mirror of https://github.com/MISP/misp-galaxy
Compare commits
1493 Commits
Author | SHA1 | Date |
---|---|---|
Alexandre Dulaunoy | 3a96da7b8f | |
Alexandre Dulaunoy | 585a9714db | |
Mathieu Beligon | 32b9051873 | |
Mathieu Béligon | 9e602a977f | |
Mathieu Béligon | e97ecd46b0 | |
Alexandre Dulaunoy | 3c3aade83e | |
Alexandre Dulaunoy | f3a145c96f | |
Alexandre Dulaunoy | 7310ac2c14 | |
Alexandre Dulaunoy | 5afaf4b066 | |
Mathieu4141 | d172320fad | |
Mathieu4141 | e17f2eda0c | |
Mathieu4141 | 754a9b08f8 | |
Mathieu4141 | 6fe19ac915 | |
Daniel Plohmann | d0d0733701 | |
dependabot[bot] | 8eb46a1e5a | |
Alexandre Dulaunoy | 1d5af5c245 | |
Alexandre Dulaunoy | 2fa94fad66 | |
Alexandre Dulaunoy | fe3fead459 | |
Alexandre Dulaunoy | adc70d09e7 | |
Christophe Vandeplas | fd8b906055 | |
Christophe Vandeplas | f3838f4550 | |
Christophe Vandeplas | 28c00d6541 | |
Alexandre Dulaunoy | 71f219c9ea | |
Christophe Vandeplas | 93fa68f4a4 | |
Christophe Vandeplas | 25a1776258 | |
Alexandre Dulaunoy | 894946f25d | |
Alexandre Dulaunoy | 51e4f50221 | |
dependabot[bot] | bb91602380 | |
Alexandre Dulaunoy | 66499aaa60 | |
Mathieu4141 | 303eb8a0d6 | |
Mathieu4141 | fc2b5abb6a | |
Alexandre Dulaunoy | ef73b3779a | |
Rony | 72402ce38b | |
Rony | e71398bbd5 | |
Rony | 3d5c61a8ef | |
Alexandre Dulaunoy | e97c01101a | |
Mathieu4141 | dd14938a49 | |
Mathieu4141 | 2bf2bad2a9 | |
Alexandre Dulaunoy | c8c55a84b7 | |
Delta-Sierra | 3c20f87966 | |
Alexandre Dulaunoy | 5559aeee47 | |
Delta-Sierra | 0e3bab72d9 | |
Delta-Sierra | 177fadbc10 | |
Delta-Sierra | de0b4145c9 | |
Delta-Sierra | 9a2ec1c7e4 | |
Alexandre Dulaunoy | b4f90c7490 | |
Alexandre Dulaunoy | 8c334c8f12 | |
Alexandre Dulaunoy | bac3ba7f49 | |
Alexandre Dulaunoy | 29f419d590 | |
Christophe Vandeplas | 3a4695a906 | |
Christophe Vandeplas | 285892c854 | |
Christophe Vandeplas | 35d9b7bb67 | |
Christophe Vandeplas | 1651787577 | |
Christophe Vandeplas | 83ffa6fa6f | |
Alexandre Dulaunoy | 973eafb521 | |
Mathieu4141 | 2de3357ec0 | |
Mathieu4141 | 337c21be5b | |
Mathieu4141 | 6ca498872a | |
Christophe Vandeplas | 9f1a8a7407 | |
Christophe Vandeplas | fbc6cfcac0 | |
Christophe Vandeplas | d7f25da68c | |
Rony | dd8b317912 | |
Rony | 07cc6be922 | |
Alexandre Dulaunoy | ea5800d028 | |
Alexandre Dulaunoy | af51b636ec | |
Alexandre Dulaunoy | 765634166f | |
Delta-Sierra | b132279a59 | |
Delta-Sierra | ab863a04fb | |
Delta-Sierra | f9e40fc309 | |
Delta-Sierra | ad5992ff3d | |
Alexandre Dulaunoy | 8e8c3fa93d | |
Mathieu Beligon | eed81e9a72 | |
Mathieu Beligon | b68e08de63 | |
Alexandre Dulaunoy | 94aa7e20a2 | |
Alexandre Dulaunoy | 2a6bf0010c | |
Mathieu4141 | 148ff926c0 | |
Mathieu4141 | 640018599a | |
Mathieu4141 | 8d8085530d | |
Mathieu4141 | bf5dd6e382 | |
Mathieu4141 | 64533dba91 | |
Mathieu4141 | 9f33bdc13c | |
Mathieu4141 | b4628a815e | |
Mathieu4141 | 94a76ab5a8 | |
Mathieu4141 | 6870ac7c42 | |
Mathieu4141 | 2cf8b058bb | |
Mathieu4141 | bb09f64e8b | |
Mathieu4141 | 1f67eeadf7 | |
Alexandre Dulaunoy | 40cadf2865 | |
Rony | ff07821cca | |
Rony | d6c0a2110e | |
Alexandre Dulaunoy | ea04301290 | |
Alexandre Dulaunoy | 59e9f48e19 | |
Alexandre Dulaunoy | f6a76ed984 | |
dependabot[bot] | f9d229053f | |
Rony | bfceda0029 | |
Rony | 3bfe5c09a0 | |
Alexandre Dulaunoy | c953d8ee5d | |
gregWDumont | f6d11cacab | |
Christophe Vandeplas | 7d5044ccaf | |
Rony | 605676806b | |
Christophe Vandeplas | 43e543c3f9 | |
Christophe Vandeplas | 1c0beeaecf | |
Christophe Vandeplas | 91827dbe83 | |
Alexandre Dulaunoy | 2d4a03a553 | |
Mathieu4141 | 22bea56895 | |
Mathieu4141 | 541eb4a4a9 | |
Mathieu4141 | 769cd4f47b | |
Mathieu4141 | ab52990840 | |
Mathieu4141 | 120f5c9b3f | |
Rony | bd7a3c90bb | |
Rony | d0a1e04de6 | |
Alexandre Dulaunoy | 1fc03a4173 | |
Delta-Sierra | f7eaa3d9d7 | |
Delta-Sierra | 7e715b63e7 | |
Alexandre Dulaunoy | a297d1fd1c | |
Mathieu4141 | 38d0804f9c | |
Mathieu4141 | bef50816a4 | |
Mathieu4141 | b2e9f6c152 | |
Mathieu4141 | 6490424201 | |
Alexandre Dulaunoy | e18e5c16c6 | |
Christophe Vandeplas | 586b6cc220 | |
Christophe Vandeplas | 819b177278 | |
Christophe Vandeplas | 1114e7a67c | |
Christophe Vandeplas | 1a7a49a5de | |
Christophe Vandeplas | b228ffec38 | |
Christophe Vandeplas | e8bd44693e | |
Christophe Vandeplas | d1928b779e | |
Christophe Vandeplas | 0781aee6ba | |
Christophe Vandeplas | a04abc9505 | |
Christophe Vandeplas | 2b12224aa9 | |
Alexandre Dulaunoy | 5218a996d9 | |
niclas | 48d19c9a24 | |
niclas | c40130eab8 | |
niclas | 53f1c2c311 | |
niclas | 5ffd69f249 | |
Alexandre Dulaunoy | 27be900a9f | |
Alexandre Dulaunoy | 14b67c747d | |
Alexandre Dulaunoy | 5f1b2305cf | |
niclas | 7885a8fd00 | |
niclas | 64803fb28c | |
Alexandre Dulaunoy | 3f3b7984a8 | |
niclas | 65470855b3 | |
niclas | 86f3ada396 | |
niclas | 04c07e4774 | |
niclas | 3ece11b87f | |
niclas | 5d8dbf0d91 | |
niclas | c88253baea | |
niclas | bb28408b14 | |
Daniel Plohmann | 77b7ed2f01 | |
niclas | 0d26334448 | |
Alexandre Dulaunoy | 3f039b5932 | |
Alexandre Dulaunoy | 2eca8cb047 | |
Alexandre Dulaunoy | 3af51c5e0c | |
Delta-Sierra | 5d8d0d294e | |
Delta-Sierra | d9214cff89 | |
niclas | 9ee41f0f14 | |
Alexandre Dulaunoy | b43f9d7b3d | |
niclas | c2cfffc593 | |
niclas | 098f0e6ecd | |
niclas | 4f07fbdcdd | |
niclas | c28a001b4f | |
niclas | 03c6e3cb00 | |
