" }, + "related": [ + { + "dest-uuid": "a257ed11-ff3b-4216-8c9d-3938ef57064c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "3a476d83-43eb-4fad-9b75-b1febd834e3d", "value": "Pass the Ticket Mitigation - T1097" }, @@ -461,6 +965,15 @@ "meta": { "external_id": "T1033" }, + "related": [ + { + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "16f144e4-c780-4ed2-98b4-55d14e2dfa44", "value": "System Owner/User Discovery Mitigation - T1033" }, @@ -469,6 +982,15 @@ "meta": { "external_id": "T1003" }, + "related": [ + { + "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "aeff5887-8f9e-48d5-a523-9b395e2ce80a", "value": "Credential Dumping Mitigation - T1003" }, @@ -477,6 +999,15 @@ "meta": { "external_id": "T1117" }, + "related": [ + { + "dest-uuid": "68f7e3a1-f09f-4164-9a62-16b648a0dd5a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "12c13879-b7bd-4bc5-8def-aacec386d432", "value": "Regsvr32 Mitigation - T1117" }, @@ -485,6 +1016,15 @@ "meta": { "external_id": "T1093" }, + "related": [ + { + "dest-uuid": "1c338d0f-a65e-4073-a5c1-c06878849f21", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "7c39ebbf-244e-4d1c-b0ac-b282453ece43", "value": "Process Hollowing Mitigation - T1093" }, @@ -493,6 +1033,15 @@ "meta": { "external_id": "T1149" }, + "related": [ + { + "dest-uuid": "a0a189c8-d3bd-4991-bf6f-153d185ee373", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "6e7db820-9735-4545-bc64-039bc4ce354b", "value": "LC_MAIN Hijacking Mitigation - T1149" }, @@ -501,6 +1050,15 @@ "meta": { "external_id": "T1178" }, + "related": [ + { + "dest-uuid": "1df0326d-2fbc-4d08-a16b-48365f1e742d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "b91c2f9e-c1a0-44df-95f0-9e7c9d1d5e55", "value": "SID-History Injection Mitigation - T1178" }, @@ -509,6 +1067,15 @@ "meta": { "external_id": "T1165" }, + "related": [ + { + "dest-uuid": "2ba5aa71-9d15-4b22-b726-56af06d9ad2f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "94927849-03e3-4a07-8f4c-9ee21b626719", "value": "Startup Items Mitigation - T1165" }, @@ -517,6 +1084,15 @@ "meta": { "external_id": "T1106" }, + "related": [ + { + "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "56db6ccc-433d-4411-8383-c3fd7053e2c8", "value": "Execution through API Mitigation - T1106" }, @@ -525,6 +1101,15 @@ "meta": { "external_id": "T1080" }, + "related": [ + { + "dest-uuid": "246fd3c7-f5e3-466d-8787-4c13d9e3b61c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "f0a42cad-9b1f-44da-a672-718f18381018", "value": "Taint Shared Content Mitigation - T1080" }, @@ -533,6 +1118,15 @@ "meta": { "external_id": "T1108" }, + "related": [ + { + "dest-uuid": "6aabc5ec-eae6-422c-8311-38d45ee9838a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "f9b3e5d9-7454-4b7d-bce6-27620e19924e", "value": "Redundant Access Mitigation - T1108" }, @@ -541,6 +1135,15 @@ "meta": { "external_id": "T1172" }, + "related": [ + { + "dest-uuid": "1ce03c65-5946-4ac9-9d4d-66db87e024bd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "62ae52c9-7197-4f5b-be1d-10d2e1df2c96", "value": "Domain Fronting Mitigation - T1172" }, @@ -549,6 +1152,15 @@ "meta": { "external_id": "T1193" }, + "related": [ + { + "dest-uuid": "6aac77c4-eaf2-4366-8c13-ce50ab951f38", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "8f6b5ca6-263a-4ea9-98f3-afd2a3cd8119", "value": "Spearphishing Attachment Mitigation - T1193" }, @@ -557,6 +1169,15 @@ "meta": { "external_id": "T1123" }, + "related": [ + { + "dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "16dd03c6-0dfb-4d77-89cd-9ff3ee6e533d", "value": "Audio Capture Mitigation - T1123" }, @@ -565,6 +1186,15 @@ "meta": { "external_id": "T1050" }, + "related": [ + { + "dest-uuid": "478aa214-2ca7-4ec0-9978-18798e514790", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "b7b2c89c-09c1-4b71-ae7c-000ec2893aab", "value": "New Service Mitigation - T1050" }, @@ -573,6 +1203,15 @@ "meta": { "external_id": "T1191" }, + "related": [ + { + "dest-uuid": "7d6f590f-544b-45b4-9a42-e0805f342af3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "91816292-3686-4a6e-83c4-4c08513b9b57", "value": "CMSTP Mitigation - T1191" }, @@ -581,6 +1220,15 @@ "meta": { "external_id": "T1064" }, + "related": [ + { + "dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "57019a80-8523-46b6-be7d-f763a15a2cc6", "value": "Scripting Mitigation - T1064" }, @@ -589,6 +1237,15 @@ "meta": { "external_id": "T1150" }, + "related": [ + { + "dest-uuid": "06780952-177c-4247-b978-79c357fb311f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "2d704e56-e689-4011-b989-bf4e025a8727", "value": "Plist Modification Mitigation - T1150" }, @@ -597,6 +1254,15 @@ "meta": { "external_id": "T1085" }, + "related": [ + { + "dest-uuid": "62b8c999-dcc0-4755-bd69-09442d9359f5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "8c918d8a-11c5-4ffd-af10-e74bc06bdfae", "value": "Rundll32 Mitigation - T1085" }, @@ -605,6 +1271,15 @@ "meta": { "external_id": "T1214" }, + "related": [ + { + "dest-uuid": "2edd9d6a-5674-4326-a600-ba56de467286", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "4490fee2-5c70-4db3-8db5-8d88767dbd55", "value": "Credentials in Registry Mitigation - T1214" }, @@ -613,6 +1288,15 @@ "meta": { "external_id": "T1188" }, + "related": [ + { + "dest-uuid": "7d751199-05fa-4a72-920f-85df4506c76c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "752db800-ea54-4e7a-b4c1-2a0292350ea7", "value": "Multi-hop Proxy Mitigation - T1188" }, @@ -621,6 +1305,15 @@ "meta": { "external_id": "T1008" }, + "related": [ + { + "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "515f6584-fa98-44fe-a4e8-e428c7188514", "value": "Fallback Channels Mitigation - T1008" }, @@ -629,6 +1322,15 @@ "meta": { "external_id": "T1203" }, + "related": [ + { + "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "f2dcee22-c275-405e-87fd-48630a19dfba", "value": "Exploitation for Client Execution Mitigation - T1203" }, @@ -637,6 +1339,15 @@ "meta": { "external_id": "T1007" }, + "related": [ + { + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "d8787791-d22e-45bb-a9a8-251d8d0a1ff2", "value": "System Service Discovery Mitigation - T1007" }, @@ -645,6 +1356,15 @@ "meta": { "external_id": "T1070" }, + "related": [ + { + "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "6cac62ce-550b-4793-8ee6-6a1b8836edb0", "value": "Indicator Removal on Host Mitigation - T1070" }, @@ -653,6 +1373,15 @@ "meta": { "external_id": "T1058" }, + "related": [ + { + "dest-uuid": "39a130e1-6ab7-434a-8bd2-418e7d9d6427", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "9378f139-10ef-4e4b-b679-2255a0818902", "value": "Service Registry Permissions Weakness Mitigation - T1058" }, @@ -661,6 +1390,15 @@ "meta": { "external_id": "T1208" }, + "related": [ + { + "dest-uuid": "b39d03cb-7b98-41c4-a878-c40c1a913dc0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "a3e12b04-8598-4909-8855-2c97c1e7d549", "value": "Kerberoasting Mitigation - T1208" }, @@ -669,6 +1407,15 @@ "meta": { "external_id": "T1099" }, + "related": [ + { + "dest-uuid": "128c55d3-aeba-469f-bd3e-c8996ab4112a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "5c167af7-c2cb-42c8-ae67-3fb275bf8488", "value": "Timestomp Mitigation - T1099" }, @@ -677,6 +1424,15 @@ "meta": { "external_id": "T1016" }, + "related": [ + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "684feec3-f9ba-4049-9d8f-52d52f3e0e40", "value": "System Network Configuration Discovery Mitigation - T1016" }, @@ -685,6 +1441,15 @@ "meta": { "external_id": "T1129" }, + "related": [ + { + "dest-uuid": "0a5231ec-41af-4a35-83d0-6bdf11f28c65", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "cfd2cd3b-93e7-4b3e-ab46-f8bcafdbdfcf", "value": "Execution through Module Load Mitigation - T1129" }, @@ -693,6 +1458,15 @@ "meta": { "external_id": "T1051" }, + "related": [ + { + "dest-uuid": "804c042c-cfe6-449e-bc1a-ba0a998a70db", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "43b366a4-b5ff-4d4e-8a3b-f09a9d2faff5", "value": "Shared Webroot Mitigation - T1051" }, @@ -701,6 +1475,15 @@ "meta": { "external_id": "T1053" }, + "related": [ + { + "dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "f2cb6ce2-188d-4162-8feb-594f949b13dd", "value": "Scheduled Task Mitigation - T1053" }, @@ -709,6 +1492,15 @@ "meta": { "external_id": "T1009" }, + "related": [ + { + "dest-uuid": "519630c5-f03f-4882-825c-3af924935817", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "16a8ac85-a06f-460f-ad22-910167bd7332", "value": "Binary Padding Mitigation - T1009" }, @@ -717,6 +1509,15 @@ "meta": { "external_id": "T1040" }, + "related": [ + { + "dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "46b7ef91-4e1d-43c5-a2eb-00fa9444f6f4", "value": "Network Sniffing Mitigation - T1040" }, @@ -725,6 +1526,15 @@ "meta": { "external_id": "T1022" }, + "related": [ + { + "dest-uuid": "d54416bd-0803-41ca-870a-ce1af7c05638", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "2a8de25c-f743-4348-b101-3ee33ab5871b", "value": "Data Encrypted Mitigation - T1022" }, @@ -733,6 +1543,15 @@ "meta": { "external_id": "T1032" }, + "related": [ + { + "dest-uuid": "4b74a1d4-b0e9-4ef1-93f1-14ecc6e2f5b5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "a766ce73-5583-48f3-b7c0-0bb43c6ef8c7", "value": "Standard Cryptographic Protocol Mitigation - T1032" }, @@ -741,6 +1560,15 @@ "meta": { "external_id": "T1079" }, + "related": [ + { + "dest-uuid": "428ca9f8-0e33-442a-be87-f869cb4cf73e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "24478001-2eb3-4b06-a02e-96b3d61d27ec", "value": "Multilayer Encryption Mitigation - T1079" }, @@ -749,6 +1577,15 @@ "meta": { "external_id": "T1036" }, + "related": [ + { + "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "45e7f570-6a0b-4095-bf02-4bca05da6bae", "value": "Masquerading Mitigation - T1036" }, @@ -757,6 +1594,15 @@ "meta": { "external_id": "T1006" }, + "related": [ + { + "dest-uuid": "0c8ab3eb-df48-4b9c-ace7-beacaac81cc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "902286b2-96cc-4dd7-931f-e7340c9961da", "value": "File System Logical Offsets Mitigation - T1006" }, @@ -765,6 +1611,15 @@ "meta": { "external_id": "T1021" }, + "related": [ + { + "dest-uuid": "54a649ff-439a-41a4-9856-8d144a2551ba", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "979e6485-7a2f-42bd-ae96-4e622c3cd173", "value": "Remote Services Mitigation - T1021" }, @@ -773,6 +1628,15 @@ "meta": { "external_id": "T1107" }, + "related": [ + { + "dest-uuid": "56fca983-1cf1-4fd1-bda0-5e170a37ab59", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "34efb2fd-4dc2-40d4-a564-0c147c85034d", "value": "File Deletion Mitigation - T1107" }, @@ -781,6 +1645,15 @@ "meta": { "external_id": "T1002" }, + "related": [ + { + "dest-uuid": "b9f5dbe2-4c55-4fc5-af2e-d42c1d182ec4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "28adf6fd-ab6c-4553-9aa7-cef18a191f33", "value": "Data Compressed Mitigation - T1002" }, @@ -789,6 +1662,15 @@ "meta": { "external_id": "T1155" }, + "related": [ + { + "dest-uuid": "5ad95aaa-49c1-4784-821d-2e83f47b079b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "1e4ef2c7-ee96-4484-9baa-3b5777561301", "value": "AppleScript Mitigation - T1155" }, @@ -797,6 +1679,15 @@ "meta": { "external_id": "T1170" }, + "related": [ + { + "dest-uuid": "a127c32c-cbb0-4f9d-be07-881a792408ec", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "d2dce10b-3562-4d61-b2f5-7c6384b038e2", "value": "Mshta Mitigation - T1170" }, @@ -805,6 +1696,15 @@ "meta": { "external_id": "T1131" }, + "related": [ + { + "dest-uuid": "52d40641-c480-4ad5-81a3-c80ccaddf82d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "943d370b-2054-44df-8be2-ab4139bde1c5", "value": "Authentication Package Mitigation - T1131" }, @@ -813,6 +1713,15 @@ "meta": { "external_id": "T1218" }, + "related": [ + { + "dest-uuid": "457c7820-d331-465a-915e-42f85500ccc4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "28c0f30c-32c3-4c6c-a474-74820e55854f", "value": "Signed Binary Proxy Execution Mitigation - T1218" }, @@ -821,6 +1730,15 @@ "meta": { "external_id": "T1139" }, + "related": [ + { + "dest-uuid": "44dca04b-808d-46ca-b25f-d85236d4b9f8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "ace4daee-f914-4707-be75-843f16da2edf", "value": "Bash History Mitigation - T1139" }, @@ -829,6 +1747,15 @@ "meta": { "external_id": "T1013" }, + "related": [ + { + "dest-uuid": "1f47e2fd-fa77-4f2f-88ee-e85df308f125", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "1c6bc7f3-d517-4971-aed4-8f939090846b", "value": "Port Monitors Mitigation - T1013" }, @@ -837,6 +1764,15 @@ "meta": { "external_id": "T1183" }, + "related": [ + { + "dest-uuid": "62166220-e498-410f-a90a-19d4339d4e99", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "33f76731-b840-446f-bee0-53687dad24d9", "value": "Image File Execution Options Injection Mitigation - T1183" }, @@ -845,6 +1781,15 @@ "meta": { "external_id": "T1204" }, + "related": [ + { + "dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "548bf7ad-e19c-4d74-84bf-84ac4e57f505", "value": "User Execution Mitigation - T1204" }, @@ -853,6 +1798,15 @@ "meta": { "external_id": "T1161" }, + "related": [ + { + "dest-uuid": "04ef4356-8926-45e2-9441-634b6f3dcecb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "77fd4d73-6b79-4593-82e7-e4a439cc7604", "value": "LC_LOAD_DYLIB Addition Mitigation - T1161" }, @@ -861,6 +1815,15 @@ "meta": { "external_id": "T1185" }, + "related": [ + { + "dest-uuid": "544b0346-29ad-41e1-a808-501bb4193f47", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "94f6b4f5-b528-4f50-91d5-f66457c2f8f7", "value": "Man in the Browser Mitigation - T1185" }, @@ -869,6 +1832,15 @@ "meta": { "external_id": "T1180" }, + "related": [ + { + "dest-uuid": "2892b9ee-ca9f-4723-b332-0dc6e843a8ae", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "9da16278-c6c5-4410-8a6b-9c16ce8005b3", "value": "Screensaver Mitigation - T1180" }, @@ -877,6 +1849,15 @@ "meta": { "external_id": "T1015" }, + "related": [ + { + "dest-uuid": "9b99b83a-1aac-4e29-b975-b374950551a3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "c085476e-1964-4d7f-86e1-d8657a7741e8", "value": "Accessibility Features Mitigation - T1015" }, @@ -885,6 +1866,15 @@ "meta": { "external_id": "T1067" }, + "related": [ + { + "dest-uuid": "02fefddc-fb1b-423f-a76b-7552dd211d4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "96150c35-466f-4f0a-97a9-ae87ee27f751", "value": "Bootkit Mitigation - T1067" }, @@ -893,6 +1883,15 @@ "meta": { "external_id": "T1078" }, + "related": [ + { + "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "d45f03a8-790a-4f90-b956-cd7e5b8886bf", "value": "Valid Accounts Mitigation - T1078" }, @@ -901,6 +1900,15 @@ "meta": { "external_id": "T1176" }, + "related": [ + { + "dest-uuid": "389735f1-f21c-4208-b8f0-f8031e7169b8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "b52f41b9-ccf6-4da7-a6c0-167eeb71fbd8", "value": "Browser Extensions Mitigation - T1176" }, @@ -909,6 +1917,15 @@ "meta": { "external_id": "T1089" }, + "related": [ + { + "dest-uuid": "2e0dd10b-676d-4964-acd0-8a404c92b044", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "388606d3-f38f-45bf-885d-a9dc9df3c8a8", "value": "Disabling Security Tools Mitigation - T1089" }, @@ -917,6 +1934,15 @@ "meta": { "external_id": "T1012" }, + "related": [ + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "0640214c-95af-4c04-a574-2a1ba6dda00b", "value": "Query Registry Mitigation - T1012" }, @@ -925,6 +1951,15 @@ "meta": { "external_id": "T1156" }, + "related": [ + { + "dest-uuid": "01df3350-ce05-4bdf-bdf8-0a919a66d4a8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "4f170666-7edb-4489-85c2-9affa28a72e0", "value": ".bash_profile and .bashrc Mitigation - T1156" }, @@ -933,6 +1968,15 @@ "meta": { "external_id": "T1019" }, + "related": [ + { + "dest-uuid": "6856ddd6-2df3-4379-8b87-284603c189c3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "25e53928-6f33-49b7-baee-8180578286f6", "value": "System Firmware Mitigation - T1019" }, @@ -941,6 +1985,15 @@ "meta": { "external_id": "T1026" }, + "related": [ + { + "dest-uuid": "99709758-2b96-48f2-a68a-ad7fbd828091", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "da987565-27b6-4b31-bbcd-74b909847116", "value": "Multiband Communication Mitigation - T1026" }, @@ -949,6 +2002,15 @@ "meta": { "external_id": "T1018" }, + "related": [ + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "9a902722-cecd-4fbe-a6c9-49333aa0f8c2", "value": "Remote System Discovery Mitigation - T1018" }, @@ -957,6 +2019,15 @@ "meta": { "external_id": "T1083" }, + "related": [ + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "2ace01f8-67c8-43eb-b7b1-a7b9f1fe67e1", "value": "File and Directory Discovery Mitigation - T1083" }, @@ -965,6 +2036,15 @@ "meta": { "external_id": "T1215" }, + "related": [ + { + "dest-uuid": "6be14413-578e-46c1-8304-310762b3ecd5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "44155d14-ca75-4fdf-b033-ab3d732e2884", "value": "Kernel Modules and Extensions Mitigation - T1215" }, @@ -973,6 +2053,15 @@ "meta": { "external_id": "T1044" }, + "related": [ + { + "dest-uuid": "0ca7beef-9bbc-4e35-97cf-437384ddce6a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "1022138b-497c-40e6-b53a-13351cbd4090", "value": "File System Permissions Weakness Mitigation - T1044" }, @@ -981,6 +2070,15 @@ "meta": { "external_id": "T1035" }, + "related": [ + { + "dest-uuid": "f44731de-ea9f-406d-9b83-30ecbb9b4392", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "d5dce4b9-f1fa-4c03-aff9-ce177246cb64", "value": "Service Execution Mitigation - T1035" }, @@ -989,6 +2087,15 @@ "meta": { "external_id": "T1166" }, + "related": [ + { + "dest-uuid": "c0df6533-30ee-4a4a-9c6d-17af5abdf0b2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "073cc04d-ac46-4f5a-85d7-83a91ecd6a19", "value": "Setuid and Setgid Mitigation - T1166" }, @@ -997,6 +2104,15 @@ "meta": { "external_id": "T1154" }, + "related": [ + { + "dest-uuid": "b53dbcc6-147d-48bb-9df4-bcb8bb808ff6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "809b79cd-be78-4597-88d1-5496d1d9993a", "value": "Trap Mitigation - T1154" }, @@ -1005,6 +2121,15 @@ "meta": { "external_id": "T1092" }, + "related": [ + { + "dest-uuid": "64196062-5210-42c3-9a02-563a0d1797ef", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "b8d57b16-d8e2-428c-a645-1083795b3445", "value": "Communication Through Removable Media Mitigation - T1092" }, @@ -1013,6 +2138,15 @@ "meta": { "external_id": "T1111" }, + "related": [ + { + "dest-uuid": "dd43c543-bb85-4a6f-aa6e-160d90d06a49", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "e8d22ec6-2236-48de-954b-974d17492782", "value": "Two-Factor Authentication Interception Mitigation - T1111" }, @@ -1021,6 +2155,15 @@ "meta": { "external_id": "T1177" }, + "related": [ + { + "dest-uuid": "6e6845c2-347a-4a6f-a2d1-b74a18ebd352", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "7a6e5ca3-562f-4185-a323-f3b62b5b2e6b", "value": "LSASS Driver Mitigation - T1177" }, @@ -1029,6 +2172,15 @@ "meta": { "external_id": "T1095" }, + "related": [ + { + "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "399d9038-b100-43ef-b28d-a5065106b935", "value": "Standard Non-Application Layer Protocol Mitigation - T1095" }, @@ -1037,6 +2189,15 @@ "meta": { "external_id": "T1030" }, + "related": [ + { + "dest-uuid": "c3888c54-775d-4b2f-b759-75a2ececcbfd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "ba06d68a-4891-4eb5-b634-152e05ec60ee", "value": "Data Transfer Size Limits Mitigation - T1030" }, @@ -1045,6 +2206,15 @@ "meta": { "external_id": "T1103" }, + "related": [ + { + "dest-uuid": "317fefa6-46c7-4062-adb6-2008cf6bcb41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "10571bf2-8073-4edf-a71c-23bad225532e", "value": "AppInit DLLs Mitigation - T1103" }, @@ -1053,6 +2223,15 @@ "meta": { "external_id": "T1118" }, + "related": [ + { + "dest-uuid": "f792d02f-813d-402b-86a5-ab98cb391d3b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "ec418d1b-4963-439f-b055-f914737ef362", "value": "InstallUtil Mitigation - T1118" }, @@ -1061,6 +2240,15 @@ "meta": { "external_id": "T1023" }, + "related": [ + { + "dest-uuid": "970cdb5c-02fb-4c38-b17e-d6327cf3c810", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "a13e35cc-8c90-4d77-a965-5461042c1612", "value": "Shortcut Modification Mitigation - T1023" }, @@ -1069,6 +2257,15 @@ "meta": { "external_id": "T1094" }, + "related": [ + { + "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "f3d0c735-330f-43c2-8e8e-51bcfa51e8c3", "value": "Custom Command and Control Protocol Mitigation - T1094" }, @@ -1077,6 +2274,15 @@ "meta": { "external_id": "T1020" }, + "related": [ + { + "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "2497ac92-e751-4391-82c6-1b86e34d0294", "value": "Automated Exfiltration Mitigation - T1020" }, @@ -1085,6 +2291,15 @@ "meta": { "external_id": "T1195" }, + "related": [ + { + "dest-uuid": "3f18edba-28f4-4bb9-82c3-8aa60dcac5f7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "97d8eadb-0459-4c1d-bf1a-e053bd75df61", "value": "Supply Chain Compromise Mitigation - T1195" }, @@ -1093,6 +2308,15 @@ "meta": { "external_id": "T1042" }, + "related": [ + { + "dest-uuid": "68c96494-1a50-403e-8844-69a6af278c68", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "d7c49196-b40e-42bc-8eed-b803113692ed", "value": "Change Default File Association Mitigation - T1042" }, @@ -1101,6 +2325,15 @@ "meta": { "external_id": "T1120" }, + "related": [ + { + "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "1881da33-fdf2-4eea-afd0-e04caf9c000f", "value": "Peripheral Device Discovery Mitigation - T1120" }, @@ -1109,6 +2342,15 @@ "meta": { "external_id": "T1196" }, + "related": [ + { + "dest-uuid": "8df54627-376c-487c-a09c-7d2b5620f56e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "3a41b366-cfd6-4af2-a6e7-3c6e3c4ebcef", "value": "Control Panel Items Mitigation - T1196" }, @@ -1117,6 +2359,15 @@ "meta": { "external_id": "T1071" }, + "related": [ + { + "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "addb3703-5a59-4461-9bcd-7e2b5d4e92a0", "value": "Standard Application Layer Protocol Mitigation - T1071" }, @@ -1125,6 +2376,15 @@ "meta": { "external_id": "T1148" }, + "related": [ + { + "dest-uuid": "086952c4-5b90-4185-b573-02bad8e11953", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "03c0c586-50ed-45a7-95f4-f496d7eb5330", "value": "HISTCONTROL Mitigation - T1148" }, @@ -1133,6 +2393,15 @@ "meta": { "external_id": "T1056" }, + "related": [ + { + "dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "da8a87d2-946d-4c34-9a30-709058b98996", "value": "Input Capture Mitigation - T1056" }, @@ -1141,6 +2410,15 @@ "meta": { "external_id": "T1162" }, + "related": [ + { + "dest-uuid": "36675cd3-fe00-454c-8516-aebecacbe9d9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "06824aa2-94a5-474c-97f6-57c2e983d885", "value": "Login Item Mitigation - T1162" }, @@ -1149,6 +2427,15 @@ "meta": { "external_id": "T1101" }, + "related": [ + { + "dest-uuid": "6c174520-beea-43d9-aac6-28fb77f3e446", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "9e57c770-5a39-49a2-bb91-253ba629e3ac", "value": "Security Support Provider Mitigation - T1101" }, @@ -1157,6 +2444,15 @@ "meta": { "external_id": "T1184" }, + "related": [ + { + "dest-uuid": "c1b11bf7-c68e-4fbf-a95b-28efbe7953bb", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "41cff8e9-fd05-408e-b3d5-d98c54c20bcf", "value": "SSH Hijacking Mitigation - T1184" }, @@ -1165,6 +2461,15 @@ "meta": { "external_id": "T1057" }, + "related": [ + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "f6469191-1814-4dbe-a081-2a6daf83a10b", "value": "Process Discovery Mitigation - T1057" }, @@ -1173,6 +2478,15 @@ "meta": { "external_id": "T1219" }, + "related": [ + { + "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "af093bc8-7b59-4e2a-9da8-8e839b4c50c6", "value": "Remote Access Tools Mitigation - T1219" }, @@ -1181,6 +2495,15 @@ "meta": { "external_id": "T1091" }, + "related": [ + { + "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "effb83a0-ead1-4b36-b7f6-b7bdf9c4616e", "value": "Replication Through Removable Media Mitigation - T1091" }, @@ -1189,6 +2512,15 @@ "meta": { "external_id": "T1029" }, + "related": [ + { + "dest-uuid": "4eeaf8a9-c86b-4954-a663-9555fb406466", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "1c0711c8-2a73-48a1-893d-ff88bcd23824", "value": "Scheduled Transfer Mitigation - T1029" }, @@ -1197,6 +2529,15 @@ "meta": { "external_id": "T1062" }, + "related": [ + { + "dest-uuid": "4be89c7c-ace6-4876-9377-c8d54cef3d63", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "2c3ce852-06a2-40ee-8fe6-086f6402a739", "value": "Hypervisor Mitigation - T1062" }, @@ -1205,6 +2546,15 @@ "meta": { "external_id": "T1119" }, + "related": [ + { + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "8bd1ae32-a686-48f4-a6f8-470287f76152", "value": "Automated Collection Mitigation - T1119" }, @@ -1213,6 +2563,15 @@ "meta": { "external_id": "T1052" }, + "related": [ + { + "dest-uuid": "e6415f09-df0e-48de-9aba-928c902b7549", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "e547ed6a-f1ca-40df-8613-2ce27927f145", "value": "Exfiltration Over Physical Medium Mitigation - T1052" }, @@ -1221,6 +2580,15 @@ "meta": { "external_id": "T1138" }, + "related": [ + { + "dest-uuid": "7c93aa74-4bc0-4a9e-90ea-f25f86301566", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "cfc2d2fc-14ff-495f-bd99-585be47b804f", "value": "Application Shimming Mitigation - T1138" }, @@ -1229,6 +2597,15 @@ "meta": { "external_id": "T1168" }, + "related": [ + { + "dest-uuid": "c0a384a4-9a25-40e1-97b6-458388474bc8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "c47a9b55-8f61-4b82-b833-1db6242c754e", "value": "Local Job Scheduling Mitigation - T1168" }, @@ -1237,6 +2614,15 @@ "meta": { "external_id": "T1158" }, + "related": [ + { + "dest-uuid": "dc27c2ec-c5f9-4228-ba57-d67b590bda93", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "84d633a4-dd93-40ca-8510-40238c021931", "value": "Hidden Files and Directories Mitigation - T1158" }, @@ -1245,6 +2631,15 @@ "meta": { "external_id": "T1151" }, + "related": [ + { + "dest-uuid": "e2907cea-4b43-4ed7-a570-0fdf0fbeea00", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "02f0f92a-0a51-4c94-9bda-6437b9a93f22", "value": "Space after Filename Mitigation - T1151" }, @@ -1253,6 +2648,15 @@ "meta": { "external_id": "T1137" }, + "related": [ + { + "dest-uuid": "2c4d4e92-0ccf-4a97-b54c-86d662988a53", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "8ca6a5e0-aae5-49bc-8d07-f888c7dba9ea", "value": "Office Application Startup Mitigation - T1137" }, @@ -1261,6 +2665,15 @@ "meta": { "external_id": "T1132" }, + "related": [ + { + "dest-uuid": "cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "fcbe8424-eb3e-4794-b76d-e743f5a49b8b", "value": "Data Encoding Mitigation - T1132" }, @@ -1269,6 +2682,15 @@ "meta": { "external_id": "T1153" }, + "related": [ + { + "dest-uuid": "45d84c8b-c1e2-474d-a14d-69b5de0a2bc0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "5391ece4-8866-415d-9b5e-8dc5944f612a", "value": "Source Mitigation - T1153" }, @@ -1277,6 +2699,15 @@ "meta": { "external_id": "T1073" }, + "related": [ + { + "dest-uuid": "b2001907-166b-4d71-bb3c-9d26c871de09", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "7a14d974-f3d9-4e4e-9b7d-980385762908", "value": "DLL Side-Loading Mitigation - T1073" }, @@ -1285,6 +2716,15 @@ "meta": { "external_id": "T1152" }, + "related": [ + { + "dest-uuid": "53bfc8bf-8f76-4cd7-8958-49a884ddb3ee", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "e333cf16-5bfa-453e-8e6a-3a4c63d6bfcc", "value": "Launchctl Mitigation - T1152" }, @@ -1293,6 +2733,15 @@ "meta": { "external_id": "T1014" }, + "related": [ + { + "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "95ddb356-7ba0-4bd9-a889-247262b8946f", "value": "Rootkit Mitigation - T1014" }, @@ -1301,6 +2750,15 @@ "meta": { "external_id": "T1207" }, + "related": [ + { + "dest-uuid": "564998d8-ab3e-4123-93fb-eccaa6b9714a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "b70627f7-3b43-4c6f-8fc0-c918c41f8f72", "value": "DCShadow Mitigation - T1207" }, @@ -1309,6 +2767,15 @@ "meta": { "external_id": "T1112" }, + "related": [ + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "ed202147-4026-4330-b5bd-1e8dfa8cf7cc", "value": "Modify Registry Mitigation - T1112" }, @@ -1317,6 +2784,15 @@ "meta": { "external_id": "T1124" }, + "related": [ + { + "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "82d8e990-c901-4aed-8596-cc002e7eb307", "value": "System Time Discovery Mitigation - T1124" }, @@ -1325,6 +2801,15 @@ "meta": { "external_id": "T1190" }, + "related": [ + { + "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "65da1eb6-d35d-4853-b280-98a76c0aef53", "value": "Exploit Public-Facing Application Mitigation - T1190" }, @@ -1333,6 +2818,15 @@ "meta": { "external_id": "T1182" }, + "related": [ + { + "dest-uuid": "4bf5845d-a814-4490-bc5c-ccdee6043025", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "95c29444-49f9-49f7-8b20-bcd68d8fcaa6", "value": "AppCert DLLs Mitigation - T1182" }, @@ -1341,6 +2835,15 @@ "meta": { "external_id": "T1049" }, + "related": [ + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "c1676218-c16a-41c9-8f7a-023779916e39", "value": "System Network Connections Discovery Mitigation - T1049" }, @@ -1349,6 +2852,15 @@ "meta": { "external_id": "T1173" }, + "related": [ + { + "dest-uuid": "edbe24e9-aec4-4994-ac75-6a6bc7f1ddd0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "80c91478-ac87-434f-bee7-11f37aec4d74", "value": "Dynamic Data Exchange Mitigation - T1173" }, @@ -1357,6 +2869,15 @@ "meta": { "external_id": "T1171" }, + "related": [ + { + "dest-uuid": "0dbf5f1b-a560-4d51-ac1b-d70caab3e1f0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "54246e2e-683f-4bf2-be4c-d7d5a60e7d22", "value": "LLMNR/NBT-NS Poisoning Mitigation - T1171" }, @@ -1365,6 +2886,15 @@ "meta": { "external_id": "T1113" }, + "related": [ + { + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "51b37302-b844-4c08-ac98-ae6955ed1f55", "value": "Screen Capture Mitigation - T1113" }, @@ -1373,6 +2903,15 @@ "meta": { "external_id": "T1077" }, + "related": [ + { + "dest-uuid": "ffe742ed-9100-4686-9e00-c331da544787", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "308855d1-078b-47ad-8d2a-8f9b2713ffb5", "value": "Windows Admin Shares Mitigation - T1077" }, @@ -1381,6 +2920,15 @@ "meta": { "external_id": "T1140" }, + "related": [ + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "d01f473f-3cdc-4867-9e55-1de9cf1986f0", "value": "Deobfuscate/Decode Files or Information Mitigation - T1140" }, @@ -1389,6 +2937,15 @@ "meta": { "external_id": "T1210" }, + "related": [ + { + "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "14b63e6b-7531-4476-9e60-02cc5db48b62", "value": "Exploitation of Remote Services Mitigation - T1210" }, @@ -1397,6 +2954,15 @@ "meta": { "external_id": "T1146" }, + "related": [ + { + "dest-uuid": "d3046a90-580c-4004-8208-66915bc29830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "3e7018e9-7389-48e7-9208-0bdbcbba9483", "value": "Clear Command History Mitigation - T1146" }, @@ -1405,6 +2971,15 @@ "meta": { "external_id": "T1031" }, + "related": [ + { + "dest-uuid": "62dfd1ca-52d5-483c-a84b-d6e80bf94b7b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "fe0aeb41-1a51-4152-8467-628256ea6adf", "value": "Modify Existing Service Mitigation - T1031" }, @@ -1413,6 +2988,15 @@ "meta": { "external_id": "T1212" }, + "related": [ + { + "dest-uuid": "9c306d8d-cde7-4b4c-b6e8-d0bb16caca36", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "06160d81-62be-46e5-aa37-4b9c645ffa31", "value": "Exploitation for Credential Access Mitigation - T1212" }, @@ -1421,6 +3005,15 @@ "meta": { "external_id": "T1199" }, + "related": [ + { + "dest-uuid": "9fa07bef-9c81-421e-a8e5-ad4366c5a925", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "797312d4-8a84-4daf-9c56-57da4133c322", "value": "Trusted Relationship Mitigation - T1199" }, @@ -1429,6 +3022,15 @@ "meta": { "external_id": "T1206" }, + "related": [ + { + "dest-uuid": "2169ba87-1146-4fc7-a118-12b72251db7e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "dbf0186e-722d-4a0a-af6a-b3460f162f84", "value": "Sudo Caching Mitigation - T1206" }, @@ -1437,6 +3039,15 @@ "meta": { "external_id": "T1072" }, + "related": [ + { + "dest-uuid": "92a78814-b191-47ca-909c-1ccfe3777414", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "160af6af-e733-4b6a-a04a-71c620ac0930", "value": "Third-party Software Mitigation - T1072" }, @@ -1445,6 +3056,15 @@ "meta": { "external_id": "T1125" }, + "related": [ + { + "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "d9f4b5fa-2a39-4bdf-b40a-ea998933cd6d", "value": "Video Capture Mitigation - T1125" }, @@ -1453,6 +3073,15 @@ "meta": { "external_id": "T1181" }, + "related": [ + { + "dest-uuid": "52f3d5a6-8a0f-4f82-977e-750abf90d0b0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "cba5667e-e3c6-44a4-811c-266dbc00e440", "value": "Extra