niclas | a3071cf270 | |
niclas | 16366f6893 | |
niclas | a88b3ced33 | |
niclas | 9e78c85124 | |
niclas | 2b383338f0 | |
niclas | b2cc4ccd08 | |
niclas | 050f367c68 | |
niclas | f756c18d1d | |
niclas | 5be77f6c2d | |
niclas | 8e345c3684 | |
niclas | cde860647c | |
niclas | 1a5ccd23a2 | |
Niclas Dauster | 17066667f9 | |
niclas | ab5a95ffc6 | |
Niclas Dauster | 58bdd6c155 | |
niclas | 9514ce7fcd | |
niclas | 94e0b855d1 | |
niclas | 9a0fca647b | |
niclas | 0f3ad79069 | |
Niclas Dauster | 917a01920a | |
niclas | 2301c156d9 | |
Alexandre Dulaunoy | 1561c8cf34 | |
Mathieu4141 | c11834aec4 | |
Mathieu4141 | 39f89c900c | |
Mathieu4141 | cc68b22fe2 | |
Mathieu4141 | 7b3c8a87c3 | |
Mathieu4141 | b010a75426 | |
niclas | 7ff99f5201 | |
niclas | 34b8ce4f3c | |
niclas | 7ad4babe7f | |
niclas | 9bc289a4b1 | |
niclas | d4df918d77 | |
niclas | 0c5b9c8d20 | |
Niclas Dauster | ec0c15b444 | |
niclas | 8be04d62c4 | |
niclas | 7fdabc9f4d | |
Alexandre Dulaunoy | 838f649766 | |
niclas | 5d24d645d3 | |
niclas | b85fd1538e | |
Niclas Dauster | eb8622d213 | |
Niclas Dauster | 8ad3460282 | |
niclas | a0f3ed5873 | |
Alexandre Dulaunoy | cae8b30f30 | |
Delta-Sierra | 7481cce57d | |
Delta-Sierra | 42b3319e69 | |
Delta-Sierra | 8e07569da2 | |
Delta-Sierra | 667263a512 | |
Alexandre Dulaunoy | 39d40a991f | |
Alexandre Dulaunoy | 364b835d8e | |
Alexandre Dulaunoy | efb3c3995a | |
niclas | 5062c61620 | |
Alexandre Dulaunoy | 85d2b416bc | |
niclas | a311ce6a1c | |
niclas | 35b8192208 | |
niclas | 9467e101bf | |
niclas | 9d2dfba0b9 | |
niclas | b9746f2b41 | |
Alexandre Dulaunoy | c51e31e122 | |
dependabot[bot] | faa3ec1955 | |
niclas | 108e43e1ca | |
Alexandre Dulaunoy | b9abc2c13f | |
Mathieu4141 | 9c85cbc223 | |
Mathieu4141 | 82b347682c | |
Mathieu4141 | 4e61e7275a | |
Mathieu4141 | ccfd207e59 | |
Mathieu4141 | 83198aa663 | |
Mathieu4141 | d3f5a26ec0 | |
Mathieu4141 | 6ddf39e1ae | |
Mathieu4141 | 96adf0ba8f | |
niclas | 059de052ad | |
Alexandre Dulaunoy | 31055f0de7 | |
niclas | e90ae3e5d9 | |
niclas | bdd2329163 | |
niclas | a33e9e2a14 | |
Alexandre Dulaunoy | b4ad928722 | |
dependabot[bot] | 9d7bc3b4a2 | |
Alexandre Dulaunoy | 7ed94eb865 | |
Alexandre Dulaunoy | 2eaef99824 | |
jstnk9 | b3a25c57b3 | |
Alexandre Dulaunoy | 7e8d57e741 | |
Delta-Sierra | ef8c6c95eb | |
Alexandre Dulaunoy | a94fd523db | |
niclas | 946b337796 | |
niclas | 401cee30c4 | |
Niclas Dauster | b4d2f038f2 | |
Niclas Dauster | d70ca177d0 | |
niclas | e969b503e9 | |
niclas | 9c397a4b40 | |
Alexandre Dulaunoy | 9cf86925f1 | |
Alexandre Dulaunoy | a3a66916bd | |
niclas | 777ead0170 | |
Mathieu4141 | f4d69382cf | |
Mathieu4141 | ed26f4d246 | |
niclas | 1e60ee58a7 | |
Alexandre Dulaunoy | 8f3c662961 | |
Alexandre Dulaunoy | 0c58c95f6d | |
niclas | 0e1f0db3f7 | |
niclas | 8f93eb9ed6 | |
Alexandre Dulaunoy | e23ec3edb1 | |
Daniel Plohmann | 8a359dbd43 | |
Alexandre Dulaunoy | d7c003ed9c | |
Alexandre Dulaunoy | d1138bf301 | |
niclas | ce55d8799d | |
Delta-Sierra | a8496a939e | |
Delta-Sierra | 4686aae3d5 | |
Delta-Sierra | 6222443b24 | |
niclas | b6ef08a664 | |
Alexandre Dulaunoy | 94051bb5ef | |
niclas | 8e957aae82 | |
niclas | ee834867b7 | |
niclas | 9bd54378a6 | |
Alexandre Dulaunoy | c867adcbf3 | |
Alexandre Dulaunoy | d07c584525 | |
niclas | 9339e68716 | |
Alexandre Dulaunoy | 05496a760e | |
niclas | fa5c85c955 | |
Mathieu4141 | 02bec6da4f | |
Mathieu4141 | 6235ee49f7 | |
Mathieu4141 | c740c6f1e1 | |
Mathieu4141 | f58c20fc20 | |
Mathieu4141 | 9a2e09d86c | |
Mathieu4141 | 5194939603 | |
Mathieu4141 | cc4dca679b | |
Mathieu4141 | baaf153229 | |
Mathieu4141 | 859d3f7ac0 | |
Mathieu4141 | 55083776a0 | |
niclas | 2a4d27e3bb | |
niclas | 8be35cfdb3 | |
Deborah Servili | c5f75d15f1 | |
Delta-Sierra | 8643f5f555 | |
Delta-Sierra | ea16f1811a | |
niclas | be112b6588 | |
niclas | a921d1b192 | |
niclas | 5899d5d5c8 | |
Alexandre Dulaunoy | 29f5a2df07 | |
Mathieu4141 | 957e848a6f | |
Mathieu4141 | 3a44200a0c | |
Mathieu4141 | d2586524e3 | |
Mathieu4141 | 045ec7071f | |
Mathieu4141 | 3a15a27584 | |
Mathieu4141 | c97fc15d59 | |
Mathieu4141 | cff0da0b3a | |
Mathieu4141 | 40becc0ee9 | |
Mathieu4141 | dd01813e51 | |
Mathieu4141 | bffb0ef644 | |
Mathieu4141 | 3379a0777b | |
niclas | 4a26db572c | |
niclas | 71d90c2c77 | |
Alexandre Dulaunoy | b35d4bd07a | |
Alexandre Dulaunoy | 9bd5c32a36 | |
Mathieu4141 | ffeed3447f | |
Mathieu4141 | 9c5bc36ab4 | |
Mathieu4141 | 4699f65425 | |
Mathieu4141 | fc173c1a78 | |
Mathieu4141 | bd0d541a7a | |
Mathieu4141 | 9cb1fd6aa8 | |
Mathieu4141 | 57016ac3ae | |
Mathieu4141 | be8e127590 | |
Mathieu4141 | 40f65a9d91 | |
Mathieu4141 | 3f6ff94c89 | |
Mathieu4141 | 72504d286a | |
Mathieu4141 | 3690ab0e24 | |
Mathieu4141 | a456e419d8 | |
niclas | 710837770f | |
niclas | 9f8c453db7 | |
niclas | c99309e571 | |
niclas | 590a05e3c7 | |
Christophe Vandeplas | ca366fc16a | |
Alexandre Dulaunoy | effee963cc | |
niclas | d357075432 | |
Alexandre Dulaunoy | be02e1c603 | |
Mathieu4141 | e497ec2b38 | |
Mathieu4141 | a42dc67fb6 | |
Mathieu4141 | 1589a943a9 | |
Mathieu4141 | 0b571d7e76 | |
Mathieu4141 | 7607dc70cf | |
Mathieu4141 | eb8db810c0 | |
Mathieu4141 | 991765a1c7 | |
Mathieu4141 | b3f440203a | |
Mathieu4141 | b645975616 | |
Mathieu4141 | fa7709e63c | |
Mathieu4141 | a6c451be2d | |
Mathieu4141 | 3a193291b9 | |
Mathieu4141 | 3fda32a0d6 | |
Mathieu4141 | de04fe33e1 | |
Mathieu4141 | 68e0ffb006 | |
Mathieu4141 | 972ed33536 | |
Mathieu4141 | 83f874da2c | |
Mathieu4141 | 6f61a3fc3e | |
Mathieu4141 | 73d23f6211 | |
Mathieu4141 | ba7137c5a3 | |
Mathieu4141 | 49c3e06605 | |
Mathieu4141 | 43f9587469 | |
Mathieu4141 | ae82f07fd8 | |
Mathieu4141 | 22d3ea5ebf | |
Mathieu4141 | 0dcbc136a7 | |
Mathieu4141 | 44a446c63f | |
Mathieu4141 | 72073b2384 | |
Mathieu4141 | 681784a3ec | |
Mathieu4141 | 475dc88296 | |
Mathieu4141 | 76430b605e | |
Mathieu4141 | ce3a5dd182 | |
Mathieu4141 | ba525e4c54 | |
Mathieu4141 | 447c064477 | |
Mathieu4141 | a1dfeca461 | |
Mathieu4141 | 7a2cfa4f42 | |
Mathieu4141 | 5ffdc0f868 | |
Mathieu4141 | a1ea480023 | |
Mathieu4141 | da57d8c5fd | |
Mathieu4141 | 6fdd037988 | |
Mathieu4141 | 2dc29dc6c7 | |
Mathieu4141 | 5afd682215 | |
Mathieu4141 | 837ce84344 | |
Mathieu4141 | 646206e70a | |
Mathieu4141 | 9e940af919 | |
Mathieu4141 | de63377c99 | |
Mathieu4141 | 42bad34d91 | |
Mathieu4141 | 0668ed368d | |
Mathieu4141 | 9645731e76 | |
Mathieu4141 | f35df2c9fe | |
Mathieu4141 | 8ebdd40e42 | |
Mathieu4141 | 4cbf4353b0 | |
Mathieu4141 | 8d024a52b1 | |
Mathieu4141 | 3d51ce84fb | |
Mathieu4141 | d1dae2085b | |
Mathieu4141 | ac0fdd61ea | |
Mathieu4141 | 9756306d98 | |
Mathieu4141 | 4388309aa0 | |
Mathieu4141 | 05cf259436 | |
Mathieu4141 | c81b10b3f5 | |
Mathieu4141 | 8c5dd8672f | |
Mathieu4141 | 0e47e27879 | |
Mathieu4141 | 1b6a5e8b17 | |
Mathieu4141 | 0ffadd08ec | |
Mathieu4141 | 54a2b4766d | |
Mathieu4141 | d491ae01bf | |
Mathieu4141 | 4cec7a7322 | |
Mathieu4141 | f1d514afc4 | |
Mathieu4141 | 38fea405f5 | |
Mathieu4141 | 550d062c77 | |
Mathieu4141 | 3ed1619c89 | |
Mathieu4141 | 732d00998b | |
Mathieu4141 | 58f3cc2e11 | |
niclas | 5c87f0d720 | |
niclas | aed690df60 | |
niclas | 29b39f55d7 | |
Deborah Servili | 270bc6fb7d | |
Delta-Sierra | 3e5bf4b373 | |
niclas | 590554cb0f | |
niclas | 65b87b53fe | |
niclas | 45bd5f7ddb | |
Alexandre Dulaunoy | 38ddae3e9f | |
Alexandre Dulaunoy | a0497d6aaf | |
Mathieu4141 | 85f22c7d2e | |
Mathieu4141 | 5aa3b62244 | |
Mathieu4141 | 0ca98cd054 | |
niclas | b53616024f | |
niclas | b8b24f74ec | |
Alexandre Dulaunoy | 262b95fa79 | |
Delta-Sierra | 68cd2fca82 | |
Alexandre Dulaunoy | 9f5554ab9f | |
Mathieu4141 | b8a504c174 | |
Mathieu4141 | b61a0a60a2 | |
Mathieu4141 | 95b2a2e188 | |
Mathieu4141 | 412f1885f2 | |
Mathieu4141 | bd7252ccef | |
Mathieu4141 | 3f9bd89958 | |
Christophe Vandeplas | 3f142f52ab | |
Christophe Vandeplas | 6ea968588a | |
Alexandre Dulaunoy | 6a325420bf | |
Mathieu4141 | 16e22180f1 | |
Mathieu4141 | 8c32c674cd | |
Christophe Vandeplas | f9ecc163ea | |
Alexandre Dulaunoy | 552965f731 | |
HiS3 | f710768b05 | |
Alexandre Dulaunoy | 84fc2b2749 | |
Alexandre Dulaunoy | e53c4db1fe | |
Mathieu4141 | 1669da1661 | |
Mathieu4141 | 09b90261ee | |
Mathieu4141 | 97ed1bda8b | |
Mathieu4141 | 273379e5fa | |
Mathieu4141 | fc8db1a4d2 | |
Mathieu4141 | 2c7adf27a0 | |
Mathieu4141 | ce4be94d8b | |
Mathieu4141 | 05f260c9d8 | |
Mathieu4141 | a6564bf61c | |
Mathieu4141 | f0229fbdd2 | |
Alexandre Dulaunoy | c8e8a14b04 | |
Alexandre Dulaunoy | 829271676a | |
Alexandre Dulaunoy | b94f7d7274 | |
Alexandre Dulaunoy | 197aafdf15 | |
Alexandre Dulaunoy | 62070573e1 | |
Alexandre Dulaunoy | 7950022194 | |
Alexandre Dulaunoy | 901f6f0965 | |
Alexandre Dulaunoy | 6e731d38fd | |
Alexandre Dulaunoy | 63bdedff47 | |
Alexandre Dulaunoy | 03db961dd8 | |
Alexandre Dulaunoy | 919bfbce8b | |
Christophe Vandeplas | 645b3ae45a | |
Christophe Vandeplas | bbe7b95f84 | |
Christophe Vandeplas | 3b50d7a605 | |
Christophe Vandeplas | a724ebde83 | |
Alexandre Dulaunoy | d51bddaeff | |
Christophe Vandeplas | e750b1a786 | |
Alexandre Dulaunoy | 6a7d9eb5cc | |
Christophe Vandeplas | ad9f4ee48d | |
Mathieu4141 | 2cd9cf28a2 | |
Mathieu4141 | b6ea7157b4 | |
Mathieu4141 | 38b67da12f | |
Mathieu4141 | 8e53536147 | |
Mathieu4141 | 365bbbe24a | |
Mathieu4141 | a4c56efca8 | |
Mathieu4141 | 8ed4377844 | |
Christophe Vandeplas | f89d886566 | |
Christophe Vandeplas | cd694fff6e | |
Christophe Vandeplas | e62301f5ce | |
Christophe Vandeplas | de62b43520 | |
Christophe Vandeplas | 217e3eb171 | |
Christophe Vandeplas | 1c16ab3786 | |
Christophe Vandeplas | c6b218793f | |
Christophe Vandeplas | bd3934697d | |
Christophe Vandeplas | ae3202be02 | |
Alexandre Dulaunoy | 52ec21a818 | |
Alexandre Dulaunoy | 8c1b7507b3 | |
Alexandre Dulaunoy | c67a257657 | |
Alexandre Dulaunoy | c306125679 | |
Christophe Vandeplas | 88f6711346 | |
Christophe Vandeplas | adb9c2a052 | |
jstnk9 | 0dd2f95a50 | |
Alexandre Dulaunoy | 8ec38b97e4 | |
Mathieu Beligon | 92f9ed1148 | |
Mathieu Beligon | 81c2e4d7fe | |
Mathieu Beligon | 540c71d33b | |
Alexandre Dulaunoy | e5b4209f3a | |
Alexandre Dulaunoy | 30f162675c | |
Alexandre Dulaunoy | 9c230f3705 | |
Alexandre Dulaunoy | fa523b75de | |
Mathieu Beligon | 6f3b85399b | |
Mathieu Beligon | fdac01cd89 | |
Mathieu Beligon | 47f0b31a32 | |
Mathieu Beligon | 228bbcc21d | |
Mathieu Beligon | cf7cdcbc2b | |
Mathieu Beligon | d155f1e05d | |
Mathieu Beligon | 79210345d0 | |
Mathieu Beligon | ebd216e315 | |
Mathieu Beligon | 668fb80aec | |
Mathieu Beligon | 3719022d91 | |
Mathieu Beligon | 69a94b6c1e | |
Mathieu Beligon | b72868b6cd | |
Mathieu Beligon | 7bb3c6ab5c | |