Window Memory Injection Mitigation - T1181" }, @@ -1461,6 +3090,15 @@ "meta": { "external_id": "T1130" }, + "related": [ + { + "dest-uuid": "d519cfd5-f3a8-43a9-a846-ed0bb40672b1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "23061b40-a7b6-454f-8950-95d5ff80331c", "value": "Install Root Certificate Mitigation - T1130" }, @@ -1469,6 +3107,15 @@ "meta": { "external_id": "T1110" }, + "related": [ + { + "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "4a99fecc-680b-448e-8fe7-8144c60d272c", "value": "Brute Force Mitigation - T1110" }, @@ -1477,6 +3124,15 @@ "meta": { "external_id": "T1142" }, + "related": [ + { + "dest-uuid": "9e09ddb2-1746-4448-9cad-7f8b41777d6d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "56648de3-8947-4559-90c4-eda10acc0f5a", "value": "Keychain Mitigation - T1142" }, @@ -1485,6 +3141,15 @@ "meta": { "external_id": "T1114" }, + "related": [ + { + "dest-uuid": "1608f3e1-598a-42f4-a01a-2e252e81728f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "383caaa3-c46a-4f61-b2e3-653eb132f0e7", "value": "Email Collection Mitigation - T1114" }, @@ -1493,6 +3158,15 @@ "meta": { "external_id": "T1197" }, + "related": [ + { + "dest-uuid": "c8e87b83-edbb-48d4-9295-4974897525b7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "cb825b86-3f3b-4686-ba99-44878f5d3173", "value": "BITS Jobs Mitigation - T1197" }, @@ -1501,6 +3175,15 @@ "meta": { "external_id": "T1068" }, + "related": [ + { + "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "92e6d080-ca3f-4f95-bc45-172a32c4e502", "value": "Exploitation for Privilege Escalation Mitigation - T1068" }, @@ -1509,6 +3192,15 @@ "meta": { "external_id": "T1105" }, + "related": [ + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "cdecc44a-1dbf-4c1f-881c-f21e3f47272a", "value": "Remote File Copy Mitigation - T1105" }, @@ -1517,6 +3209,15 @@ "meta": { "external_id": "T1202" }, + "related": [ + { + "dest-uuid": "3b0e52ce-517a-4614-a523-1bd5deef6c5e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "1e614ba5-2fc5-4464-b512-2ceafb14d76d", "value": "Indirect Command Execution Mitigation - T1202" }, @@ -1525,6 +3226,15 @@ "meta": { "external_id": "T1048" }, + "related": [ + { + "dest-uuid": "a19e86f8-1c0a-4fea-8407-23b73d615776", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "0e5bdf42-a7f7-4d16-a074-4915bd262f80", "value": "Exfiltration Over Alternative Protocol Mitigation - T1048" }, @@ -1533,6 +3243,15 @@ "meta": { "external_id": "T1145" }, + "related": [ + { + "dest-uuid": "56ff457d-5e39-492b-974c-dfd2b8603ffe", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "f27ef4f2-71fe-48b6-b7f4-02dcac14320e", "value": "Private Keys Mitigation - T1145" }, @@ -1541,6 +3260,15 @@ "meta": { "external_id": "T1163" }, + "related": [ + { + "dest-uuid": "18d4ab39-12ed-4a16-9fdb-ae311bba4a0f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "c3cf2312-3aab-4aaf-86e6-ab3505430482", "value": "Rc.common Mitigation - T1163" }, @@ -1549,6 +3277,15 @@ "meta": { "external_id": "T1134" }, + "related": [ + { + "dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "c61fee9f-16fb-4f8c-bbf0-869093fcd4a6", "value": "Access Token Manipulation Mitigation - T1134" }, @@ -1557,6 +3294,15 @@ "meta": { "external_id": "T1143" }, + "related": [ + { + "dest-uuid": "04ee0cb7-dac3-4c6c-9387-4c6aa096f4cf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "fae44eea-caa7-42b7-a2e2-0c815ba81b9a", "value": "Hidden Window Mitigation - T1143" }, @@ -1565,6 +3311,15 @@ "meta": { "external_id": "T1076" }, + "related": [ + { + "dest-uuid": "51dea151-0898-4a45-967c-3ebee0420484", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "53b3b027-bed3-480c-9101-1247047d0fe6", "value": "Remote Desktop Protocol Mitigation - T1076" }, @@ -1573,6 +3328,15 @@ "meta": { "external_id": "T1213" }, + "related": [ + { + "dest-uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "13cad982-35e3-4340-9095-7124b653df4b", "value": "Data from Information Repositories Mitigation - T1213" }, @@ -1581,6 +3345,15 @@ "meta": { "external_id": "T1102" }, + "related": [ + { + "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "4689b9fb-dca4-473e-831b-34717ad50c97", "value": "Web Service Mitigation - T1102" }, @@ -1589,6 +3362,15 @@ "meta": { "external_id": "T1141" }, + "related": [ + { + "dest-uuid": "91ce1ede-107f-4d8b-bf4c-735e8789c94b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "8a61f6b9-6b7a-4cf2-8e08-f1e26434f6df", "value": "Input Prompt Mitigation - T1141" }, @@ -1597,6 +3379,15 @@ "meta": { "external_id": "T1046" }, + "related": [ + { + "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "d256cb63-b021-4b4a-bb6d-1b42eea179a3", "value": "Network Service Scanning Mitigation - T1046" }, @@ -1605,6 +3396,15 @@ "meta": { "external_id": "T1084" }, + "related": [ + { + "dest-uuid": "e906ae4d-1d3a-4675-be23-22f7311c0da4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "0bc3ce00-83bc-4a92-a042-79ffbc6af259", "value": "Windows Management Instrumentation Event Subscription Mitigation - T1084" }, @@ -1613,6 +3413,15 @@ "meta": { "external_id": "T1005" }, + "related": [ + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "7ee0879d-ce4f-4f54-a96b-c532dfb98ffd", "value": "Data from Local System Mitigation - T1005" }, @@ -1621,6 +3430,15 @@ "meta": { "external_id": "T1024" }, + "related": [ + { + "dest-uuid": "3b3cbbe0-6ed3-4334-b543-3ddfd8c5642d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "a569295c-a093-4db4-9fb4-7105edef85ad", "value": "Custom Cryptographic Protocol Mitigation - T1024" }, @@ -1629,6 +3447,15 @@ "meta": { "external_id": "T1081" }, + "related": [ + { + "dest-uuid": "ba8e391f-14b5-496f-81f2-2d5ecd646c1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "0472af99-f25c-4abe-9fce-010fa3450e72", "value": "Credentials in Files Mitigation - T1081" }, @@ -1637,6 +3464,15 @@ "meta": { "external_id": "T1205" }, + "related": [ + { + "dest-uuid": "451a9977-d255-43c9-b431-66de80130c8c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "f6b7c116-0821-4eb7-9b24-62bd09b3e575", "value": "Port Knocking Mitigation - T1205" }, @@ -1645,6 +3481,15 @@ "meta": { "external_id": "T1189" }, + "related": [ + { + "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "7a4d0054-53cd-476f-88af-955dddc80ee0", "value": "Drive-by Compromise Mitigation - T1189" }, @@ -1653,6 +3498,15 @@ "meta": { "external_id": "T1069" }, + "related": [ + { + "dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "dd9a85ad-6a92-4986-a215-b01d0ce7b987", "value": "Permission Groups Discovery Mitigation - T1069" }, @@ -1661,6 +3515,15 @@ "meta": { "external_id": "T1037" }, + "related": [ + { + "dest-uuid": "03259939-0b57-482f-8eb5-87c0e0d54334", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "9ab7de33-99b2-4d8d-8cf3-182fa0015cc2", "value": "Logon Scripts Mitigation - T1037" }, @@ -1669,6 +3532,15 @@ "meta": { "external_id": "T1116" }, + "related": [ + { + "dest-uuid": "1b84d551-6de8-4b96-9930-d177677c3b1d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "82fbc58b-171d-4a2d-9a20-c6b2a716bd08", "value": "Code Signing Mitigation - T1116" }, @@ -1677,6 +3549,15 @@ "meta": { "external_id": "T1200" }, + "related": [ + { + "dest-uuid": "d40239b3-05ff-46d8-9bdd-b46d13463ef9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "54e8722d-2faf-4b1b-93b6-6cbf9551669f", "value": "Hardware Additions Mitigation - T1200" }, @@ -1685,6 +3566,15 @@ "meta": { "external_id": "T1028" }, + "related": [ + { + "dest-uuid": "c3bce4f4-9795-46c6-976e-8676300bbc39", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "3e9f8875-d2f7-4380-a578-84393bd3b025", "value": "Windows Remote Management Mitigation - T1028" }, @@ -1693,6 +3583,15 @@ "meta": { "external_id": "T1100" }, + "related": [ + { + "dest-uuid": "c16e5409-ee53-4d79-afdc-4099dc9292df", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "bcc91b8c-f104-4710-964e-1d5409666736", "value": "Web Shell Mitigation - T1100" }, @@ -1701,6 +3600,15 @@ "meta": { "external_id": "T1186" }, + "related": [ + { + "dest-uuid": "c1a452f3-6499-4c12-b7e9-a6a0a102af76", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "34d6a2ef-370e-4d21-a34b-6208b7c78f31", "value": "Process Doppelgänging Mitigation - T1186" }, @@ -1709,6 +3617,15 @@ "meta": { "external_id": "T1001" }, + "related": [ + { + "dest-uuid": "ad255bfe-a9e6-4b52-a258-8d3462abe842", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "d0fcf37a-b6c4-4745-9c43-4fcdb8bfc88e", "value": "Data Obfuscation Mitigation - T1001" }, @@ -1717,6 +3634,15 @@ "meta": { "external_id": "T1045" }, + "related": [ + { + "dest-uuid": "6ff403bc-93e3-48be-8687-e102fdba8c88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "c95c8b5c-b431-43c9-9557-f494805e2502", "value": "Software Packing Mitigation - T1045" }, @@ -1725,9 +3651,18 @@ "meta": { "external_id": "T1063" }, + "related": [ + { + "dest-uuid": "241814ae-de3f-4656-b49e-f9a80764d4b7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "bd2554b8-634f-4434-a986-9b49c29da2ae", "value": "Security Software Discovery Mitigation - T1063" } ], - "version": 4 -} + "version": 5 +} \ No newline at end of file diff --git a/clusters/mitre-enterprise-attack-intrusion-set.json b/clusters/mitre-enterprise-attack-intrusion-set.json index 46d59a7..b47a847 100644 --- a/clusters/mitre-enterprise-attack-intrusion-set.json +++ b/clusters/mitre-enterprise-attack-intrusion-set.json @@ -27,6 +27,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "7ecc3b4f-5cdb-457e-b55a-df376b359446", @@ -44,6 +51,15 @@ "Group5" ] }, + "related": [ + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "7331c66a-5601-4d3f-acf6-ad9e3035eb40", "value": "Group5 - G0043" }, @@ -67,6 +83,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "fe98767f-9df8-42b9-83c9-004b1dec8647", @@ -91,6 +114,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "b42378e0-f147-496f-992a-26a49705395b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "16ade1aa-0ea1-4bb7-88cc-9079df2ae756", @@ -108,6 +138,15 @@ "RTM" ] }, + "related": [ + { + "dest-uuid": "92ec0cbd-2c30-44a2-b270-73f4ec949841", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "c416b28c-103b-4df1-909e-78089a7e0e5f", "value": "RTM - G0048" }, @@ -145,6 +184,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "d1acfbb3-647b-4723-9154-800ec119006e", @@ -216,6 +262,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "f9c06633-dcff-48a1-8588-759e7cec5694", @@ -250,6 +303,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "c5947e1c-1cbc-434c-94b8-27c7e3be0fff", @@ -289,6 +349,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "a653431d-6a5e-4600-8ad3-609b5af57064", @@ -314,6 +381,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "df71bb3b-813c-45eb-a8bc-f2a419837411", @@ -340,6 +414,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "69d6f4a9-fcf0-4f51-bca7-597c51ad0bb8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "277d2f87-2ae5-4730-a3aa-50c1fdff9656", @@ -379,6 +460,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "381fcf73-60f6-4ab2-9991-6af3cbc35192", @@ -403,6 +491,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "9422fc14-1c43-410d-ab0f-a709b76c72dc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "2a7914cf-dff3-428d-ab0f-1014d1c28aeb", @@ -427,6 +522,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "ae41895a-243f-4a65-b99b-d85022326c31", @@ -451,6 +553,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "62a64fd3-aaf7-4d09-a375-d6f8bb118481", @@ -487,6 +596,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "4a2ce82e-1a74-468a-a6fb-bbead541383c", @@ -631,6 +747,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "a8d3d497-2da9-4797-8e0b-ed176be08654", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "025bdaa9-897d-4bad-afa6-013ba5734653", @@ -655,6 +778,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "68ba94ab-78b8-43e7-83e2-aed3466882c6", @@ -679,6 +809,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "519630c5-f03f-4882-825c-3af924935817", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "2e5d3a83-fe00-41a5-9b60-237efc84832f", @@ -721,6 +858,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "294e2560-bd48-44b2-9da2-833b5588ad11", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "fb366179-766c-4a4a-afa1-52bff1fd601c", @@ -746,6 +890,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "b42378e0-f147-496f-992a-26a49705395b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "f3bdec95-3d62-42d9-a840-29630f6cdc1a", @@ -797,6 +948,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "fbe9387f-34e6-4828-ac28-3080020c597b", @@ -840,6 +998,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "4ca1929c-7d64-4aab-b849-badbfc0c760d", @@ -864,6 +1029,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "e48df773-7c95-4a4c-ba70-ea3d15900148", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "7636484c-adc5-45d4-9bfe-c3e062fbc4a0", @@ -883,6 +1055,15 @@ "FIN5" ] }, + "related": [ + { + "dest-uuid": "0e18b800-906c-4e44-a143-b11c72b3448b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "85403903-15e0-4f9f-9be4-a259ecad4022", "value": "FIN5 - G0053" }, @@ -900,6 +1081,15 @@ "BlackOasis" ] }, + "related": [ + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "da49b9f1-ca99-443f-9728-0a074db66850", "value": "BlackOasis - G0063" }, @@ -915,6 +1105,15 @@ "Taidoor" ] }, + "related": [ + { + "dest-uuid": "4b74a1d4-b0e9-4ef1-93f1-14ecc6e2f5b5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "59140a2e-d117-4206-9b2c-2a8662bd9d46", "value": "Taidoor - G0015" }, @@ -979,6 +1178,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "5a63f900-5e7e-4928-a746-dd4558e1df71", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "2a158b0a-7ef8-43cb-9985-bf34d1e12050", @@ -996,6 +1202,15 @@ "Ke3chang" ] }, + "related": [ + { + "dest-uuid": "72b74d71-8169-42aa-92e0-e7b04b9f5a08", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "6713ab67-e25b-49cc-808d-2b36d4fbc35c", "value": "Ke3chang - G0004" }, @@ -1027,6 +1242,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "247cb30b-955f-42eb-97a5-a89fef69341e", @@ -1052,6 +1274,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "a127c32c-cbb0-4f9d-be07-881a792408ec", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "269e8108-68c6-4f99-b911-14b2e765dec2", @@ -1088,6 +1317,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "17862c7d-9e60-48a0-b48e-da4dc4c3f6b0", @@ -1127,6 +1363,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "fb261c56-b80e-43a9-8351-c84081e7213d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "f047ee18-7985-4946-8bfb-4ed754d3a0dd", @@ -1224,6 +1467,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "3753cc21-2dae-4dfb-8481-d004e74502cc", @@ -1258,6 +1508,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "0bbdf25b-30ff-4894-a1cd-49260d0dd2d9", @@ -1282,6 +1539,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "54a649ff-439a-41a4-9856-8d144a2551ba", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "0ea72cd5-ca30-46ba-bc04-378f701c658f", @@ -1318,6 +1582,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "ffe742ed-9100-4686-9e00-c331da544787", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "c93fccb1-e8e8-42cf-ae33-2ad1d183913a", @@ -1343,6 +1614,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "0f862b01-99da-47cc-9bdb-db4a86a95bb1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "88b7dbc2-32d3-4e31-af2f-3fc24e1582d7", @@ -1360,6 +1638,15 @@ "Equation" ] }, + "related": [ + { + "dest-uuid": "10d5f3b7-6be6-4da5-9a77-0f1e2bbfcc44", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "96e239be-ad99-49eb-b127-3007b8c1bec9", "value": "Equation - G0020" }, @@ -1375,6 +1662,15 @@ "Darkhotel" ] }, + "related": [ + { + "dest-uuid": "9422fc14-1c43-410d-ab0f-a709b76c72dc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "9e729a7e-0dd6-4097-95bf-db8d64911383", "value": "Darkhotel - G0012" }, @@ -1398,6 +1694,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "82cb34ba-02b5-432b-b2d2-07f55cbf674d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1", @@ -1422,6 +1725,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "1b84d551-6de8-4b96-9930-d177677c3b1d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "5cbe0d3b-6fb1-471f-b591-4b192915116d", @@ -1446,6 +1756,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "894aab42-3371-47b1-8859-a4a074c804c8", @@ -1473,6 +1790,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "9422fc14-1c43-410d-ab0f-a709b76c72dc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "93f52415-0fe4-4d3d-896c-fc9b8e88ab90", @@ -1497,6 +1821,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "dfb5fa9b-3051-4b97-8035-08f80aef945b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "c5574ca0-d5a4-490a-b207-e4658e5fd1d7", @@ -1515,6 +1846,15 @@ "TG-1314" ] }, + "related": [ + { + "dest-uuid": "92a78814-b191-47ca-909c-1ccfe3777414", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "d519164e-f5fa-4b8c-a1fb-cf0172ad0983", "value": "Threat Group-1314 - G0028" }, @@ -1547,6 +1887,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "6b62e336-176f-417b-856a-8552dd8c44e1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "7a19ecb1-3c65-4de3-a230-993516aed6a6", @@ -1576,6 +1923,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "03506554-5f37-4f8f-9ce4-0e9f01a1b484", @@ -1604,6 +1958,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "ca1a3f50-5ebd-41f8-8320-2c7d6a6e88be", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "899ce53f-13a0-479b-a0e4-67d46e241542", @@ -1636,6 +1997,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "222fbd21-fc4f-4b7e-9f85-0e6e3a76c33f", @@ -1662,6 +2030,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "7bec698a-7e20-4fd3-bb6a-12787770fb1a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "5ce5392a-3a6c-4e07-9df3-9b6a9159ac45", @@ -1697,6 +2072,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "a0cb9370-e39b-44d5-9f50-ef78e412b973", @@ -1776,6 +2158,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13", @@ -1801,6 +2190,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "ffe742ed-9100-4686-9e00-c331da544787", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "fd19bd82-1b14-49a1-a176-6cdc46b8a826", @@ -1833,6 +2229,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "691c60e2-273d-4d56-9ce6-b67e0f8719ad", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "efed95ba-d7e8-47ff-8c53-99c42426ee7c", @@ -1860,6 +2263,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "55033a4d-3ffe-46b2-99b4-2c1541e9ce1c", @@ -1892,6 +2302,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "20138b9d-1aac-4a26-8654-a36b6bbf2bba", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "fbd29c89-18ba-4c2d-b792-51c0adee049f", @@ -1933,6 +2350,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "56fca983-1cf1-4fd1-bda0-5e170a37ab59", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "38fd6a28-3353-4f2b-bb2b-459fecd5c648", @@ -1959,6 +2383,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "e906ae4d-1d3a-4675-be23-22f7311c0da4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "7113eaa5-ba79-4fb3-b68a-398ee9cd698e", @@ -1985,6 +2416,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "dcd81c6e-ebf7-4a16-93e0-9a97fa49c88a", @@ -2009,11 +2447,18 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "2e290bfe-93b5-48ce-97d6-edcd6d32b7cf", "value": "Gamaredon Group - G0047" } ], - "version": 5 -} + "version": 6 +} \ No newline at end of file diff --git a/clusters/mitre-enterprise-attack-malware.json b/clusters/mitre-enterprise-attack-malware.json index 0def529..89fe9ae 100644 --- a/clusters/mitre-enterprise-attack-malware.json +++ b/clusters/mitre-enterprise-attack-malware.json @@ -28,6 +28,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "2dd34b01-6110-4aac-835d-b5e7b936b0be", @@ -52,6 +59,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "f6ae7a52-f3b6-4525-9daf-640c083f006e", @@ -72,6 +86,15 @@ "NemesisGemina" ] }, + "related": [ + { + "dest-uuid": "ae676644-d2d2-41b7-af7e-9bed1b55898c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "2eb9b131-d333-4a48-9eb4-d8dec46c19ee", "value": "CosmicDuke - S0050" }, @@ -87,6 +110,15 @@ "H1N1" ] }, + "related": [ + { + "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "f8dfbc54-b070-4224-b560-79aaa5f835bd", "value": "H1N1 - S0132" }, @@ -102,6 +134,15 @@ "SPACESHIP" ] }, + "related": [ + { + "dest-uuid": "970cdb5c-02fb-4c38-b17e-d6327cf3c810", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "8b880b41-5139-4807-baa9-309690218719", "value": "SPACESHIP - S0035" }, @@ -124,6 +165,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "5967cc93-57c9-404a-8ffd-097edfa7bdfc", @@ -163,6 +211,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "4f6aa78c-c3d4-4883-9840-96ca2f5d6d47", @@ -188,6 +243,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "ffe742ed-9100-4686-9e00-c331da544787", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "fde50aaa-f5de-4cb8-989a-babb57d6a704", @@ -220,6 +282,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "9422fc14-1c43-410d-ab0f-a709b76c72dc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4", @@ -244,6 +313,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "59a97b15-8189-4d51-9404-e1ce8ea4a069", @@ -261,6 +337,15 @@ "Pisloader" ] }, + "related": [ + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "b96680d1-5eb3-4f07-b95c-00ab904ac236", "value": "Pisloader - S0124" }, @@ -291,6 +376,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "083bb47b-02c8-4423-81a2-f9ef58572974", @@ -315,6 +407,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "705f0783-5f7d-4491-b6b7-9628e6e006d2", @@ -332,6 +431,15 @@ "Starloader" ] }, + "related": [ + { + "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "96566860-9f11-4b6f-964d-1c924e4f24a4", "value": "Starloader - S0188" }, @@ -365,6 +473,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "dc5d1a33-62aa-4a0c-aa8c-589b87beb11e", @@ -382,6 +497,15 @@ "Hacking Team UEFI Rootkit" ] }, + "related": [ + { + "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "4b62ab58-c23b-4704-9c15-edd568cd59f8", "value": "Hacking Team UEFI Rootkit - S0047" }, @@ -427,6 +551,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "478aa214-2ca7-4ec0-9978-18798e514790", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "73a4793a-ce55-4159-b2a6-208ef29b326f", @@ -444,6 +575,15 @@ "httpclient" ] }, + "related": [ + { + "dest-uuid": "3b3cbbe0-6ed3-4334-b543-3ddfd8c5642d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "e8268361-a599-4e45-bd3f-71c8c7e700c0", "value": "httpclient - S0068" }, @@ -474,6 +614,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "08d20cd2-f084-45ee-8558-fa6ef5a18519", @@ -492,6 +639,15 @@ "CCBkdr" ] }, + "related": [ + { + "dest-uuid": "3f18edba-28f4-4bb9-82c3-8aa60dcac5f7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "b0f13390-cec7-4814-b37c-ccec01887faa", "value": "CCBkdr - S0222" }, @@ -514,6 +670,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "478aa214-2ca7-4ec0-9978-18798e514790", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "91000a8a-58cc-4aba-9ad0-993ad6302b86", @@ -531,6 +694,15 @@ "Psylo" ] }, + "related": [ + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "dfb5fa9b-3051-4b97-8035-08f80aef945b", "value": "Psylo - S0078" }, @@ -547,6 +719,15 @@ "Custom HDoor" ] }, + "related": [ + { + "dest-uuid": "2e0dd10b-676d-4964-acd0-8a404c92b044", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "007b44b6-e4c5-480b-b5b9-56f2081b1b7b", "value": "HDoor - S0061" }, @@ -577,6 +758,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "3f18edba-28f4-4bb9-82c3-8aa60dcac5f7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "0c824410-58ff-49b2-9cf2-1c96b182bdf0", @@ -608,6 +796,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "c0a384a4-9a25-40e1-97b6-458388474bc8", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "234e7770-99b0-4f65-b983-d3230f76a60b", @@ -632,6 +827,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "49abab73-3c5c-476e-afd5-69b5c732d845", @@ -656,6 +858,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "98e8a977-3416-43aa-87fa-33e287e9c14c", @@ -680,6 +889,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "2e0dd10b-676d-4964-acd0-8a404c92b044", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9", @@ -705,6 +921,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "fb261c56-b80e-43a9-8351-c84081e7213d", @@ -737,6 +960,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "4b74a1d4-b0e9-4ef1-93f1-14ecc6e2f5b5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "4ab44516-ad75-4e43-a280-705dc0420e2f", @@ -754,6 +984,15 @@ "PinchDuke" ] }, + "related": [ + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "ae9d818d-95d0-41da-b045-9cabea1ca164", "value": "PinchDuke - S0048" }, @@ -772,6 +1011,15 @@ "CloudLook" ] }, + "related": [ + { + "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "cbf646f1-7db5-4dc6-808b-0094313949df", "value": "CloudDuke - S0054" }, @@ -817,6 +1065,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "17b40f60-729f-4fe8-8aea-cc9ee44a95d5", @@ -841,6 +1096,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "22addc7b-b39f-483d-979a-1b35147da5de", @@ -858,6 +1120,15 @@ "MobileOrder" ] }, + "related": [ + { + "dest-uuid": "4b74a1d4-b0e9-4ef1-93f1-14ecc6e2f5b5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "463f68f1-5cde-4dc2-a831-68b73488f8f4", "value": "MobileOrder - S0079" }, @@ -880,6 +1151,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "3b3cbbe0-6ed3-4334-b543-3ddfd8c5642d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "7f8730af-f683-423f-9ee1-5f6875a80481", @@ -904,6 +1182,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "1c338d0f-a65e-4073-a5c1-c06878849f21", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "68dca94f-c11d-421e-9287-7c501108e18c", @@ -928,6 +1213,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "211cfe9f-2676-4e1c-a5f5-2c8091da2a68", @@ -945,6 +1237,15 @@ "FakeM" ] }, + "related": [ + { + "dest-uuid": "3b3cbbe0-6ed3-4334-b543-3ddfd8c5642d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "bb3c1098-d654-4620-bf40-694386d28921", "value": "FakeM - S0076" }, @@ -960,6 +1261,15 @@ "SHIPSHAPE" ] }, + "related": [ + { + "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "b1de6916-7a22-4460-8d26-6b5483ffaa2a", "value": "SHIPSHAPE - S0028" }, @@ -983,6 +1293,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "317fefa6-46c7-4062-adb6-2008cf6bcb41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "876f6a77-fbc5-4e13-ab1a-5611986730a3", @@ -1021,6 +1338,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "2f1a9fd0-3b7c-4d77-a358-78db13adbe78", @@ -1052,6 +1376,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "67fc172a-36fa-4a35-88eb-4ba730ed52a6", @@ -1076,6 +1407,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "46944654-fcc1-4f63-9dad-628102376586", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "1d808f62-cf63-4063-9727-ff6132514c22", @@ -1120,6 +1458,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd", @@ -1144,6 +1489,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "9422fc14-1c43-410d-ab0f-a709b76c72dc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "65341f30-bec6-4b1d-8abf-1a5620446c29", @@ -1168,6 +1520,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "0db09158-6e48-4e7c-8ce7-2b10b9c0c039", @@ -1200,6 +1559,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "f108215f-3487-489d-be8b-80e346d32518", @@ -1224,6 +1590,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "3b3cbbe0-6ed3-4334-b543-3ddfd8c5642d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "b143dfa4-e944-43ff-8429-bfffc308c517", @@ -1262,6 +1635,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "9ea525fa-b0a9-4dde-84f2-bcea0137b3c1", @@ -1301,6 +1681,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "326af1cd-78e7-45b7-a326-125d2f7ef8f2", @@ -1325,6 +1712,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "6b616fc1-1505-48e3-8b2c-0d19337bff38", @@ -1342,6 +1736,15 @@ "ZLib" ] }, + "related": [ + { + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "166c0eca-02fd-424a-92c0-6b5106994d31", "value": "ZLib - S0086" }, @@ -1364,6 +1767,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "56fca983-1cf1-4fd1-bda0-5e170a37ab59", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "00c3bfcb-99bd-4767-8c03-b08f585f5c8a", @@ -1392,6 +1802,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "e066bf86-9cfb-407a-9d25-26fd5d91e360", @@ -1412,6 +1829,15 @@ "NetDuke" ] }, + "related": [ + { + "dest-uuid": "3b3cbbe0-6ed3-4334-b543-3ddfd8c5642d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "2daa14d6-cbf3-4308-bb8e-213c324a08e4", "value": "HAMMERTOSS - S0037" }, @@ -1449,6 +1875,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "b42378e0-f147-496f-992a-26a49705395b", @@ -1473,6 +1906,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "4189a679-72ed-4a89-a57c-7f689712ecf8", @@ -1498,6 +1938,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "72f54d66-675d-4587-9bd3-4ed09f9522e4", @@ -1515,6 +1962,15 @@ "POWERSTATS" ] }, + "related": [ + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "e8545794-b98c-492b-a5b3-4b5a02682e37", "value": "POWERSTATS - S0223" }, @@ -1530,6 +1986,15 @@ "Ixeshe" ] }, + "related": [ + { + "dest-uuid": "ad255bfe-a9e6-4b52-a258-8d3462abe842", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "8beac7c2-48d2-4cd9-9b15-6c452f38ac06", "value": "Ixeshe - S0015" }, @@ -1545,6 +2010,15 @@ "BADNEWS" ] }, + "related": [ + { + "dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "e9595678-d269-469e-ae6b-75e49259de63", "value": "BADNEWS - S0128" }, @@ -1560,6 +2034,15 @@ "FLIPSIDE" ] }, + "related": [ + { + "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "0e18b800-906c-4e44-a143-b11c72b3448b", "value": "FLIPSIDE - S0173" }, @@ -1584,6 +2067,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "ff6840c9-4c87-4d07-bbb6-9f50aa33d498", @@ -1608,6 +2098,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "ad4f146f-e3ec-444a-ba71-24bffd7f0f8e", @@ -1635,6 +2132,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "4b74a1d4-b0e9-4ef1-93f1-14ecc6e2f5b5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "b6b3dfc7-9a81-43ff-ac04-698bad48973a", @@ -1656,6 +2160,15 @@ "EuroAPT" ] }, + "related": [ + { + "dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "e6ef745b-077f-42e1-a37d-29eecff9c754", "value": "CozyCar - S0046" }, @@ -1671,6 +2184,15 @@ "Mivast" ] }, + "related": [ + { + "dest-uuid": "9422fc14-1c43-410d-ab0f-a709b76c72dc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "fbb470da-1d44-4f29-bbb3-9efbe20f94a3", "value": "Mivast - S0080" }, @@ -1688,6 +2210,15 @@ "NETWIRE" ] }, + "related": [ + { + "dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "2a70812b-f1ef-44db-8578-a496a227aef2", "value": "NETWIRE - S0198" }, @@ -1703,6 +2234,15 @@ "ISMInjector" ] }, + "related": [ + { + "dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "5be33fef-39c0-4532-84ee-bea31e1b5324", "value": "ISMInjector - S0189" }, @@ -1719,6 +2259,15 @@ "Vasport" ] }, + "related": [ + { + "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "f4d8a2d6-c684-453a-8a14-cf4a94f755c5", "value": "Vasport - S0207" }, @@ -1734,6 +2283,15 @@ "Cherry Picker" ] }, + "related": [ + { + "dest-uuid": "317fefa6-46c7-4062-adb6-2008cf6bcb41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "b2203c59-4089-4ee4-bfe1-28fa25f0dbfe", "value": "Cherry Picker - S0107" }, @@ -1767,6 +2325,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "7343e208-7cab-45f2-a47b-41ba5e2f0fab", @@ -1792,6 +2357,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "48523614-309e-43bf-a2b8-705c2b45d7b2", @@ -1816,6 +2388,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "72b74d71-8169-42aa-92e0-e7b04b9f5a08", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "199463de-d9be-46d6-bb41-07234c1dd5a6", @@ -1840,6 +2419,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "b9f5dbe2-4c55-4fc5-af2e-d42c1d182ec4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e", @@ -1880,6 +2466,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "96b08451-b27a-4ff6-893f-790e26393a8e", @@ -1897,6 +2490,15 @@ "Agent.btz" ] }, + "related": [ + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "40d3e230-ed32-469f-ba89-be70cc08ab39", "value": "Agent.btz - S0092" }, @@ -1919,6 +2521,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "37cc7eb6-12e3-467b-82e8-f20f2cc73c69", @@ -1943,6 +2552,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2", @@ -1967,6 +2583,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "414dc555-c79e-4b24-a2da-9b607f7eaf16", @@ -1994,6 +2617,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "af2ad3b7-ab6a-4807-91fd-51bcaff9acbb", @@ -2018,6 +2648,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "5a84dc36-df0d-4053-9b7c-f0c388a57283", @@ -2048,6 +2685,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "3d8e547d-9456-4f32-a895-dc86134e282f", @@ -2066,6 +2710,15 @@ "Wingbird" ] }, + "related": [ + { + "dest-uuid": "b2001907-166b-4d71-bb3c-9d26c871de09", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "a8d3d497-2da9-4797-8e0b-ed176be08654", "value": "Wingbird - S0176" }, @@ -2082,6 +2735,15 @@ "Nerex" ] }, + "related": [ + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "c251e4a5-9a2e-4166-8e42-442af75c3b9a", "value": "Nerex - S0210" }, @@ -2111,6 +2773,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "4c59cce8-cb48-4141-b9f1-f646edfaadb0", @@ -2128,6 +2797,15 @@ "AutoIt backdoor" ] }, + "related": [ + { + "dest-uuid": "ca1a3f50-5ebd-41f8-8320-2c7d6a6e88be", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "f5352566-1a64-49ac-8f7f-97e1d1a03300", "value": "AutoIt backdoor - S0129" }, @@ -2150,6 +2828,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "09b2cd76-c674-47cc-9f57-d2f2ad150a46", @@ -2169,6 +2854,15 @@ "Win32/Agent.UAW" ] }, + "related": [ + { + "dest-uuid": "52f3d5a6-8a0f-4f82-977e-750abf90d0b0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "0a9c51e0-825d-4b9b-969d-ce86ed8ce3c3", "value": "Power Loader - S0177" }, @@ -2191,6 +2885,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "7dd95ff6-712e-4056-9626-312ea4ab4c5e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "5f9f7648-04ba-4a9f-bb4c-2a13e74572bd", @@ -2215,6 +2916,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "8c553311-0baa-4146-997a-f79acef3d831", @@ -2233,6 +2941,15 @@ "PUNCHBUGGY" ] }, + "related": [ + { + "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "5c6ed2dc-37f4-40ea-b2e1-4c76140a388c", "value": "PUNCHBUGGY - S0196" }, @@ -2249,6 +2966,15 @@ "Matroyshka" ] }, + "related": [ + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "1cc934e4-b01d-4543-a011-b988dfc1a458", "value": "Matroyshka - S0167" }, @@ -2273,6 +2999,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "58adaaa8-f1e8-4606-9a08-422e568461eb", @@ -2299,6 +3032,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "06d735e7-1db1-4dbe-ab4b-acbe419f902b", @@ -2316,6 +3056,15 @@ "Trojan.Karagany" ] }, + "related": [ + { + "dest-uuid": "6ff403bc-93e3-48be-8687-e102fdba8c88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "82cb34ba-02b5-432b-b2d2-07f55cbf674d", "value": "Trojan.Karagany - S0094" }, @@ -2338,6 +3087,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "26fed817-e7bf-41f9-829a-9075ffac45c2", @@ -2388,6 +3144,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "241814ae-de3f-4656-b49e-f9a80764d4b7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "ccd61dfc-b03f-4689-8c18-7c97eab08472", @@ -2413,6 +3176,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "310f437b-29e7-4844-848c-7220868d074a", @@ -2430,6 +3200,15 @@ "MiniDuke" ] }, + "related": [ + { + "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "5e7ef1dc-7fb6-4913-ac75-e06113b59e0c", "value": "MiniDuke - S0051" }, @@ -2452,6 +3231,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "64d76fa5-cf8f-469c-b78c-1a4f7c5bad80", @@ -2485,6 +3271,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "478aa214-2ca7-4ec0-9978-18798e514790", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "7551188b-8f91-4d34-8350-0d0c57b2b913", @@ -2509,6 +3302,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "7dbb67c7-270a-40ad-836e-c45f8948aa5a", @@ -2533,6 +3333,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "b8eb28e4-48a6-40ae-951a-328714f75eda", @@ -2564,6 +3371,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "6ff403bc-93e3-48be-8687-e102fdba8c88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "80a014ba-3fef-4768-990b-37d8bd10d7f4", @@ -2604,6 +3418,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "17e919aa-4a49-445c-b103-dbb8df9e7351", @@ -2628,6 +3449,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "9e2bba94-950b-4fcf-8070-cb3f816c5f4e", @@ -2646,6 +3474,15 @@ "Pasam" ] }, + "related": [ + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "e811ff6a-4cef-4856-a6ae-a7daf9ed39ae", "value": "Pasam - S0208" }, @@ -2662,6 +3499,15 @@ "Trojan.Zeroaccess" ] }, + "related": [ + { + "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "552462b9-ae79-49dd-855c-5973014e157f", "value": "Zeroaccess - S0027" }, @@ -2678,6 +3524,15 @@ "Linfo" ] }, + "related": [ + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "e9e9bfe2-76f4-4870-a2a1-b7af89808613", "value": "Linfo - S0211" }, @@ -2693,6 +3548,15 @@ "Skeleton Key" ] }, + "related": [ + { + "dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "89f63ae4-f229-4a5c-95ad-6f22ed2b5c49", "value": "Skeleton Key - S0007" }, @@ -2717,6 +3581,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "8901ac23-6b50-410c-b0dd-d8174a86f9b3", @@ -2748,6 +3619,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "fece06b7-d4b1-42cf-b81a-5323c917546e", @@ -2766,6 +3644,15 @@ "Briba" ] }, + "related": [ + { + "dest-uuid": "478aa214-2ca7-4ec0-9978-18798e514790", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "79499993-a8d6-45eb-b343-bf58dea5bdde", "value": "Briba - S0204" }, @@ -2795,6 +3682,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "4b74a1d4-b0e9-4ef1-93f1-14ecc6e2f5b5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "495b6cdb-7b5a-4fbc-8d33-e7ef68806d08", @@ -2819,6 +3713,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "56fca983-1cf1-4fd1-bda0-5e170a37ab59", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "0b32ec39-ba61-4864-9ebe-b4b0b73caf9a", @@ -2843,6 +3744,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "8e461ca3-0996-4e6e-a0df-e2a5bbc51ebc", @@ -2868,6 +3776,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "db1355a7-e5c9-4e2c-8da7-eccf2ae9bf5c", @@ -2885,6 +3800,15 @@ "BOOTRASH" ] }, + "related": [ + { + "dest-uuid": "02fefddc-fb1b-423f-a76b-7552dd211d4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "da2ef4a9-7cbe-400a-a379-e2f230f28db3", "value": "BOOTRASH - S0114" }, @@ -2902,6 +3826,15 @@ "China Chopper" ] }, + "related": [ + { + "dest-uuid": "c16e5409-ee53-4d79-afdc-4099dc9292df", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "5a3a31fe-5a8f-48e1-bff0-a753e5b1be70", "value": "China Chopper - S0020" }, @@ -2917,6 +3850,15 @@ "Wiper" ] }, + "related": [ + { + "dest-uuid": "92a78814-b191-47ca-909c-1ccfe3777414", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "a19c49aa-36fe-4c05-b817-23e1c7a7d085", "value": "Wiper - S0041" }, @@ -2932,6 +3874,15 @@ "Unknown Logger" ] }, + "related": [ + { + "dest-uuid": "2e0dd10b-676d-4964-acd0-8a404c92b044", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "ab3580c8-8435-4117-aace-3d9fbe46aa56", "value": "Unknown Logger - S0130" }, @@ -2954,6 +3905,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "88c621a7-aef9-4ae0-94e3-1fc87123eb24", @@ -2978,6 +3936,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "0852567d-7958-4f4b-8947-4f840ec8d57d", @@ -3002,6 +3967,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "eff1a885-6f90-42a1-901f-eef6e7a1905e", @@ -3076,6 +4048,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "60c18d06-7b91-4742-bae3-647845cd9d81", @@ -3107,6 +4086,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "9ca488bd-9587-48ef-b923-1743523e63b2", @@ -3133,6 +4119,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "a19e86f8-1c0a-4fea-8407-23b73d615776", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "69d6f4a9-fcf0-4f51-bca7-597c51ad0bb8", @@ -3157,6 +4150,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "53d47b09-09c2-4015-8d37-6633ecd53f79", @@ -3174,6 +4174,15 @@ "FLASHFLOOD" ] }, + "related": [ + { + "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "43213480-78f7-4fb3-976f-d48f5f6a4c2a", "value": "FLASHFLOOD - S0036" }, @@ -3189,6 +4198,15 @@ "TINYTYPHON" ] }, + "related": [ + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "85b39628-204a-48d2-b377-ec368cbcb7ca", "value": "TINYTYPHON - S0131" }, @@ -3212,6 +4230,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "76abb3ef-dafd-4762-97cb-a35379429db4", @@ -3238,6 +4263,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "67e6d66b-1b82-4699-b47a-e2efb6268d14", @@ -3269,6 +4301,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "0ced8926-914e-4c78-bc93-356fb90dbd1f", @@ -3305,6 +4344,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "d54416bd-0803-41ca-870a-ce1af7c05638", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "fb575479-14ef-41e9-bfab-0b7cf10bec73", @@ -3336,6 +4382,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "3240cbe4-c550-443b-aa76-cc2a7058b870", @@ -3353,6 +4406,15 @@ "S-Type" ] }, + "related": [ + { + "dest-uuid": "970cdb5c-02fb-4c38-b17e-d6327cf3c810", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "66b1dcde-17a0-4c7b-95fa-b08d430c2131", "value": "S-Type - S0085" }, @@ -3367,6 +4429,15 @@ "Chaos" ] }, + "related": [ + { + "dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "5bcd5511-6756-4824-a692-e8bb109364af", "value": "Chaos - S0220" }, @@ -3396,6 +4467,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "cafd0bf8-2b9c-46c7-ae3c-3e0f42c5062e", @@ -3413,6 +4491,15 @@ "RemoteCMD" ] }, + "related": [ + { + "dest-uuid": "54a649ff-439a-41a4-9856-8d144a2551ba", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "4e6b9625-bbda-4d96-a652-b3bb45453f26", "value": "RemoteCMD - S0166" }, @@ -3442,6 +4529,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "241814ae-de3f-4656-b49e-f9a80764d4b7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "63c2a130-8a5b-452f-ad96-07cf0af12ffe", @@ -3461,6 +4555,15 @@ "Gameover ZeuS" ] }, + "related": [ + { + "dest-uuid": "ad255bfe-a9e6-4b52-a258-8d3462abe842", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "b2c5d3ca-b43a-4888-ad8d-e2d43497bf85", "value": "P2P ZeuS - S0016" }, @@ -3487,6 +4590,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "46944654-fcc1-4f63-9dad-628102376586", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "a5528622-3a8a-4633-86ce-8cdaf8423858", @@ -3519,6 +4629,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "da5880b4-f7da-4869-85f2-e0aba84b8565", @@ -3550,6 +4667,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "e906ae4d-1d3a-4675-be23-22f7311c0da4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "5e595477-2e78-4ce7-ae42-e0b059b17808", @@ -3566,6 +4690,15 @@ "adbupd" ] }, + "related": [ + { + "dest-uuid": "e906ae4d-1d3a-4675-be23-22f7311c0da4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "0f1ad2ef-41d4-4b7a-9304-ddae68ea3005", "value": "adbupd - S0202" }, @@ -3589,6 +4722,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "196f1f32-e0c2-4d46-99cd-234d4b6befe1", @@ -3608,6 +4748,15 @@ "Truvasys" ] }, + "related": [ + { + "dest-uuid": "9422fc14-1c43-410d-ab0f-a709b76c72dc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "691c60e2-273d-4d56-9ce6-b67e0f8719ad", "value": "Truvasys - S0178" }, @@ -3639,6 +4788,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "d3afa961-a80c-4043-9509-282cdf69ab21", @@ -3663,6 +4819,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "d519cfd5-f3a8-43a9-a846-ed0bb40672b1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "92ec0cbd-2c30-44a2-b270-73f4ec949841", @@ -3680,6 +4843,15 @@ "CallMe" ] }, + "related": [ + { + "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "cb7bcf6f-085f-41db-81ee-4b68481661b5", "value": "CallMe - S0077" }, @@ -3696,6 +4868,15 @@ "HIDEDRV" ] }, + "related": [ + { + "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "e669bb87-f773-4c7b-bfcc-a9ffebfdd8d4", "value": "HIDEDRV - S0135" }, @@ -3711,6 +4892,15 @@ "Mis-Type" ] }, + "related": [ + { + "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "e1161124-f22e-487f-9d5f-ed8efc8dcd61", "value": "Mis-Type - S0084" }, @@ -3733,6 +4923,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "95047f03-4811-4300-922e-1ba937d53a61", @@ -3751,6 +4948,15 @@ "ASPXTool" ] }, + "related": [ + { + "dest-uuid": "c16e5409-ee53-4d79-afdc-4099dc9292df", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "56f46b17-8cfa-46c0-b501-dd52fef394e2", "value": "ASPXSpy - S0073" }, @@ -3765,6 +4971,15 @@ "Dipsind" ] }, + "related": [ + { + "dest-uuid": "514ede4c-78b3-4d78-a38b-daddf6217a79", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "e170995d-4f61-4f17-b60e-04f9a06ee517", "value": "Dipsind - S0200" }, @@ -3780,6 +4995,15 @@ "SEASHARPEE" ] }, + "related": [ + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "0998045d-f96e-4284-95ce-3c8219707486", "value": "SEASHARPEE - S0185" }, @@ -3796,6 +5020,15 @@ "Sykipot" ] }, + "related": [ + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "6a0ef5d4-fc7c-4dda-85d7-592e4dbdc5d9", "value": "Sykipot - S0018" }, @@ -3818,6 +5051,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "e48df773-7c95-4a4c-ba70-ea3d15900148", @@ -3835,6 +5075,15 @@ "OSInfo" ] }, + "related": [ + { + "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "f6d1d2cb-12f5-4221-9636-44606ea1f3f8", "value": "OSInfo - S0165" }, @@ -3850,6 +5099,15 @@ "HOMEFRY" ] }, + "related": [ + { + "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "7451bcf9-e6e6-4a70-bc3d-1599173d0035", "value": "HOMEFRY - S0232" }, @@ -3873,6 +5131,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "f2e8c7a1-cae1-45c4-baf0-6f21bdcbb2c2", @@ -3890,6 +5155,15 @@ "Emissary" ] }, + "related": [ + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "0f862b01-99da-47cc-9bdb-db4a86a95bb1", "value": "Emissary - S0082" }, @@ -3907,6 +5181,15 @@ "PSVC" ] }, + "related": [ + { + "dest-uuid": "7dd95ff6-712e-4056-9626-312ea4ab4c5e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "c4de7d83-e875-4c88-8b5d-06c41e5b7e79", "value": "PUNCHTRACK - S0197" }, @@ -3924,6 +5207,15 @@ "PhotoMiner" ] }, + "related": [ + { + "dest-uuid": "246fd3c7-f5e3-466d-8787-4c13d9e3b61c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "17dec760-9c8f-4f1b-9b4b-0ac47a453234", "value": "Miner-C - S0133" }, @@ -3946,6 +5238,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "687c23e4-4e25-4ee7-a870-c5e002511f54", @@ -3964,6 +5263,15 @@ "Backdoor.APT.FakeWinHTTPHelper" ] }, + "related": [ + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "123bd7b3-675c-4b1a-8482-c55782b20e2b", "value": "BUBBLEWRAP - S0043" }, @@ -3986,6 +5294,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "ba8e391f-14b5-496f-81f2-2d5ecd646c1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "800bdfba-6d66-480f-9f45-15845c05cb5d", @@ -4010,6 +5325,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421", @@ -4028,6 +5350,15 @@ "Backdoor.Nidiran" ] }, + "related": [ + { + "dest-uuid": "4b74a1d4-b0e9-4ef1-93f1-14ecc6e2f5b5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "9e9b9415-a7df-406b-b14d-92bfe6809fbe", "value": "Nidiran - S0118" }, @@ -4043,6 +5374,15 @@ "Trojan.Mebromi" ] }, + "related": [ + { + "dest-uuid": "6856ddd6-2df3-4379-8b87-284603c189c3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "c5e9cb46-aced-466c-85ea-7db5572ad9ec", "value": "Trojan.Mebromi - S0001" }, @@ -4065,6 +5405,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322", @@ -4082,6 +5429,15 @@ "OwaAuth" ] }, + "related": [ + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "a60657fa-e2e7-4f8f-8128-a882534ae8c5", "value": "OwaAuth - S0072" }, @@ -4097,6 +5453,15 @@ "ROCKBOOT" ] }, + "related": [ + { + "dest-uuid": "02fefddc-fb1b-423f-a76b-7552dd211d4d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "cba78a1c-186f-4112-9e6a-be1839f030f7", "value": "ROCKBOOT - S0112" }, @@ -4112,6 +5477,15 @@ "MURKYTOP" ] }, + "related": [ + { + "dest-uuid": "72b74d71-8169-42aa-92e0-e7b04b9f5a08", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "049ff071-0b3c-4712-95d2-d21c6aa54501", "value": "MURKYTOP - S0233" }, @@ -4134,6 +5508,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "b136d088-a829-432c-ac26-5529c26d4c7e", @@ -4150,6 +5531,15 @@ "JPIN" ] }, + "related": [ + { + "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "de6cb631-52f6-4169-a73b-7965390b0c30", "value": "JPIN - S0201" }, @@ -4165,6 +5555,15 @@ "LOWBALL" ] }, + "related": [ + { + "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "2a6f4c7b-e690-4cc7-ab6b-1f821fb6b80b", "value": "LOWBALL - S0042" }, @@ -4181,6 +5580,15 @@ "Wiarp" ] }, + "related": [ + { + "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "039814a0-88de-46c5-a4fb-b293db21880a", "value": "Wiarp - S0206" }, @@ -4197,6 +5605,15 @@ "BLACKCOFFEE" ] }, + "related": [ + { + "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "d69c8146-ab35-4d50-8382-6fc80e641d43", "value": "BLACKCOFFEE - S0069" }, @@ -4229,6 +5646,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "94379dec-5c87-49db-b36e-66abc0b81344", @@ -4258,6 +5682,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "7dd95ff6-712e-4056-9626-312ea4ab4c5e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "9752aef4-a1f3-4328-929f-b64eb0536090", @@ -4293,6 +5724,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "6b62e336-176f-417b-856a-8552dd8c44e1", @@ -4319,6 +5757,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "3b3cbbe0-6ed3-4334-b543-3ddfd8c5642d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "251fbae2-78f6-4de7-84f6-194c727a64ad", @@ -4343,6 +5788,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "7bec698a-7e20-4fd3-bb6a-12787770fb1a", @@ -4424,6 +5876,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "8ae43c46-57ef-47d5-a77a-eebb35628db2", @@ -4441,9 +5900,18 @@ "ELMER" ] }, + "related": [ + { + "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "3cab1b76-2f40-4cd0-8d2c-7ed16eeb909c", "value": "ELMER - S0064" } ], - "version": 6 -} + "version": 7 +} \ No newline at end of file diff --git a/clusters/mitre-enterprise-attack-tool.json b/clusters/mitre-enterprise-attack-tool.json index be28260..7ca5e71 100644 --- a/clusters/mitre-enterprise-attack-tool.json +++ b/clusters/mitre-enterprise-attack-tool.json @@ -28,6 +28,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "f44731de-ea9f-406d-9b83-30ecbb9b4392", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "96fd6cc4-a693-4118-83ec-619e5352d07d", @@ -46,6 +53,15 @@ "at.exe" ] }, + "related": [ + { + "dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "0c8465c0-d0b4-4670-992e-4eee8d7ff952", "value": "at - S0110" }, @@ -62,6 +78,15 @@ "route.exe" ] }, + "related": [ + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "c11ac61d-50f4-444f-85d8-6f006067f0de", "value": "route - S0103" }, @@ -77,6 +102,15 @@ "Tasklist" ] }, + "related": [ + { + "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "2e45723a-31da-4a7e-aaa6-e01998a6788f", "value": "Tasklist - S0057" }, @@ -93,6 +127,15 @@ "WCE" ] }, + "related": [ + { + "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "242f3da3-4425-4d11-8f5c-b842886da966", "value": "Windows Credential Editor - S0005" }, @@ -108,6 +151,15 @@ "Responder" ] }, + "related": [ + { + "dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "a1dd2dbd-1550-44bf-abcc-1a4c52e97719", "value": "Responder - S0174" }, @@ -124,6 +176,15 @@ "schtasks.exe" ] }, + "related": [ + { + "dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "c9703cd3-141c-43a0-a926-380082be5d04", "value": "schtasks - S0111" }, @@ -146,6 +207,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "ca1a3f50-5ebd-41f8-8320-2c7d6a6e88be", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "102c3898-85e0-43ee-ae28-62a0a3ed9507", @@ -163,6 +231,15 @@ "ifconfig" ] }, + "related": [ + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "362dc67f-4e85-4562-9dac-1b6b7f3ec4b5", "value": "ifconfig - S0101" }, @@ -178,6 +255,15 @@ "BITSAdmin" ] }, + "related": [ + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "64764dc6-a032-495f-8250-1e4c06bdc163", "value": "BITSAdmin - S0190" }, @@ -201,6 +287,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", @@ -218,6 +311,15 @@ "xCmd" ] }, + "related": [ + { + "dest-uuid": "f44731de-ea9f-406d-9b83-30ecbb9b4392", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "4fa49fc0-9162-4bdb-a37e-7aa3dcb6d38b", "value": "xCmd - S0123" }, @@ -233,6 +335,15 @@ "MimiPenguin" ] }, + "related": [ + { + "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "5a33468d-844d-4b1f-98c9-0e786c556b27", "value": "MimiPenguin - S0179" }, @@ -248,6 +359,15 @@ "SDelete" ] }, + "related": [ + { + "dest-uuid": "1b84d551-6de8-4b96-9930-d177677c3b1d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "d8d19e33-94fd-4aa3-b94a-08ee801a2153", "value": "SDelete - S0195" }, @@ -264,6 +384,15 @@ "systeminfo.exe" ] }, + "related": [ + { + "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1", "value": "Systeminfo - S0096" }, @@ -280,6 +409,15 @@ "netsh.exe" ] }, + "related": [ + { + "dest-uuid": "241814ae-de3f-4656-b49e-f9a80764d4b7", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "5a63f900-5e7e-4928-a746-dd4558e1df71", "value": "netsh - S0108" }, @@ -296,6 +434,15 @@ "dsquery.exe" ] }, + "related": [ + { + "dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "38952eac-cb1b-4a71-bad2-ee8223a1c8fe", "value": "dsquery - S0105" }, @@ -318,6 +465,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "b07c2c47-fefb-4d7c-a69e-6a3296171f54", @@ -336,6 +490,15 @@ "ping.exe" ] }, + "related": [ + { + "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "b77b563c-34bb-4fb8-86a3-3694338f7b47", "value": "Ping - S0097" }, @@ -351,6 +514,15 @@ "Fgdump" ] }, + "related": [ + { + "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "4f45dfeb-fe51-4df0-8db3-edf7dd0513fe", "value": "Fgdump - S0120" }, @@ -366,6 +538,15 @@ "Lslsass" ] }, + "related": [ + { + "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "2fab555f-7664-4623-b4e0-1675ae38190b", "value": "Lslsass - S0121" }, @@ -381,6 +562,15 @@ "Pass-The-Hash Toolkit" ] }, + "related": [ + { + "dest-uuid": "c23b740b-a42b-47a1-aec2-9d48ddd547ff", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "a52edc76-328d-4596-85e7-d56ef5a9eb69", "value": "Pass-The-Hash Toolkit - S0122" }, @@ -397,6 +587,15 @@ "ftp.exe" ] }, + "related": [ + { + "dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "cf23bf4a-e003-4116-bbae-1ea6c558d565", "value": "FTP - S0095" }, @@ -413,6 +612,15 @@ "ipconfig.exe" ] }, + "related": [ + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "294e2560-bd48-44b2-9da2-833b5588ad11", "value": "ipconfig - S0100" }, @@ -429,6 +637,15 @@ "nbtstat.exe" ] }, + "related": [ + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "b35068ec-107a-4266-bda8-eb7036267aea", "value": "nbtstat - S0102" }, @@ -452,6 +669,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "d5e96a35-7b0b-4c6a-9533-d63ecbda563e", @@ -469,6 +693,15 @@ "Tor" ] }, + "related": [ + { + "dest-uuid": "7d751199-05fa-4a72-920f-85df4506c76c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68", "value": "Tor - S0183" }, @@ -485,6 +718,15 @@ "netstat.exe" ] }, + "related": [ + { + "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "4664b683-f578-434f-919b-1c1aad2a1111", "value": "netstat - S0104" }, @@ -500,6 +742,15 @@ "pwdump" ] }, + "related": [ + { + "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "9de2308e-7bed-43a3-8e58-f194b3586700", "value": "pwdump - S0006" }, @@ -515,6 +766,15 @@ "Cachedump" ] }, + "related": [ + { + "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "c9cd7ec9-40b7-49db-80be-1399eddd9c52", "value": "Cachedump - S0119" }, @@ -530,6 +790,15 @@ "Forfiles" ] }, + "related": [ + { + "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "90ec2b22-7061-4469-b539-0989ec4f96c2", "value": "Forfiles - S0193" }, @@ -547,6 +816,15 @@ "net.exe" ] }, + "related": [ + { + "dest-uuid": "b6075259-dba3-44e9-87c7-e954f37ec0d5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "03342581-f790-4f03-ba41-e82e67392e23", "value": "Net - S0039" }, @@ -570,6 +848,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "ffe742ed-9100-4686-9e00-c331da544787", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", @@ -595,6 +880,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "0a68f1f1-da74-4d28-8d9a-696c082706cc", @@ -613,6 +905,15 @@ "arp.exe" ] }, + "related": [ + { + "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "30489451-5886-4c46-90c9-0dff9adc5252", "value": "Arp - S0099" }, @@ -632,6 +933,15 @@ "cmd.exe" ] }, + "related": [ + { + "dest-uuid": "56fca983-1cf1-4fd1-bda0-5e170a37ab59", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "bba595da-b73a-4354-aa6c-224d4de7cb4e", "value": "cmd - S0106" }, @@ -647,6 +957,15 @@ "Havij" ] }, + "related": [ + { + "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "fbd727ea-c0dc-42a9-8448-9e12962d1ab5", "value": "Havij - S0224" }, @@ -664,6 +983,15 @@ "PowerSploit" ] }, + "related": [ + { + "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "13cd9151-83b7-410d-9f98-25d0f0d1d80d", "value": "PowerSploit - S0194" }, @@ -678,6 +1006,15 @@ "meek" ] }, + "related": [ + { + "dest-uuid": "1ce03c65-5946-4ac9-9d4d-66db87e024bd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "65370d0b-3bd4-4653-8cf9-daf56f6be830", "value": "meek - S0175" }, @@ -695,6 +1032,15 @@ "reg.exe" ] }, + "related": [ + { + "dest-uuid": "2edd9d6a-5674-4326-a600-ba56de467286", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "cde2d700-9ed1-46cf-9bce-07364fe8b24f", "value": "Reg - S0075" }, @@ -710,6 +1056,15 @@ "spwebmember" ] }, + "related": [ + { + "dest-uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "33b9e38f-103c-412d-bdcf-904a91fff1e4", "value": "spwebmember - S0227" }, @@ -732,6 +1087,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "cb69b20d-56d0-41ab-8440-4a4b251614d4", @@ -749,6 +1111,15 @@ "sqlmap" ] }, + "related": [ + { + "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "9a2640c2-9f43-46fe-b13f-bde881e55555", "value": "sqlmap - S0225" }, @@ -785,6 +1156,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "aafea02e-ece5-4bb2-91a6-3bf8c7f38a39", @@ -802,9 +1180,18 @@ "Invoke-PSImage" ] }, + "related": [ + { + "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "b52d6583-14a2-4ddc-8527-87fd2142558f", "value": "Invoke-PSImage - S0231" } ], - "version": 6 -} + "version": 7 +} \ No newline at end of file diff --git a/clusters/mitre-mobile-attack-course-of-action.json b/clusters/mitre-mobile-attack-course-of-action.json index 63b5548..ad091ce 100644 --- a/clusters/mitre-mobile-attack-course-of-action.json +++ b/clusters/mitre-mobile-attack-course-of-action.json @@ -13,6 +13,15 @@ "meta": { "external_id": "MOB-M1010" }, + "related": [ + { + "dest-uuid": "9d7c32f4-ab39-49dc-8055-8106bc2294a1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "cf2cccb1-cab8-431a-8ecf-f7874d05f433", "value": "Deploy Compromised Device Detection Method - MOB-M1010" }, @@ -21,6 +30,15 @@ "meta": { "external_id": "MOB-M1014" }, + "related": [ + { + "dest-uuid": "fb3fa94a-3aee-4ab0-b7e7-abdf0a51286d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "e829ee51-1caf-4665-ba15-7f8979634124", "value": "Interconnection Filtering - MOB-M1014" }, @@ -29,6 +47,15 @@ "meta": { "external_id": "MOB-M1008" }, + "related": [ + { + "dest-uuid": "702055ac-4e54-4ae9-9527-e23a38e0b160", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "d2a199d2-dfea-4d0c-987d-6195ed17be9c", "value": "Use Device-Provided Credential Storage - MOB-M1008" }, @@ -37,6 +64,15 @@ "meta": { "external_id": "MOB-M1006" }, + "related": [ + { + "dest-uuid": "a0464539-e1b7-4455-a355-12495987c300", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "0beabf44-e8d8-4ae4-9122-ef56369a2564", "value": "Use Recent OS Version - MOB-M1006" }, @@ -45,6 +81,15 @@ "meta": { "external_id": "MOB-M1001" }, + "related": [ + { + "dest-uuid": "f296fc9c-2ff5-43ee-941e-6b49c438270a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "bcecd036-f40e-4916-9f8e-fd0ccf0ece8d", "value": "Security Updates - MOB-M1001" }, @@ -53,6 +98,15 @@ "meta": { "external_id": "MOB-M1003" }, + "related": [ + { + "dest-uuid": "46d818a5-67fa-4585-a7fc-ecf15376c8d5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "8ccd428d-39da-4e8f-a55b-d48ea1d56e58", "value": "Lock Bootloader - MOB-M1003" }, @@ -61,6 +115,15 @@ "meta": { "external_id": "MOB-M1004" }, + "related": [ + { + "dest-uuid": "c5089859-b21f-40a3-8be4-63e381b8b1c0", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "7b1cf46f-784b-405a-a8dd-4624c19d8321", "value": "System Partition Integrity - MOB-M1004" }, @@ -69,6 +132,15 @@ "meta": { "external_id": "MOB-M1002" }, + "related": [ + { + "dest-uuid": "46d818a5-67fa-4585-a7fc-ecf15376c8d5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "ff4821f6-5afb-481b-8c0f-26c28c0d666c", "value": "Attestation - MOB-M1002" }, @@ -77,6 +149,15 @@ "meta": { "external_id": "MOB-M1007" }, + "related": [ + { + "dest-uuid": "8e27551a-5080-4148-a584-c64348212e4f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "e944670c-d03a-4e93-a21c-b3d4c53ec4c9", "value": "Caution with Device Administrator Access - MOB-M1007" }, @@ -85,6 +166,15 @@ "meta": { "external_id": "MOB-M1013" }, + "related": [ + { + "dest-uuid": "29e07491-8947-43a3-8d4e-9a787c45f3d3", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "25dc1ce8-eb55-4333-ae30-a7cb4f5894a1", "value": "Application Developer Guidance - MOB-M1013" }, @@ -93,6 +183,15 @@ "meta": { "external_id": "MOB-M1005" }, + "related": [ + { + "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "1553b156-6767-47f7-9eb4-2a692505666d", "value": "Application Vetting - MOB-M1005" }, @@ -101,6 +200,15 @@ "meta": { "external_id": "MOB-M1011" }, + "related": [ + { + "dest-uuid": "a0464539-e1b7-4455-a355-12495987c300", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "653492e3-27be-4a0e-b08c-938dd2b7e0e1", "value": "User Guidance - MOB-M1011" }, @@ -109,6 +217,15 @@ "meta": { "external_id": "MOB-M1012" }, + "related": [ + { + "dest-uuid": "51aedbd6-2837-4d15-aeb0-cb09f2bf22ac", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "649f7268-4c12-483b-ac84-4b7bca9fe2ee", "value": "Enterprise Policy - MOB-M1012" }, @@ -117,9 +234,18 @@ "meta": { "external_id": "MOB-M1009" }, + "related": [ + { + "dest-uuid": "393e8c12-a416-4575-ba90-19cc85656796", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "mitigates" + } + ], "uuid": "8220b57e-c400-4525-bf69-f8edc6b389a8", "value": "Encrypt Network Traffic - MOB-M1009" } ], - "version": 3 -} + "version": 4 +} \ No newline at end of file diff --git a/clusters/mitre-mobile-attack-malware.json b/clusters/mitre-mobile-attack-malware.json index 7539090..58ad3eb 100644 --- a/clusters/mitre-mobile-attack-malware.json +++ b/clusters/mitre-mobile-attack-malware.json @@ -27,6 +27,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "a3dad2be-ce62-4440-953b-00fbce7aba93", @@ -44,6 +51,15 @@ "Trojan-SMS.AndroidOS.Agent.ao" ] }, + "related": [ + { + "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "a1867c56-8c86-455a-96ad-b0d5f7e2bc17", "value": "Trojan-SMS.AndroidOS.Agent.ao - MOB-S0023" }, @@ -65,6 +81,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "667e5707-3843-4da8-bd34-88b922526f0d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "507fe748-5e4a-4b45-9e9f-8b1115f4e878", @@ -82,6 +105,15 @@ "KeyRaider" ] }, + "related": [ + { + "dest-uuid": "3b0b604f-10db-41a0-b54c-493124d455b9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "3bc1f0ad-ef11-4afc-83c0-fcffe08d4e50", "value": "KeyRaider - MOB-S0004" }, @@ -98,6 +130,15 @@ "BrainTest" ] }, + "related": [ + { + "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "e13d084c-382f-40fd-aa9a-98d69e20301e", "value": "BrainTest - MOB-S0009" }, @@ -123,6 +164,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "c80a6bef-b3ce-44d0-b113-946e93124898", @@ -140,6 +188,15 @@ "DressCode" ] }, + "related": [ + { + "dest-uuid": "22379609-a99f-4a01-bd7e-70f3e105859d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "ff742eeb-1f90-4f5a-8b92-9d40fffd99ca", "value": "DressCode - MOB-S0016" }, @@ -156,6 +213,15 @@ "Adups" ] }, + "related": [ + { + "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "f6ac21b6-2592-400c-8472-10d0e2f1bfaf", "value": "Adups - MOB-S0025" }, @@ -186,6 +252,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "33d9d91d-aad9-49d5-a516-220ce101ac8a", @@ -203,6 +276,15 @@ "RuMMS" ] }, + "related": [ + { + "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "936be60d-90eb-4c36-9247-4b31128432c4", "value": "RuMMS - MOB-S0029" }, @@ -225,6 +307,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "f981d199-2720-467e-9dc9-eea04dbe05cf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "c8770c81-c29f-40d2-a140-38544206b2b4", @@ -242,6 +331,15 @@ "Trojan-SMS.AndroidOS.OpFake.a" ] }, + "related": [ + { + "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "d89c132d-7752-4c7f-9372-954a71522985", "value": "Trojan-SMS.AndroidOS.OpFake.a - MOB-S0024" }, @@ -264,6 +362,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "317a2c10-d489-431e-b6b2-f0251fddc88e", @@ -281,6 +386,15 @@ "MazarBOT" ] }, + "related": [ + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "5ddf81ea-2c06-497b-8c30-5f1ab89a40f9", "value": "MazarBOT - MOB-S0019" }, @@ -297,6 +411,15 @@ "Gooligan" ] }, + "related": [ + { + "dest-uuid": "702055ac-4e54-4ae9-9527-e23a38e0b160", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "20d56cd6-8dff-4871-9889-d32d254816de", "value": "Gooligan - MOB-S0006" }, @@ -312,6 +435,15 @@ "OldBoot" ] }, + "related": [ + { + "dest-uuid": "46d818a5-67fa-4585-a7fc-ecf15376c8d5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "2074b2ad-612e-4758-adce-7901c1b49bbc", "value": "OldBoot - MOB-S0001" }, @@ -333,6 +465,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "326eaf7b-5784-4f08-8fc2-61fd5d5bc5fb", @@ -351,6 +490,15 @@ "DroidJack RAT" ] }, + "related": [ + { + "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1", "value": "DroidJack RAT - MOB-S0036" }, @@ -366,6 +514,15 @@ "HummingWhale" ] }, + "related": [ + { + "dest-uuid": "f981d199-2720-467e-9dc9-eea04dbe05cf", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "6447e3a1-ef4d-44b1-99d5-6b1c4888674f", "value": "HummingWhale - MOB-S0037" }, @@ -381,6 +538,15 @@ "ANDROIDOS_ANSERVER.A" ] }, + "related": [ + { + "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "4bf6ba32-4165-42c1-b911-9c36165891c8", "value": "ANDROIDOS_ANSERVER.A - MOB-S0026" }, @@ -396,6 +562,15 @@ "Trojan-SMS.AndroidOS.FakeInst.a" ] }, + "related": [ + { + "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "28e39395-91e7-4f02-b694-5e079c964da9", "value": "Trojan-SMS.AndroidOS.FakeInst.a - MOB-S0022" }, @@ -411,6 +586,15 @@ "NotCompatible" ] }, + "related": [ + { + "dest-uuid": "22379609-a99f-4a01-bd7e-70f3e105859d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "23040c15-e7d8-47b5-8c16-8fd3e0e297fe", "value": "NotCompatible - MOB-S0015" }, @@ -454,6 +638,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "a93ccb8f-3996-42e2-b7c7-bb599d4e205f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "56660521-6db4-4e5a-a927-464f22954b7c", @@ -471,6 +662,15 @@ "Twitoor" ] }, + "related": [ + { + "dest-uuid": "6a3f6490-9c44-40de-b059-e5940f246673", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "41e3fd01-7b83-471f-835d-d2b1dc9a770c", "value": "Twitoor - MOB-S0018" }, @@ -486,6 +686,15 @@ "OBAD" ] }, + "related": [ + { + "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "ca4f63b9-a358-4214-bb26-8c912318cfde", "value": "OBAD - MOB-S0002" }, @@ -501,6 +710,15 @@ "Android/Chuli.A" ] }, + "related": [ + { + "dest-uuid": "1f96d624-8409-4472-ad8a-30618ee6b2e2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "d05f7357-4cbe-47ea-bf83-b8604226d533", "value": "Android/Chuli.A - MOB-S0020" }, @@ -516,6 +734,15 @@ "PJApps" ] }, + "related": [ + { + "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "c709da93-20c3-4d17-ab68-48cba76b2137", "value": "PJApps - MOB-S0007" }, @@ -531,6 +758,15 @@ "AndroidOverlayMalware" ] }, + "related": [ + { + "dest-uuid": "3dd58c80-4c2e-458c-9503-1b2cd273c4d2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "b6d3657a-2d6a-400f-8b7e-4d60391aa1f7", "value": "AndroidOverlayMalware - MOB-S0012" }, @@ -546,6 +782,15 @@ "ZergHelper" ] }, + "related": [ + { + "dest-uuid": "b765efd1-02e6-4e67-aebf-0fef5c37e54b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "3c3b55a6-c3e9-4043-8aae-283fe96220c0", "value": "ZergHelper - MOB-S0003" }, @@ -561,6 +806,15 @@ "SpyNote RAT" ] }, + "related": [ + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "20dbaf05-59b8-4dc6-8777-0b17f4553a23", "value": "SpyNote RAT - MOB-S0021" }, @@ -576,6 +830,15 @@ "RCSAndroid" ] }, + "related": [ + { + "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "363bc05d-13cb-4e98-a5b7-e250f2bbdc2b", "value": "RCSAndroid - MOB-S0011" }, @@ -598,6 +861,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "d1c600f8-0fb6-4367-921b-85b71947d950", @@ -614,6 +884,15 @@ "YiSpecter" ] }, + "related": [ + { + "dest-uuid": "51aedbd6-2837-4d15-aeb0-cb09f2bf22ac", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "a15c9357-2be0-4836-beec-594f28b9b4a9", "value": "YiSpecter - MOB-S0027" }, @@ -645,6 +924,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "93799a9d-3537-43d8-b6f4-17215de1657c", @@ -663,9 +949,18 @@ "XcodeGhost" ] }, + "related": [ + { + "dest-uuid": "c4b96c0b-cb58-497a-a1c2-bb447d79d692", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "d9e07aea-baad-4b68-bdca-90c77647d7f9", "value": "XcodeGhost - MOB-S0013" } ], - "version": 5 -} + "version": 6 +} \ No newline at end of file diff --git a/clusters/mitre-mobile-attack-tool.json b/clusters/mitre-mobile-attack-tool.json index b1f4c97..e895d9a 100644 --- a/clusters/mitre-mobile-attack-tool.json +++ b/clusters/mitre-mobile-attack-tool.json @@ -41,11 +41,18 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "da21929e-40c0-443d-bdf4-6b60d15448b4", "value": "Xbot - MOB-S0014" } ], - "version": 5 -} + "version": 6 +} \ No newline at end of file diff --git a/clusters/mitre-pre-attack-attack-pattern.json b/clusters/mitre-pre-attack-attack-pattern.json index 20ebdb2..6e2f84c 100644 --- a/clusters/mitre-pre-attack-attack-pattern.json +++ b/clusters/mitre-pre-attack-attack-pattern.json @@ -33,6 +33,15 @@ "https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1108" ] }, + "related": [ + { + "dest-uuid": "e6ca2820-a564-4b74-b42a-b6bdf052e5b6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "related-to" + } + ], "uuid": "72c8d526-1247-42d4-919c-6d7a31ca8f39", "value": "Obfuscate infrastructure - PRE-T1108" }, @@ -173,6 +182,15 @@ "https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1025" ] }, + "related": [ + { + "dest-uuid": "7718e92f-b011-4f88-b822-ae245a1de407", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "related-to" + } + ], "uuid": "c721b235-679a-4d76-9ae9-e08921fccf84", "value": "Identify job postings and needs/gaps - PRE-T1025" }, @@ -369,6 +387,15 @@ "https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1077" ] }, + "related": [ + { + "dest-uuid": "96eb59d1-6c46-44bb-bfcd-56be02a00d41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "related-to" + } + ], "uuid": "7baccb84-356c-4e89-8c5d-58e701f033fc", "value": "Analyze organizational skillsets and deficiencies - PRE-T1077" }, @@ -439,6 +466,15 @@ "https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1026" ] }, + "related": [ + { + "dest-uuid": "af358cad-eb71-4e91-a752-236edc237dae", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "related-to" + } + ], "uuid": "74a3288e-eee9-4f8e-973a-fbc128e033f1", "value": "Conduct social engineering - PRE-T1026" }, @@ -453,6 +489,15 @@ "https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1106" ] }, + "related": [ + { + "dest-uuid": "286cc500-4291-45c2-99a1-e760db176402", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "related-to" + } + ], "uuid": "795c1a92-3a26-453e-b99a-6a566aa94dc6", "value": "Acquire and/or use 3rd party infrastructure services - PRE-T1106" }, @@ -481,6 +526,15 @@ "https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1074" ] }, + "related": [ + { + "dest-uuid": "092f05e3-f7c0-4cd2-91be-3a8d6ed3cadc", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "related-to" + } + ], "uuid": "96eb59d1-6c46-44bb-bfcd-56be02a00d41", "value": "Analyze organizational skillsets and deficiencies - PRE-T1074" }, @@ -509,6 +563,15 @@ "https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1109" ] }, + "related": [ + { + "dest-uuid": "e5164428-03ca-4336-a9a7-4d9ea1417e59", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "related-to" + } + ], "uuid": "03f4a766-7a21-4b5e-9ccf-e0cf422ab983", "value": "Acquire or compromise 3rd party signing certificates - PRE-T1109" }, @@ -593,6 +656,15 @@ "https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1023" ] }, + "related": [ + { + "dest-uuid": "7860e21e-7514-4a3f-8a9d-56405ccfdb0c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "related-to" + } + ], "uuid": "78e41091-d10d-4001-b202-89612892b6ff", "value": "Identify supply chains - PRE-T1023" }, @@ -635,6 +707,15 @@ "https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1060" ] }, + "related": [ + { + "dest-uuid": "5b6ce031-bb86-407a-9984-2b9700ac4549", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "related-to" + } + ], "uuid": "73e7d7d5-1782-4cd0-a4d7-00c7ec051c2a", "value": "Identify business relationships - PRE-T1060" }, @@ -747,6 +828,15 @@ "https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1049" ] }, + "related": [ + { + "dest-uuid": "73e7d7d5-1782-4cd0-a4d7-00c7ec051c2a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "related-to" + } + ], "uuid": "5b6ce031-bb86-407a-9984-2b9700ac4549", "value": "Identify business relationships - PRE-T1049" }, @@ -803,6 +893,15 @@ "https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1088" ] }, + "related": [ + { + "dest-uuid": "54eb2bab-125f-4d1c-b999-0c692860bafe", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "related-to" + } + ], "uuid": "20a66013-8dab-4ca3-a67d-766c842c561c", "value": "Dynamic DNS - PRE-T1088" }, @@ -929,6 +1028,15 @@ "https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1037" ] }, + "related": [ + { + "dest-uuid": "dfa4eaf4-50d9-49de-89e9-d33f579f3e05", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "related-to" + } + ], "uuid": "856a9371-4f0f-4ea9-946e-f3144204240f", "value": "Determine 3rd party infrastructure services - PRE-T1037" }, @@ -957,6 +1065,15 @@ "https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1141" ] }, + "related": [ + { + "dest-uuid": "103d72e6-7e0d-4b3a-9373-c38567305c33", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "related-to" + } + ], "uuid": "eacd1efe-ee30-4b03-b58f-5b3b1adfe45d", "value": "Friend/Follow/Connect to targets of interest - PRE-T1141" }, @@ -1027,6 +1144,15 @@ "https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1084" ] }, + "related": [ + { + "dest-uuid": "795c1a92-3a26-453e-b99a-6a566aa94dc6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "related-to" + } + ], "uuid": "286cc500-4291-45c2-99a1-e760db176402", "value": "Acquire and/or use 3rd party infrastructure services - PRE-T1084" }, @@ -1265,6 +1391,15 @@ "https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1055" ] }, + "related": [ + { + "dest-uuid": "c721b235-679a-4d76-9ae9-e08921fccf84", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "related-to" + } + ], "uuid": "7718e92f-b011-4f88-b822-ae245a1de407", "value": "Identify job postings and needs/gaps - PRE-T1055" }, @@ -1279,6 +1414,15 @@ "https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1056" ] }, + "related": [ + { + "dest-uuid": "af358cad-eb71-4e91-a752-236edc237dae", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "related-to" + } + ], "uuid": "a757670d-d600-48d9-8ae9-601d42c184a5", "value": "Conduct social engineering - PRE-T1056" }, @@ -1293,6 +1437,15 @@ "https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1053" ] }, + "related": [ + { + "dest-uuid": "59369f72-3005-4e54-9095-3d00efcece73", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "related-to" + } + ], "uuid": "7860e21e-7514-4a3f-8a9d-56405ccfdb0c", "value": "Identify supply chains - PRE-T1053" }, @@ -1321,6 +1474,15 @@ "https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1111" ] }, + "related": [ + { + "dest-uuid": "4900fabf-1142-4c1f-92f5-0b590e049077", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "related-to" + } + ], "uuid": "e51398e6-53dc-4e9f-a323-e54683d8672b", "value": "Compromise 3rd party infrastructure to support delivery - PRE-T1111" }, @@ -1335,6 +1497,15 @@ "https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1086" ] }, + "related": [ + { + "dest-uuid": "72c8d526-1247-42d4-919c-6d7a31ca8f39", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "related-to" + } + ], "uuid": "e6ca2820-a564-4b74-b42a-b6bdf052e5b6", "value": "Obfuscate infrastructure - PRE-T1086" }, @@ -1517,6 +1688,15 @@ "https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1121" ] }, + "related": [ + { + "dest-uuid": "eacd1efe-ee30-4b03-b58f-5b3b1adfe45d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "related-to" + } + ], "uuid": "103d72e6-7e0d-4b3a-9373-c38567305c33", "value": "Friend/Follow/Connect to targets of interest - PRE-T1121" }, @@ -1559,6 +1739,15 @@ "https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1054" ] }, + "related": [ + { + "dest-uuid": "2b9a666e-bd59-4f67-9031-ed41b428e04a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "related-to" + } + ], "uuid": "028ad431-84c5-4eb7-a364-2b797c234f88", "value": "Acquire OSINT data sets and information - PRE-T1054" }, @@ -1629,6 +1818,15 @@ "https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1061" ] }, + "related": [ + { + "dest-uuid": "856a9371-4f0f-4ea9-946e-f3144204240f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "related-to" + } + ], "uuid": "dfa4eaf4-50d9-49de-89e9-d33f579f3e05", "value": "Determine 3rd party infrastructure services - PRE-T1061" }, @@ -1657,6 +1855,15 @@ "https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1089" ] }, + "related": [ + { + "dest-uuid": "e51398e6-53dc-4e9f-a323-e54683d8672b", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "related-to" + } + ], "uuid": "4900fabf-1142-4c1f-92f5-0b590e049077", "value": "Compromise 3rd party infrastructure to support delivery - PRE-T1089" }, @@ -1769,6 +1976,15 @@ "https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1087" ] }, + "related": [ + { + "dest-uuid": "03f4a766-7a21-4b5e-9ccf-e0cf422ab983", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "related-to" + } + ], "uuid": "e5164428-03ca-4336-a9a7-4d9ea1417e59", "value": "Acquire or compromise 3rd party signing certificates - PRE-T1087" }, @@ -1881,6 +2097,15 @@ "https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1024" ] }, + "related": [ + { + "dest-uuid": "2b9a666e-bd59-4f67-9031-ed41b428e04a", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "related-to" + } + ], "uuid": "784ff1bc-1483-41fe-a172-4cd9ae25c06b", "value": "Acquire OSINT data sets and information - PRE-T1024" }, @@ -1895,6 +2120,15 @@ "https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1085" ] }, + "related": [ + { + "dest-uuid": "488da8ed-2887-4ef6-a39a-5b69bc6682c6", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "related-to" + } + ], "uuid": "1a295f87-af63-4d94-b130-039d6221fb11", "value": "Acquire and/or use 3rd party software services - PRE-T1085" }, @@ -1923,6 +2157,15 @@ "https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1044" ] }, + "related": [ + { + "dest-uuid": "7718e92f-b011-4f88-b822-ae245a1de407", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "related-to" + } + ], "uuid": "0722cd65-0c83-4c89-9502-539198467ab1", "value": "Identify job postings and needs/gaps - PRE-T1044" }, @@ -1951,6 +2194,15 @@ "https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1107" ] }, + "related": [ + { + "dest-uuid": "1a295f87-af63-4d94-b130-039d6221fb11", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "related-to" + } + ], "uuid": "488da8ed-2887-4ef6-a39a-5b69bc6682c6", "value": "Acquire and/or use 3rd party software services - PRE-T1107" }, @@ -1979,6 +2231,15 @@ "https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1110" ] }, + "related": [ + { + "dest-uuid": "20a66013-8dab-4ca3-a67d-766c842c561c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "related-to" + } + ], "uuid": "54eb2bab-125f-4d1c-b999-0c692860bafe", "value": "Dynamic DNS - PRE-T1110" }, @@ -2021,6 +2282,15 @@ "https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1043" ] }, + "related": [ + { + "dest-uuid": "028ad431-84c5-4eb7-a364-2b797c234f88", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "related-to" + } + ], "uuid": "2b9a666e-bd59-4f67-9031-ed41b428e04a", "value": "Acquire OSINT data sets and information - PRE-T1043" }, @@ -2077,6 +2347,15 @@ "https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1066" ] }, + "related": [ + { + "dest-uuid": "96eb59d1-6c46-44bb-bfcd-56be02a00d41", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "related-to" + } + ], "uuid": "092f05e3-f7c0-4cd2-91be-3a8d6ed3cadc", "value": "Analyze organizational skillsets and deficiencies - PRE-T1066" }, @@ -2147,6 +2426,15 @@ "https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1042" ] }, + "related": [ + { + "dest-uuid": "7860e21e-7514-4a3f-8a9d-56405ccfdb0c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "related-to" + } + ], "uuid": "59369f72-3005-4e54-9095-3d00efcece73", "value": "Identify supply chains - PRE-T1042" }, @@ -2357,6 +2645,15 @@ "https://attack.mitre.org/pre-attack/index.php/Technique/PRE-T1045" ] }, + "related": [ + { + "dest-uuid": "74a3288e-eee9-4f8e-973a-fbc128e033f1", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "related-to" + } + ], "uuid": "af358cad-eb71-4e91-a752-236edc237dae", "value": "Conduct social engineering - PRE-T1045" }, @@ -2445,5 +2742,5 @@ "value": "Data Hiding - PRE-T1097" } ], - "version": 3 -} + "version": 4 +} \ No newline at end of file diff --git a/clusters/mitre-pre-attack-intrusion-set.json b/clusters/mitre-pre-attack-intrusion-set.json index ae7fd50..4212740 100644 --- a/clusters/mitre-pre-attack-intrusion-set.json +++ b/clusters/mitre-pre-attack-intrusion-set.json @@ -20,6 +20,15 @@ "APT16" ] }, + "related": [ + { + "dest-uuid": "3cab1b76-2f40-4cd0-8d2c-7ed16eeb909c", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" + } + ], "uuid": "d6e88e18-81e8-4709-82d8-973095da1e70", "value": "APT16 - G0023" }, @@ -59,6 +68,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "62b8c999-dcc0-4755-bd69-09442d9359f5", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", @@ -142,6 +158,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063", @@ -170,6 +193,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "8beac7c2-48d2-4cd9-9b15-6c452f38ac06", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "c47f937f-1022-4f42-8525-e7a4779a14cb", @@ -197,6 +227,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "1608f3e1-598a-42f4-a01a-2e252e81728f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662", @@ -223,6 +260,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "88c621a7-aef9-4ae0-94e3-1fc87123eb24", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8", @@ -269,11 +313,18 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "d69c8146-ab35-4d50-8382-6fc80e641d43", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "uses" } ], "uuid": "090242d7-73fc-4738-af68-20162f7a5aae", "value": "APT17 - G0025" } ], - "version": 4 -} + "version": 5 +} \ No newline at end of file diff --git a/tools/mitre-cti/v2.0/create_mitre-enterprise-attack-relationship_galaxy.py b/tools/mitre-cti/v2.0/create_mitre-enterprise-attack-relationship_galaxy.py deleted file mode 100644 index ea372f5..0000000 --- a/tools/mitre-cti/v2.0/create_mitre-enterprise-attack-relationship_galaxy.py +++ /dev/null @@ -1,102 +0,0 @@ -#!