Alexandre Dulaunoy | 094f5b700c | |
Mathieu Beligon | 287a8d49cb | |
Christophe Vandeplas | b0ebc02b19 | |
Alexandre Dulaunoy | 723c062c00 | |
Mathieu4141 | 0391d3f3a5 | |
Mathieu4141 | 44c270e9dc | |
Mathieu4141 | 6c2cb8979f | |
Alexandre Dulaunoy | dbbb075b1c | |
Alexandre Dulaunoy | d3f163e6ac | |
Alexandre Dulaunoy | 09974c3819 | |
Mathieu Beligon | 31562e4701 | |
Mathieu Beligon | 9c02509a28 | |
Mathieu Beligon | 830ded98d3 | |
Mathieu Beligon | d4c2788b87 | |
Mathieu Beligon | 313dd82bb9 | |
Mathieu Beligon | 9c0f18e9b9 | |
Mathieu Beligon | f066061f4b | |
Alexandre Dulaunoy | c2a712d0d4 | |
Alexandre Dulaunoy | ded4162649 | |
semelnyk | 5313f22343 | |
semelnyk | ca67778eb0 | |
semelnyk | 5403d70b69 | |
Alexandre Dulaunoy | 6868b6aaed | |
Delta-Sierra | 0b44ea33f0 | |
Delta-Sierra | 019292a1c1 | |
Delta-Sierra | 53ea633504 | |
Delta-Sierra | 70456bd8ac | |
Alexandre Dulaunoy | d6feab1586 | |
Alexandre Dulaunoy | e88c316e2d | |
Alexandre Dulaunoy | c8fa369d21 | |
Mathieu4141 | 29baf77740 | |
Mathieu4141 | ee2a8bec32 | |
Mathieu4141 | 00ca4c865f | |
Mathieu4141 | 4c9063b772 | |
Mathieu4141 | c4142b2ee7 | |
Mathieu4141 | a08311c5f1 | |
Mathieu4141 | 93d9db10a3 | |
Mathieu4141 | d477275a53 | |
Mathieu4141 | 2ac369ac61 | |
Mathieu4141 | 32a78f3d26 | |
Alexandre Dulaunoy | d98e8d27af | |
Mathieu4141 | fc2cb9e253 | |
Mathieu4141 | a81ac9687f | |
Mathieu4141 | 5b993d2517 | |
Mathieu4141 | d3c15e1652 | |
Mathieu4141 | 3c9f09edfc | |
Mathieu4141 | e333b15063 | |
Mathieu4141 | 68f70a1831 | |
Mathieu4141 | ed0d3c6f57 | |
Mathieu4141 | d3836318a2 | |
Alexandre Dulaunoy | f8d9c86e36 | |
Mathieu4141 | c832066fa5 | |
Mathieu4141 | 6e7e5e60ce | |
Mathieu4141 | 5d6bcf5e55 | |
Mathieu4141 | d365624734 | |
Mathieu4141 | dc9d98ffe9 | |
Mathieu4141 | 941ef757bb | |
Mathieu4141 | ce555828e1 | |
Mathieu4141 | f759525c25 | |
Mathieu4141 | 03d16eba61 | |
Mathieu4141 | 622d67eb38 | |
Alexandre Dulaunoy | 179afe9715 | |
Alexandre Dulaunoy | f14cad8ff3 | |
Alexandre Dulaunoy | 6ab8f62cb8 | |
Alexandre Dulaunoy | b0a5801ae7 | |
Mathieu4141 | 3209c45b42 | |
Mathieu4141 | 247dd86523 | |
Alexandre Dulaunoy | 77462a1dbb | |
semelnyk | 293947d863 | |
Alexandre Dulaunoy | a0c8787f1c | |
Daniel Plohmann | 99b23e31a3 | |
Alexandre Dulaunoy | 553a7f836d | |
Mathieu4141 | 28e02d308f | |
Mathieu4141 | b3584d5f9c | |
Mathieu4141 | a3802487a4 | |
Mathieu4141 | cf895b3b20 | |
Mathieu4141 | 775451488d | |
Mathieu4141 | 91e5c37a40 | |
Mathieu4141 | dc054efb62 | |
Mathieu4141 | 59930c1b0b | |
Mathieu4141 | 9ff1b1d2e3 | |
Mathieu4141 | 7b7ffa4532 | |
Alexandre Dulaunoy | 563ef36986 | |
Mathieu4141 | f5b7ad5478 | |
Mathieu4141 | 23b95c50d5 | |
Mathieu4141 | b59b270500 | |
Alexandre Dulaunoy | 89e39ddb3f | |
Mathieu4141 | f52382a29a | |
Mathieu4141 | 56f990d100 | |
Mathieu4141 | 59bd2763bc | |
Mathieu4141 | 44617774b6 | |
Mathieu4141 | c0dda66200 | |
Mathieu4141 | 5069f86555 | |
Mathieu4141 | c36ddd75db | |
Mathieu4141 | 34e03e6b56 | |
Mathieu4141 | e1eec18aa3 | |
Mathieu4141 | 6da7b218fc | |
Alexandre Dulaunoy | 4b4f1e895a | |
Alexandre Dulaunoy | 32062206be | |
Mathieu Beligon | a1f64c63de | |
Mathieu Beligon | c0fd66e3cd | |
Mathieu Beligon | 7163ed2068 | |
Mathieu Beligon | c3b6878cf3 | |
Mathieu Beligon | 1246088d76 | |
Mathieu Beligon | 798cebc970 | |
Mathieu Beligon | 2111f50968 | |
Mathieu Beligon | 40fb100ff9 | |
Mathieu Beligon | 4093632674 | |
Mathieu Beligon | 58fb9162b0 | |
Mathieu Beligon | d1f382602c | |
Mathieu Beligon | bc8904110b | |
Mathieu Beligon | 10d27206a7 | |
Mathieu Beligon | ff9a8ddfe3 | |
Alexandre Dulaunoy | e24fecbd40 | |
Alexandre Dulaunoy | b13eee558f | |
Alexandre Dulaunoy | f2cc04fca8 | |
Alexandre Dulaunoy | 63e27b9ebd | |
Mathieu4141 | 5828ba1a9d | |
Mathieu4141 | 4a3968e873 | |
Mathieu4141 | 18811f8056 | |
Mathieu4141 | ee354d9d75 | |
Mathieu4141 | bfb03504a9 | |
Mathieu4141 | 152ab38b10 | |
Mathieu4141 | 5a4a697e8c | |
Mathieu4141 | 971b17b79f | |
Mathieu4141 | 84fec96df9 | |
Mathieu4141 | eb43d9faf2 | |
Christophe Vandeplas | 61922581e7 | |
Mathieu Beligon | 025345e1b6 | |
Mathieu Beligon | a65bb60d90 | |
Mathieu Beligon | 84fda6ef72 | |
Mathieu Beligon | 1343cdb35a | |
Mathieu Beligon | ea227222ea | |
Mathieu Beligon | 44d7b3e88f | |
Mathieu Beligon | 0133c023d2 | |
Mathieu Beligon | 58e8dfef71 | |
Mathieu Beligon | 0f1777df92 | |
Mathieu Beligon | 419c62cea1 | |
Mathieu Beligon | 13c770f0a7 | |
Alexandre Dulaunoy | 0b5b9ca5a3 | |
Alexandre Dulaunoy | 496a48a657 | |
Mathieu Beligon | 9d6315346e | |
Mathieu Beligon | 9c502d0d1f | |
Mathieu Beligon | 73c73606ff | |
Mathieu Beligon | 64f0a87ed7 | |
Mathieu Beligon | 4a521eec3b | |
Mathieu Beligon | 78472ee3f5 | |
Mathieu Beligon | c9e85b4d16 | |
Mathieu Beligon | a91734af6c | |
Mathieu Beligon | 7bb54037e8 | |
Mathieu Beligon | 4bb6cce77d | |
Mathieu Beligon | f82b502df6 | |
Alexandre Dulaunoy | dd43addc62 | |
Mathieu4141 | 5b1af60db3 | |
Alexandre Dulaunoy | 7895b73d36 | |
Mathieu Beligon | be89fcd370 | |
Mathieu Béligon | 63b422c7d0 | |
Mathieu4141 | 9ced077269 | |
Alexandre Dulaunoy | c77eeee13f | |
Alexandre Dulaunoy | 852f205c75 | |
Alexandre Dulaunoy | 08458c1781 | |
Delta-Sierra | 68903b5ce7 | |
Alexandre Dulaunoy | 08ac7289a6 | |
Alexandre Dulaunoy | 648261d423 | |
Alexandre Dulaunoy | c800ad0d1b | |
Alexandre Dulaunoy | e7ca55277c | |
Alexandre Dulaunoy | 38afdbb80f | |
Alexandre Dulaunoy | e116f007dd | |
Delta-Sierra | 2436c6f326 | |
Delta-Sierra | b2a5700414 | |
Delta-Sierra | 25d62c8094 | |
Delta-Sierra | 04739a7e95 | |
Delta-Sierra | 711032d2e3 | |
Delta-Sierra | 0f9646f844 | |
Alexandre Dulaunoy | 555c45c139 | |
Mathieu Beligon | dcde706078 | |
Alexandre Dulaunoy | c585caa4db | |
Alexandre Dulaunoy | 416cd6706a | |
jstnk9 | ec9dc0f2e3 | |
Alexandre Dulaunoy | 800928af06 | |
jstnk9 | aa5a6eb062 | |
Sebastian Himmler | 4b7f5c1e84 | |
Christophe Vandeplas | a4ae58afcb | |
Christophe Vandeplas | e9f884e3f3 | |
Alexandre Dulaunoy | 75d950f1cb | |
Mathieu Beligon | e086bee02e | |
Alexandre Dulaunoy | f234f1e5a4 | |
Alexandre Dulaunoy | 870209265a | |
Mathieu Beligon | 537ef08735 | |
Alexandre Dulaunoy | fe77114b84 | |
Alexandre Dulaunoy | 6f1b8344a5 | |
Alexandre Dulaunoy | 6328b996b2 | |
Alexandre Dulaunoy | a0744ab805 | |
Alexandre Dulaunoy | 7e687c8c21 | |
Alexandre Dulaunoy | a6b8d0e0a1 | |
Alexandre Dulaunoy | 1f3ff23d5b | |
Alexandre Dulaunoy | 99f4454987 | |
Alexandre Dulaunoy | 059b20e705 | |
jstnk9 | faef21e15d | |
jstnk9 | 613e9feb12 | |
Alexandre Dulaunoy | f9d6386c35 | |
Alexandre Dulaunoy | eed0dc7747 | |
Delta-Sierra | 1bb336fdbe | |
Delta-Sierra | fd6bccae8b | |
Delta-Sierra | 73d7c038b2 | |
Alexandre Dulaunoy | f051a47925 | |
Daniel Plohmann | 1b33cad11d | |
Alexandre Dulaunoy | 8760ea0c52 | |
Alexandre Dulaunoy | 051bb3045e | |
Alexandre Dulaunoy | 89a193d315 | |
Alexandre Dulaunoy | 58ab4aba8d | |
Paul Stark | ce7d54c96a | |
jstnk9 | 89ab7728b0 | |
Alexandre Dulaunoy | dc8f7e455a | |
Mathieu Beligon | e6266e8e59 | |
Mathieu Beligon | 081b2e619b | |
Mathieu Beligon | b2599deaae | |
Mathieu Beligon | 0fba8d3f27 | |
Mathieu Beligon | b8f8fce4b6 | |
Mathieu Beligon | e393780af8 | |
Alexandre Dulaunoy | 67543e2437 | |
Alexandre Dulaunoy | b79b75dba4 | |
Alexandre Dulaunoy | 479f0ad83f | |
Alexandre Dulaunoy | 5d01afb537 | |
fl0x2208 | a9a051ffaa | |
Alexandre Dulaunoy | 5437fac633 | |
Alexandre Dulaunoy | 5d78834520 | |
Alexandre Dulaunoy | 458ae78a72 | |
Mathieu Beligon | e2fd005821 | |
Delta-Sierra | ac4d003c3e | |
Delta-Sierra | 5efe483858 | |
Delta-Sierra | 2aa0fb22ba | |
Delta-Sierra | 3e834ed49c | |
Delta-Sierra | db23d6eb4c | |
Delta-Sierra | 214ac5d329 | |
Alexandre Dulaunoy | f80bcdd97f | |
Fabio Nitto | 8c195aee06 | |
Alexandre Dulaunoy | b6e0279211 | |
Delta-Sierra | df0e103727 | |
Alexandre Dulaunoy | a783cc6621 | |
Delta-Sierra | dc498bd199 | |
Alexandre Dulaunoy | 45c11ea942 | |
Delta-Sierra | 23b9105aee | |
Delta-Sierra | 639686be75 | |
Delta-Sierra | 090b501c4c | |
Alexandre Dulaunoy | 2d709eaad1 | |
Daniel Plohmann | d978998a5d | |
Alexandre Dulaunoy | 34b86e4abc | |
Alexandre Dulaunoy | 12b935a31b | |
Jürgen Löhel | 37954a84f1 | |
Alexandre Dulaunoy | a32b5eb666 | |
Daniel Plohmann (Saturn) | e207218534 | |
Daniel Plohmann (Saturn) | 4127ce9694 | |
Alexandre Dulaunoy | 7462830337 | |
Daniel Plohmann | b083ae12bc | |
Daniel Plohmann | c1d3164ef6 | |
Alexandre Dulaunoy | 734823676f | |
Daniel Plohmann | e228ffc432 | |
Alexandre Dulaunoy | dc29d5875e | |
Alexandre Dulaunoy | f5729ac23a | |
Alexandre Dulaunoy | 880763b0f4 | |
Rony | bce41d8cdb | |
Rony | 9b9ce4777a | |
Alexandre Dulaunoy | 1568583acf | |
Alexandre Dulaunoy | 7f5bf07a63 | |
Thomas Dupuy | 2dcd1d3544 | |
Alexandre Dulaunoy | caceb504fe | |
Alexandre Dulaunoy | 31a8d1cf13 | |
Delta-Sierra | c51d177abd | |
Alexandre Dulaunoy | 7028860c0a | |
Alexandre Dulaunoy | f60c2def4f | |
Delta-Sierra | baf5bfe5cc | |
Delta-Sierra | 20d3b3780a | |
Alexandre Dulaunoy | 734d57edf5 | |
Alexandre Dulaunoy | 85ed2b8b81 | |
iglocska | 14301a9c4c | |
Delta-Sierra | e87b7bbf73 | |
Delta-Sierra | 18ee466ae4 | |
Alexandre Dulaunoy | 8c1bb1f809 | |
Delta-Sierra | 9c9561bce8 | |
Delta-Sierra | d202ed9f3f | |
Delta-Sierra | a3fffacab3 | |
Christophe Vandeplas | cd2b5179b4 | |
Christophe Vandeplas | c3a001466f | |
Christophe Vandeplas | 02c50184bf | |
Christophe Vandeplas | 1d9f59eb2d | |
Alexandre Dulaunoy | b4e8d1389e | |
marjatech | 21266365da | |
Alexandre Dulaunoy | 6e627b6368 | |
Alexandre Dulaunoy | 810cbe5b49 | |
Alexandre Dulaunoy | a27fda701b | |
Alexandre Dulaunoy | 20e06dd067 | |
Daniel Plohmann | 094d56057c | |
Thomas Dupuy | bbbd006215 | |
Christophe Vandeplas | 2d7b7137bf | |
Christophe Vandeplas | 3c808921c3 | |
Alexandre Dulaunoy | c86c2a83ab | |
Alexandre Dulaunoy | 3dff8e65cb | |
Delta-Sierra | 1649c3dfca | |
Delta-Sierra | bd050668ef | |
Alexandre Dulaunoy | 0997f8eb70 | |
Sebastien Larinier | ddc285581d | |
Sebastien Larinier | d60cca9302 | |
Sebastien Larinier | 142d4aeaef | |
Alexandre Dulaunoy | 095c44e2ac | |
Alexandre Dulaunoy | de05d2c58e | |
Jürgen Löhel | 15297c7b5f | |
Christophe Vandeplas | 79b80b0869 | |
Christophe Vandeplas | 3c6c204f01 | |
Christophe Vandeplas | 138c7c7ba8 | |
Christophe Vandeplas | fd44ebaee0 | |
Christophe Vandeplas | 568e6a7507 | |
Christophe Vandeplas | 7d98ac013c | |
Christophe Vandeplas | bea5fda2ab | |
Christophe Vandeplas | bf7c5f1dd9 | |
Christophe Vandeplas | a5e7e0c95f | |
Christophe Vandeplas | e056a9ea0c | |
Christophe Vandeplas | f070943ee9 | |
Alexandre Dulaunoy | 4152b9fb83 | |
Alexandre Dulaunoy | adc7a70cf9 | |