/usr/bin/env python -# -*- coding: utf-8 -*- - -import json -import re -import os -import argparse - -parser = argparse.ArgumentParser(description='Create a couple galaxy/cluster with cti\'s relationship\nMust be in the mitre/cti/enterprise-attack/relationship folder') -parser.add_argument("-v", "--version", type=int, required=True, help="Version of the galaxy. Please increment the previous one") -args = parser.parse_args() - -values = [] - -path = "relationship/" -for element in os.listdir(path): - with open(path+element) as json_data: - d = json.load(json_data) - json_data.close() - - temp = d['objects'][0] - source = temp['source_ref'] - target = temp['target_ref'] - relationship = temp['relationship_type'] - - if source.startswith('attack-pattern'): - paths = "attack-pattern/" - elif source.startswith('course-of-action'): - paths = "course-of-action/" - elif source.startswith('identity'): - paths = "identity/" - elif source.startswith('intrusion-set'): - paths = "intrusion-set/" - elif source.startswith('malware'): - paths = "malware/" - elif source.startswith('marking-definition'): - paths = "marking-definition/" - elif source.startswith('tool'): - paths = "tool/" - else: - print('Invalid value') - continue - - with open(paths+source+'.json') as json_data: - s = json.load(json_data) - json_data.close() - - if target.startswith('attack-pattern'): - patht = "attack-pattern/" - elif target.startswith('course-of-action'): - patht = "course-of-action/" - elif target.startswith('identity'): - patht = "identity/" - elif target.startswith('intrusion-set'): - patht = "intrusion-set/" - elif target.startswith('malware'): - patht = "malware/" - elif target.startswith('marking-definition'): - patht = "marking-definition/" - elif target.startswith('tool'): - patht = "tool/" - else: - print('Invalid value') - continue - - with open(patht+target+'.json') as json_data: - t = json.load(json_data) - json_data.close() - - value = {} - value['meta'] = {} - value['uuid'] = re.search('--(.*)$', temp['id']).group(0)[2:] - value['meta']['source-uuid'] = re.search('--(.*)$', s['objects'][0]['id']).group(0)[2:] - value['meta']['target-uuid'] = re.search('--(.*)$', t['objects'][0]['id']).group(0)[2:] - value['value'] = s['objects'][0]['name'] + ' (' + s['objects'][0]['external_references'][0]['external_id'] + ') ' + relationship + ' ' + t['objects'][0]['name'] + ' (' + t['objects'][0]['external_references'][0]['external_id'] + ')' - # value['value'] = s['objects'][0]['name'] + ' ' + relationship + ' ' + t['objects'][0]['name'] - values.append(value) - -galaxy = {} -galaxy['name'] = "Enterprise Attack - Relationship" -galaxy['type'] = "mitre-enterprise-attack-relationship" -galaxy['description'] = "Mitre Relationship" -galaxy['uuid' ] = "fc404638-1707-11e8-a5cf-b78b9b562766" -galaxy['version'] = args.version -galaxy['icon'] = "link" -galaxy['namespace'] = "mitre-attack" - -cluster = {} -cluster['name'] = "Enterprise Attack - Relationship" -cluster['type'] = "mitre-enterprise-attack-relationship" -cluster['description'] = "MITRE Relationship" -cluster['version'] = args.version -cluster['source'] = "https://github.com/mitre/cti" -cluster['uuid' ] = "fc605f90-1707-11e8-9d6a-9f165ac2ab5c" -cluster['authors'] = ["MITRE"] -cluster['values'] = values - -with open('generate/galaxies/mitre-enterprise-attack-relationship.json', 'w') as galaxy_file: - json.dump(galaxy, galaxy_file, indent=4) - -with open('generate/clusters/mitre-enterprise-attack-relationship.json', 'w') as cluster_file: - json.dump(cluster, cluster_file, indent=4) diff --git a/tools/mitre-cti/v2.0/create_mitre-mobile-attack-relationship_galaxy.py b/tools/mitre-cti/v2.0/create_mitre-mobile-attack-relationship_galaxy.py deleted file mode 100644 index 98906a8..0000000 --- a/tools/mitre-cti/v2.0/create_mitre-mobile-attack-relationship_galaxy.py +++ /dev/null @@ -1,101 +0,0 @@ -#!/usr/bin/env python -# -*- coding: utf-8 -*- - -import json -import re -import os -import argparse - -parser = argparse.ArgumentParser(description='Create a couple galaxy/cluster with cti\'s relationship\nMust be in the mitre/cti/mobile-attack/relationship folder') -parser.add_argument("-v", "--version", type=int, required=True, help="Version of the galaxy. Please increment the previous one") -args = parser.parse_args() - -values = [] - -path = "relationship/" -for element in os.listdir(path): - with open(path+element) as json_data: - d = json.load(json_data) - json_data.close() - - temp = d['objects'][0] - source = temp['source_ref'] - target = temp['target_ref'] - relationship = temp['relationship_type'] - - if source.startswith('attack-pattern'): - paths = "attack-pattern/" - elif source.startswith('course-of-action'): - paths = "course-of-action/" - elif source.startswith('identity'): - paths = "identity/" - elif source.startswith('intrusion-set'): - paths = "intrusion-set/" - elif source.startswith('malware'): - paths = "malware/" - elif source.startswith('marking-definition'): - paths = "marking-definition/" - elif source.startswith('tool'): - paths = "tool/" - else: - print('Invalid value') - continue - - with open(paths+source+'.json') as json_data: - s = json.load(json_data) - json_data.close() - - if target.startswith('attack-pattern'): - patht = "attack-pattern/" - elif target.startswith('course-of-action'): - patht = "course-of-action/" - elif target.startswith('identity'): - patht = "identity/" - elif target.startswith('intrusion-set'): - patht = "intrusion-set/" - elif target.startswith('malware'): - patht = "malware/" - elif target.startswith('marking-definition'): - patht = "marking-definition/" - elif target.startswith('tool'): - patht = "tool/" - else: - print('Invalid value') - continue - - with open(patht+target+'.json') as json_data: - t = json.load(json_data) - json_data.close() - - value = {} - value['meta'] = {} - value['uuid'] = re.search('--(.*)$', temp['id']).group(0)[2:] - value['meta']['source-uuid'] = re.search('--(.*)$', s['objects'][0]['id']).group(0)[2:] - value['meta']['target-uuid'] = re.search('--(.*)$', t['objects'][0]['id']).group(0)[2:] - value['value'] = s['objects'][0]['name'] + ' (' + s['objects'][0]['external_references'][0]['external_id'] + ') ' + relationship + ' ' + t['objects'][0]['name'] + ' (' + t['objects'][0]['external_references'][0]['external_id'] + ')' - values.append(value) - -galaxy = {} -galaxy['name'] = "Mobile Attack - Relationship" -galaxy['type'] = "mitre-mobile-attack-relationship" -galaxy['description'] = "Mitre Relationship" -galaxy['uuid' ] = "fc8471aa-1707-11e8-b306-33cbe96a1ede" -galaxy['version'] = args.version -galaxy['icon'] = "link" -galaxy['namespace'] = "mitre-attack" - -cluster = {} -cluster['name'] = "Mobile Attack - Relationship" -cluster['type'] = "mitre-mobile-attack-relationship" -cluster['description'] = "MITRE Relationship" -cluster['version'] = args.version -cluster['source'] = "https://github.com/mitre/cti" -cluster['uuid' ] = "02f1fc42-1708-11e8-a4f2-eb70472c5901" -cluster['authors'] = ["MITRE"] -cluster['values'] = values - -with open('generate/galaxies/mitre-mobile-attack-relationship.json', 'w') as galaxy_file: - json.dump(galaxy, galaxy_file, indent=4) - -with open('generate/clusters/mitre-mobile-attack-relationship.json', 'w') as cluster_file: - json.dump(cluster, cluster_file, indent=4) diff --git a/tools/mitre-cti/v2.0/create_mitre-pre-attack-relationship_galaxy.py b/tools/mitre-cti/v2.0/create_mitre-pre-attack-relationship_galaxy.py deleted file mode 100644 index 42ba2c9..0000000 --- a/tools/mitre-cti/v2.0/create_mitre-pre-attack-relationship_galaxy.py +++ /dev/null @@ -1,102 +0,0 @@ -#!/usr/bin/env python -# -*- coding: utf-8 -*- - -import json -import re -import os -import argparse - -parser = argparse.ArgumentParser(description='Create a couple galaxy/cluster with cti\'s relationship\nMust be in the mitre/cti/pre-attack/relationship folder') -parser.add_argument("-v", "--version", type=int, required=True, help="Version of the galaxy. Please increment the previous one") -args = parser.parse_args() - -values = [] - -path = "relationship/" -for element in os.listdir(path): - with open(path+element) as json_data: - d = json.load(json_data) - json_data.close() - - temp = d['objects'][0] - source = temp['source_ref'] - target = temp['target_ref'] - relationship = temp['relationship_type'] - - if source.startswith('attack-pattern'): - paths = "attack-pattern/" - elif source.startswith('course-of-action'): - paths = "course-of-action/" - elif source.startswith('identity'): - paths = "identity/" - elif source.startswith('intrusion-set'): - paths = "intrusion-set/" - elif source.startswith('malware'): - paths = "malware/" - elif source.startswith('marking-definition'): - paths = "marking-definition/" - elif source.startswith('tool'): - paths = "tool/" - else: - print('Invalid value') - continue - - with open(paths+source+'.json') as json_data: - s = json.load(json_data) - json_data.close() - - if target.startswith('attack-pattern'): - patht = "attack-pattern/" - elif target.startswith('course-of-action'): - patht = "course-of-action/" - elif target.startswith('identity'): - patht = "identity/" - elif target.startswith('intrusion-set'): - patht = "intrusion-set/" - elif target.startswith('malware'): - patht = "malware/" - elif target.startswith('marking-definition'): - patht = "marking-definition/" - elif target.startswith('tool'): - patht = "tool/" - else: - print('Invalid value') - continue - - with open(patht+target+'.json') as json_data: - t = json.load(json_data) - json_data.close() - - value = {} - value['meta'] = {} - value['uuid'] = re.search('--(.*)$', temp['id']).group(0)[2:] - value['meta']['source-uuid'] = re.search('--(.*)$', s['objects'][0]['id']).group(0)[2:] - value['meta']['target-uuid'] = re.search('--(.*)$', t['objects'][0]['id']).group(0)[2:] - value['value'] = s['objects'][0]['name'] + ' (' + s['objects'][0]['external_references'][0]['external_id'] + ') ' + relationship + ' ' + t['objects'][0]['name'] + ' (' + t['objects'][0]['external_references'][0]['external_id'] + ')' - # value['value'] = s['objects'][0]['name'] + ' ' + relationship + ' ' + t['objects'][0]['name'] - values.append(value) - -galaxy = {} -galaxy['name'] = "Pre Attack - Relationship" -galaxy['type'] = "mitre-pre-attack-relationship" -galaxy['description'] = "Mitre Relationship" -galaxy['uuid' ] = "1f8e3bae-1708-11e8-8e97-4bd2150e5aae" -galaxy['version'] = args.version -galaxy['icon'] = "link" -galaxy['namespace'] = "mitre-attack" - -cluster = {} -cluster['name'] = "Pre Attack - Relationship" -cluster['type'] = "mitre-pre-attack-relationship" -cluster['description'] = "MITRE Relationship" -cluster['version'] = args.version -cluster['source'] = "https://github.com/mitre/cti" -cluster['uuid' ] = "1ffd3108-1708-11e8-9f98-67b378d9094c" -cluster['authors'] = ["MITRE"] -cluster['values'] = values - -with open('generate/galaxies/mitre-pre-attack-relationship.json', 'w') as galaxy_file: - json.dump(galaxy, galaxy_file, indent=4) - -with open('generate/clusters/mitre-pre-attack-relationship.json', 'w') as cluster_file: - json.dump(cluster, cluster_file, indent=4) diff --git a/tools/mitre-cti/v2.0/create_mitre_relationships.py b/tools/mitre-cti/v2.0/create_mitre_relationships.py new file mode 100755 index 0000000..2aa87fe --- /dev/null +++ b/tools/mitre-cti/v2.0/create_mitre_relationships.py @@ -0,0 +1,97 @@ +#!/usr/bin/env python3 + + +import json +import re +import os +import argparse + +parser = argparse.ArgumentParser(description='Create a couple galaxy/cluster with cti\'s relationship\nMust be in the mitre/cti/enterprise-attack/relationship folder') +parser.add_argument("-p", "--path", required=True, help="Path of the mitre/cti folder") +args = parser.parse_args() + + + +# read out all clusters and map them based on uuid + + +# build a mapping between uuids and Clusters +clusters = [] +pathClusters = '../../../clusters' +for f in os.listdir(pathClusters): + if '.json' in f: + clusters.append(f) +clusters.sort() + +cluster_uuids = {} +for cluster in clusters: + fullPathClusters = os.path.join(pathClusters, cluster) + with open(fullPathClusters) as fp: + c = json.load(fp) + for v in c['values']: + if 'uuid' not in v: + continue + cluster_uuids[v['uuid']] = cluster + + +# read out all STIX mappings and store them in a list +stix_relations = {} +for subfolder in ['mobile-attack', 'pre-attack', 'enterprise-attack']: + curr_dir = os.path.join(args.path, subfolder, 'relationship') + for stix_fname in os.listdir(curr_dir): + with open(os.path.join(curr_dir, stix_fname)) as f: + json_data = json.load(f) + for o in json_data['objects']: + rel_type = o['relationship_type'] + dest_uuid = re.findall(r'--([0-9a-f-]+)', o['target_ref']).pop() + uuid = re.findall(r'--([0-9a-f-]+)', o['source_ref']).pop() + tags = [] + galaxy_fname = cluster_uuids[uuid] + # print("{} \t {} \t {} \t {}".format(rel_type, uuid, dest_uuid, galaxy_fname)) + if not stix_relations.get(galaxy_fname): + stix_relations[galaxy_fname] = {} + stix_relations[galaxy_fname][uuid] = { + "dest-uuid": dest_uuid, + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": rel_type + } + + +# for each correlation per galaxy-file , +# open the file, +# add the relationship, +# and save the galaxy file +for galaxy_fname, relations in stix_relations.items(): + print("############# {}".format(galaxy_fname)) + with open(os.path.join(pathClusters, galaxy_fname)) as f_in: + file_json = json.load(f_in) + + for k, v in relations.items(): + # print("{} \t {}".format(k, v)) + for cluster in file_json['values']: + if cluster['uuid'] == k: + # skip if mapping already exists + skip = False + if 'related' in cluster: + for r in cluster['related']: + if r['dest-uuid'] == v['dest-uuid']: + print(" Mapping already exists! skipping... {}".format(v)) + skip = True + break + if skip: + break + if 'related' not in cluster: + cluster['related'] = [] + cluster['related'].append(v) + print(" Adding mapping: {}".format(v)) + break + + # increment version + file_json['version'] += 1 + + with open(os.path.join(pathClusters, galaxy_fname), 'w') as f_out: + json.dump(file_json, f_out, indent=2, sort_keys=True, ensure_ascii=False) + + file_json = None