Alexandre Dulaunoy | 8688c41796 | |
Alexandre Dulaunoy | 592361826a | |
Alexandre Dulaunoy | 309f4f2ea5 | |
Alexandre Dulaunoy | 2cc6bdfbc1 | |
Alexandre Dulaunoy | 7e25c9ef1f | |
Sebastien Larinier | 862badf2c9 | |
Sebastien Larinier | 1c751b1ea8 | |
Sebastien Larinier | 165ce70a28 | |
Alexandre Dulaunoy | a891f2b5f7 | |
Alexandre Dulaunoy | bf7005c1c3 | |
Sebastien Larinier | 87ef0a400e | |
Sebastien Larinier | a77dc82c0a | |
Delta-Sierra | 063ac9fc71 | |
Delta-Sierra | ecb7e79a6e | |
Alexandre Dulaunoy | 4277fd393e | |
Tobias Mainka | 8d2b9537f1 | |
Sebastien Larinier | 926035633f | |
Alexandre Dulaunoy | ccc8f0f801 | |
Alexandre Dulaunoy | 76ff618d60 | |
Daniel Plohmann | 41afab1c06 | |
Delta-Sierra | 6b8994271e | |
Alexandre Dulaunoy | dd9e033ce5 | |
Daniel Plohmann | 02e23a9a47 | |
Delta-Sierra | 4a4fa6d16f | |
Delta-Sierra | 6d5df91efa | |
Delta-Sierra | 233a066a03 | |
Delta-Sierra | d4225c5469 | |
Alexandre Dulaunoy | 91af071bae | |
Alexandre Dulaunoy | 5f9760923f | |
Delta-Sierra | 8e9880d932 | |
Delta-Sierra | c5590ff79a | |
Alexandre Dulaunoy | c0cde98818 | |
Daniel Plohmann | a966b3ff88 | |
Alexandre Dulaunoy | 2763cdd72b | |
Alexandre Dulaunoy | f877cb4d08 | |
Delta-Sierra | 8c831d70c8 | |
Delta-Sierra | d30e7357fe | |
Delta-Sierra | eb9254713a | |
Alexandre Dulaunoy | 3cc7e03af6 | |
Alexandre Dulaunoy | cbf12d9289 | |
Jürgen Löhel | 647fc025d7 | |
Alexandre Dulaunoy | 52db030362 | |
Alexandre Dulaunoy | 15a03e877e | |
Sebdraven | 8713618777 | |
Sebdraven | f5d68aa08d | |
Christophe Vandeplas | f817f694d6 | |
Sebdraven | d5843d46e2 | |
Alexandre Dulaunoy | 122a0bd39b | |
Alexandre Dulaunoy | f2305dc165 | |
Delta-Sierra | 12f69a6082 | |
Alexandre Dulaunoy | 1dd3c2efdd | |
Mathieu Beligon | d82ff1ecfb | |
Alexandre Dulaunoy | 1cadb52866 | |
Daniel Plohmann | c39b46e9d5 | |
Delta-Sierra | 74390b27c5 | |
Delta-Sierra | c4eca7dfe1 | |
Alexandre Dulaunoy | 963a389216 | |
Jürgen Löhel | 9f9a263394 | |
Jürgen Löhel | 031a4c8030 | |
Jürgen Löhel | 437d4a30e5 | |
Jürgen Löhel | 2d30785af5 | |
Alexandre Dulaunoy | 57f3e46273 | |
Alexandre Dulaunoy | e7b97edaa4 | |
Alexandre Dulaunoy | 6db5b0b0cb | |
Delta-Sierra | bed6bf8dd6 | |
Delta-Sierra | d561350f7b | |
Delta-Sierra | 96cb1e22ba | |
Alexandre Dulaunoy | f5c43b843d | |
Mathieu Beligon | 395ffda94f | |
Mathieu Beligon | e1407c3c3f | |
Mathieu Beligon | 4bbee8c1e7 | |
Mathieu Beligon | 61cb24a3fc | |
Mathieu Beligon | 84faa3c92b | |
Mathieu Beligon | 7d371b4c80 | |
Mathieu Beligon | fa57354471 | |
Mathieu Beligon | bff978e4d1 | |
Mathieu Beligon | 3406ad3aa9 | |
Mathieu Beligon | 2567d6f1f8 | |
Alexandre Dulaunoy | aaf944a11c | |
Rony | 50624af741 | |
Rony | cf727f034c | |
Alexandre Dulaunoy | f4f1f38f3b | |
Delta-Sierra | 27f4c9fcdc | |
Delta-Sierra | 0ca7675a5f | |
Delta-Sierra | 55725c771e | |
Alexandre Dulaunoy | aad2e33b80 | |
Tom King | e52eefa0e7 | |
Christophe Vandeplas | 9f73ff73ac | |
Christophe Vandeplas | 8aadd13bb9 | |
Christophe Vandeplas | e2f2026fea | |
Christophe Vandeplas | a6a9a73ae5 | |
Alexandre Dulaunoy | 6460fde2e4 | |
Alexandre Dulaunoy | d609ff16c0 | |
Daniel Plohmann | 91255413d8 | |
Alexandre Dulaunoy | 73bd7d0983 | |
Mathieu Beligon | 9f09699047 | |
Mathieu Beligon | ac067a236e | |
Mathieu Beligon | a792115dd8 | |
Alexandre Dulaunoy | df2dd16e77 | |
Mathieu Beligon | 8193b05e14 | |
Mathieu Beligon | d34e894d2d | |
Mathieu Beligon | 20c31a5d10 | |
Mathieu Beligon | e836a4a63c | |
Mathieu Beligon | c52ac53765 | |
Mathieu Beligon | 5f274f58c9 | |
Daniel Plohmann | 62256854bc | |
Alexandre Dulaunoy | f6c83d3bfc | |
Mathieu Beligon | 33ff650327 | |
Alexandre Dulaunoy | 9645b9348b | |
o1mate | 239883e2a9 | |
Alexandre Dulaunoy | 385826063b | |
Alexandre Dulaunoy | bb965e67bd | |
Daniel Plohmann | 9710e09e17 | |
Alexandre Dulaunoy | 3d6ec1b187 | |
Alexandre Dulaunoy | 80be580f3c | |
Jürgen Löhel | cf492d9931 | |
Alexandre Dulaunoy | 033895b052 | |
Alexandre Dulaunoy | f509c45d74 | |
Jürgen Löhel | c7c2b8441a | |
Jürgen Löhel | ca635cc3fc | |
Jürgen Löhel | 33513241bd | |
Alexandre Dulaunoy | 150e3152cc | |
Alexandre Dulaunoy | b7543c5012 | |
Mathieu Beligon | a452263ace | |
Alexandre Dulaunoy | 06f250ef7c | |
o1mate | 0b661d4f80 | |
Delta-Sierra | 89bb349184 | |
Delta-Sierra | 0bb1f48ad6 | |
Alexandre Dulaunoy | cba41818fb | |
Christian Studer | e87d39e3f4 | |
Delta-Sierra | 50ca40e408 | |
Christian Studer | 51610df907 | |
Christian Studer | 57871ee05d | |
ofenomeno | cb8d700e62 | |
Christian Studer | f605f041d9 | |
Christian Studer | 826c5ac4d9 | |
Alexandre Dulaunoy | 2f0dfc7656 | |
Alexandre Dulaunoy | 4a342354f9 | |
Christian Studer | 5c21588d7c | |
Christian Studer | 325f51479b | |
Christian Studer | 071ecb8a52 | |
Christian Studer | 1402b7aba6 | |
Alexandre Dulaunoy | 997e570ad2 | |
Alexandre Dulaunoy | 323f9f47a1 | |
Alexandre Dulaunoy | 5804065e16 | |
Alexandre Dulaunoy | fd226d47a2 | |
Alexandre Dulaunoy | c0fdfb0e99 | |
Alexandre Dulaunoy | e54366fb87 | |
Alexandre Dulaunoy | 1c8880b3bb | |
Alexandre Dulaunoy | 187701bacb | |
Alexandre Dulaunoy | 9b9287676d | |
Alexandre Dulaunoy | 9955401791 | |
Alexandre Dulaunoy | 8539361df5 | |
Alexandre Dulaunoy | 3739ee9152 | |
jstnk9 | 5bcec1d72f | |
Jürgen Löhel | d4debd619b | |
Alexandre Dulaunoy | ac1242a40e | |
Delta-Sierra | 3f4edb480b | |
jstnk9 | cb19f6bda7 | |
Delta-Sierra | 5931f51d7a | |
Christian Studer | 52f6f0631e | |
Alexandre Dulaunoy | 927d9208fc | |
Delta-Sierra | 3ea2d62a83 | |
Delta-Sierra | 6016b1000c | |
Delta-Sierra | 5d83563e0e | |
Delta-Sierra | 6c36295318 | |
Alexandre Dulaunoy | de12f46ba6 | |
Andras Iklody | 13dbf70d77 | |
Christian Studer | 3ba51ba77e | |
Alexandre Dulaunoy | fda4160bed | |
Alexandre Dulaunoy | f15e4ed3bc | |
Alexandre Dulaunoy | 1d9a73abdd | |
Christian Studer | e3126ef857 | |
Christian Studer | 823124d422 | |
Christian Studer | 493a5bf94e | |
Christian Studer | bea58d5843 | |
Alexandre Dulaunoy | 5c979ae554 | |
Alexandre Dulaunoy | 0b6034d9be | |
Alexandre Dulaunoy | 8947d0035b | |
Delta-Sierra | 5f0d7f6d68 | |
Delta-Sierra | f4abf37b01 | |
Delta-Sierra | c02b74f999 | |
Delta-Sierra | ffc68b9b8f | |
Delta-Sierra | e316382b8a | |
Delta-Sierra | 8bf6d73d66 | |
Delta-Sierra | 3c7230e38e | |
Alexandre Dulaunoy | fe32cb4288 | |
Thomas Dupuy | be7450494e | |
Alexandre Dulaunoy | 4844a7021c | |
Alexandre Dulaunoy | c41b99d8b9 | |
Alexandre Dulaunoy | 59f5fc5f76 | |
Alexandre Dulaunoy | 63c587ab7d | |
Alexandre Dulaunoy | 7d4011a0a2 | |
Alexandre Dulaunoy | aba1321b34 | |
Terrtia | e3b6e9d229 | |
Alexandre Dulaunoy | 9b8619bbbe | |
Alexandre Dulaunoy | 2dcfa82f6b | |
Jürgen Löhel | f595195cd2 | |
Jstnk9 | 473f1a13aa | |
Alexandre Dulaunoy | 5b9b41b3e0 | |
Delta-Sierra | 2269f4decd | |
Delta-Sierra | 9fc65c0e34 | |
Delta-Sierra | 91d535925f | |
Delta-Sierra | 3837058ab1 | |
Delta-Sierra | d020efd276 | |
Alexandre Dulaunoy | b787bbeb23 | |
Alexandre Dulaunoy | 3b196f8361 | |
Thomas Dupuy | 9ac53e5d5e | |
Alexandre Dulaunoy | 6c4da5dd55 | |
Alexandre Dulaunoy | 52a6fff6a2 | |
Alexandre Dulaunoy | 3b4dcd6ad3 | |
Alexandre Dulaunoy | 610a38cd90 | |
Mathieu Beligon | 8a9dd47f8f | |
Mathieu Beligon | 21d4292faf | |
Mathieu Beligon | e61733591f | |
Mathieu Beligon | 9f0869097a | |
Mathieu Beligon | e3e5560e37 | |
Mathieu Beligon | 5801bbcfc1 | |
Alexandre Dulaunoy | 015650c6d7 | |
Alexandre Dulaunoy | 55b721a422 | |
Delta-Sierra | 9952366667 | |
Alexandre Dulaunoy | 6ac0f27cae | |
Delta-Sierra | 355025eb5b | |
Delta-Sierra | e5b3062912 | |
Alexandre Dulaunoy | d2f60fc3da | |
Thomas Dupuy | 4bcf80f01b | |
Alexandre Dulaunoy | 409c82f40c | |
Alexandre Dulaunoy | 588184bacd | |
Alexandre Dulaunoy | 800006e6ab | |
Mathieu Beligon | 74c6835d18 | |
Mathieu Beligon | a740e35687 | |
Mathieu Beligon | 5994fa4160 | |
Alexandre Dulaunoy | bb3a61c4dc | |
Mathieu Beligon | 4f47e6e2d3 | |
Alexandre Dulaunoy | 9338222b64 | |
Thomas Dupuy | c66d6823a1 | |
Alexandre Dulaunoy | d5ecb73b90 | |
Alexandre Dulaunoy | c3b65a2d15 | |
Alexandre Dulaunoy | 067e449a41 | |
Christophe Vandeplas | e259458d5a | |
Christophe Vandeplas | 7b3670c4ee | |
Thomas Dupuy | bfd1812cef | |
Alexandre Dulaunoy | eacab6ca27 | |
Alexandre Dulaunoy | 7cd322640f | |
Delta-Sierra | a611230bef | |
Christophe Vandeplas | 0609974545 | |
Alexandre Dulaunoy | 789d3754f8 | |
Mathieu Beligon | 22a39f4fdc | |
Alexandre Dulaunoy | 9b8b51fe53 | |
Alexandre Dulaunoy | 2f169e4258 | |
Mathieu Beligon | 580d2c6931 | |
Alexandre Dulaunoy | 30cb4e7e60 | |
Delta-Sierra | 8202a7f48f | |
Delta-Sierra | 0903300b75 | |
Delta-Sierra | 021fcd2c91 | |
Alexandre Dulaunoy | 1c8d82cfcc | |
Christophe Vandeplas | 000cd8c385 | |
Christophe Vandeplas | b011ddee5b | |
Christophe Vandeplas | c5a5fa7cfa | |
Alexandre Dulaunoy | fe782d93dc | |
Mathieu Beligon | e1f5d3b5d8 | |
Mathieu Beligon | 4ff0bdfe8e | |
Delta-Sierra | e3d88f45c6 | |
Delta-Sierra | 6dba3abe13 | |
Mathieu Beligon | 273c7c9b97 | |
Delta-Sierra | 705d0d2e72 | |
Alexandre Dulaunoy | 258515f9a8 | |
Delta-Sierra | 0440db12e9 | |
Delta-Sierra | 77db2370b1 | |
Delta-Sierra | 775d3c183b | |
Alexandre Dulaunoy | 33f19bf8c1 | |
Alexandre Dulaunoy | d866b23801 | |
Rony | aea413cebf | |
Rony | db913e5ab4 | |
Rony | 9aac40149a | |
Rony | 6aea5ee05c | |
Rony | 81ff1f0f53 | |
Rony | fb0cf3c7e5 | |
Christophe Vandeplas | 3f25619109 | |
Daniel Plohmann | d18f5bc8b6 | |
Alexandre Dulaunoy | 5175fb0364 | |
Alexandre Dulaunoy | b0ff3a8a25 | |
Rony | e7178a1e08 | |
Rony | 27300c6381 | |
Rony | 7f526e230b | |
Rony | 6ad9699a38 | |
Rony | 2dc138ae01 | |
Rony | 0b140b7097 | |
Alexandre Dulaunoy | 8bea9f3b4b | |
Mathieu Béligon | 9cfcc0d9ac | |
Mathieu Beligon | 6e00329ba6 | |
Delta-Sierra | 534dacb7fb | |
Delta-Sierra | d5a9365aae | |
Mathieu Beligon | 9b714dcd76 | |
Alexandre Dulaunoy | 795ee95a27 | |
Delta-Sierra | 5b3c395f10 | |
Delta-Sierra | cb422c2190 | |
Alexandre Dulaunoy | b0ffb843b0 | |
Yosirion95 | cda80e5496 | |
Alexandre Dulaunoy | 9efca4c41b | |
Alexandre Dulaunoy | 8c09aeb1dd | |
Rony | 5b42a09dc2 | |
Rony | 6fd584fa88 | |
Alexandre Dulaunoy | 6b137ea12c | |
Mathieu Beligon | 7f82616c10 | |
Mathieu Beligon | 969f461709 | |
Christophe Vandeplas | 1b69b654a8 | |
Mathieu Beligon | fd9201e9e0 | |
Mathieu Beligon | 768c94671c | |
Alexandre Dulaunoy | a8b234d694 | |
Alexandre Dulaunoy | 441bd8afe6 | |
Mathieu Béligon | fcd6faec78 | |
Mathieu Béligon | 54f3ef2831 | |
Mathieu Béligon | c9b11553eb | |
Mathieu Beligon | c1abedb446 | |
Mathieu Beligon | a61ef2a88f | |
Mathieu Beligon | 84e69ad4be | |
Mathieu Beligon | 1acc51a7a6 | |
Mathieu Beligon | ec988c97d0 | |
Mathieu Beligon | d9046c8619 | |
Mathieu Beligon | a046e8094d | |
Mathieu Beligon | 5e4a4c3453 | |
Mathieu Beligon | 264e764dfa | |
Alexandre Dulaunoy | 937b5640cf | |
Delta-Sierra | 3f036db1e3 | |
Mathieu Beligon | 71e3e1f3eb | |
Mathieu Beligon | a6242d4732 | |
Mathieu Beligon | 0d6399aa2b | |
Mathieu Beligon | 53282255ce | |
Mathieu Beligon | 3f50cf0175 | |
Alexandre Dulaunoy | cf4e5c8cf0 | |
Rony | f608312577 | |
Rony | ccd10b54f4 | |
Rony | 0cec882cc5 | |
Alexandre Dulaunoy | a373909bb1 | |
Alexandre Dulaunoy | 627988ae60 | |
Alexandre Dulaunoy | 352998a84d | |
Mathieu Beligon | d05b29c1af | |
Mathieu Beligon | 9c6f106928 | |
Rony | 5b25b574b3 | |
Rony | 370045b01d | |
Rony | 62b168600f | |
Rony | 490bc6a05c | |
Rony | bbe84c5985 | |
Rony | de76aef023 | |
Rony | f4b63d4514 | |
Alexandre Dulaunoy | 65c9490b77 | |
Alexandre Dulaunoy | 96d31aa8c7 | |
Thomas Dupuy | ed24dcaf19 | |
Thomas Dupuy | 912050b9b7 | |
Thomas Dupuy | 6e0df72ef4 | |
Christophe Vandeplas | 75221418b8 | |
Alexandre Dulaunoy | 0deefea644 | |
Christophe Vandeplas | 1369756810 | |
Alexandre Dulaunoy | bfda561f5f | |
Christophe Vandeplas | 5738eca423 | |
Daniel Plohmann | bdaadea58e | |
Alexandre Dulaunoy | d940ce31f5 | |
Daniel Plohmann | bc20a463c8 | |
Alexandre Dulaunoy | 2330c17602 | |
Alexandre Dulaunoy | 6427746ad8 | |
Alexandre Dulaunoy | 63f5122ad4 | |
Alexandre Dulaunoy | 6134853219 | |
Mathieu Beligon | 51aacd6b03 | |
Mathieu Beligon | acc6ada575 | |
Mathieu Beligon | d815bfa174 | |
Daniel Plohmann | 26f6a33695 | |
Rony | 5a7f3a7207 | |
Rony | 8ce0df6eb4 | |
Alexandre Dulaunoy | 6b6398bf2d | |
Alexandre Dulaunoy | 9664433777 | |
Alexandre Dulaunoy | b4ce9a9453 | |
Alexandre Dulaunoy | a376b68ef8 | |
Rony | 15096a560f | |
Rony | add6b27466 | |
Rony | aa81da6ea6 | |
Rony | 2b54df56f9 | |
Rony | 2e045d9c8c | |
Daniel Plohmann | 5825783a85 | |
Alexandre Dulaunoy | da57a5b002 | |
Rony | 932fcf1871 | |
Rony | 082039b3b0 | |
Daniel Plohmann | ed32c508b7 | |
Rony | 000bfe92d9 | |
Rony | 2e8a577b0c | |
Rony | 3fabd58416 | |
Rony | 79c84d3768 | |
Alexandre Dulaunoy | a99640532c | |
Daniel Plohmann | 082d506b64 | |
Alexandre Dulaunoy | 0dcb41ba57 | |
Daniel Plohmann | 240a757826 | |
Alexandre Dulaunoy | cf603e8160 | |
Alexandre Dulaunoy | a82bf23b3e | |
Thomas Dupuy | 90da0d798f | |
Delta-Sierra | b1c853bf42 | |
Thomas Dupuy | 1a8835bcae | |
Thomas Dupuy | a86d866534 | |
Delta-Sierra | d40017ae50 | |
Alexandre Dulaunoy | 684c6be358 | |
Delta-Sierra | 6c6355f2ba | |
Delta-Sierra | 300d608770 | |
Delta-Sierra | 71c93f5b24 | |
Delta-Sierra | 4ea34fc5a4 | |
Delta-Sierra | 924eda26ca | |
Alexandre Dulaunoy | 1b6ac6b93d | |
Alexandre Dulaunoy | f562520a7c | |
Deborah Servili | ca7d524d9c | |
Delta-Sierra | 8b211d9cc1 | |
Delta-Sierra | 29aa7b3f69 | |
Alexandre Dulaunoy | acb2a6c913 | |
Delta-Sierra | be6a086ef0 | |
Delta-Sierra | 56a53433f0 | |
Alexandre Dulaunoy | 2113761e5b | |
Delta-Sierra | 279b89f6d9 | |
Delta-Sierra | 67d5f5c7c0 | |
Delta-Sierra | 7e37fa0cdd | |
Delta-Sierra | c2e7ef4fab | |
Alexandre Dulaunoy | 4638dbde86 | |
marjatech | 587dc8560b | |
Mathieu Beligon | 693eed8d78 | |
marjatech | 1212a75cc4 | |
Mathieu Beligon | d63c990dad | |
Mathieu Beligon | b8d4ffdbde | |
Alexandre Dulaunoy | 648b35d445 | |
Koen Van Impe | 0c9aa68db6 | |
Koen Van Impe | 22c2f7b999 | |
Alexandre Dulaunoy | 26ba6ace82 | |
Mathieu Beligon | d79c5bd1ab | |
Alexandre Dulaunoy | 373fcb8530 | |
Rony | c030fcdab6 | |
Alexandre Dulaunoy | 76c8186274 | |
Thanat0s | 44a99d066a | |
Alexandre Dulaunoy | 10d53418de | |
Thanat0s | 57befd7259 | |
Thanat0s | 51f98f4706 | |
Thanat0s | f97fee7135 | |
Thanat0s | 297acc0f5e | |
Alexandre Dulaunoy | 18fd2c0e34 | |
Rony | e916267c7c | |
Christophe Vandeplas | 39073004c4 | |
Christophe Vandeplas | 4a469299fd | |
Alexandre Dulaunoy | ff280a9b44 | |
Mathieu Beligon | dca70783bf | |
Mathieu Beligon | c1cfc19871 | |
Mathieu Beligon | 36a1466661 | |
Alexandre Dulaunoy | a838eaf9db | |
Alexandre Dulaunoy | b838f38e2f | |
Jürgen Löhel | 1be9a10ef9 | |
Jürgen Löhel | 9db5d18114 | |
Alexandre Dulaunoy | 0d4187c370 | |
Rony | 2721522e82 | |
Alexandre Dulaunoy | 9777f40b58 | |
Jürgen Löhel | 45da13ce5e | |
Alexandre Dulaunoy | fcdc6c86e6 | |
Alexandre Dulaunoy | 9130365e2e | |
Alexandre Dulaunoy | bb434b11cf | |
Alexandre Dulaunoy | 06550a7945 | |
Alexandre Dulaunoy | 2042fde3ff | |
Alexandre Dulaunoy | b67e3ed3f8 | |
Alexandre Dulaunoy | 1b93f32c52 | |
Rony | c0be6677c2 | |
Rony | 11eca69ebc | |
Alexandre Dulaunoy | a315483a22 | |
Daniel Plohmann | 26c1850377 | |
Alexandre Dulaunoy | c03e82ad18 | |
Daniel Plohmann | 06c293072c | |
Christophe Vandeplas | 87c1e34ce8 | |
3c7 | 0ad65fbe9f | |
3c7 | dfb6c0668e | |
Christophe Vandeplas | 33476bec81 | |
Alexandre Dulaunoy | 664f6d80cc | |
Alexandre Dulaunoy | 1e383e2452 | |
Alexandre Dulaunoy | 8905fafe1b | |
Mathieu Beligon | c8455a6c4d | |
Adam McHugh | 53a0fc56d3 | |
Alexandre Dulaunoy | bca7381f33 | |
Alexandre Dulaunoy | eb7c5ebaf1 | |
Alexandre Dulaunoy | bc696b43f4 | |
Alexandre Dulaunoy | 00d33fd292 | |
Alexandre Dulaunoy | 66744a4cd0 | |
Alexandre Dulaunoy | 14907e3eef | |
Alexandre Dulaunoy | 0060322818 | |
Adam McHugh | 84eac4b102 | |
Adam McHugh | f00e80ae7e | |
Adam McHugh | cff8a38c5f | |
Adam McHugh | 622c0502aa | |
Adam McHugh | 99caab201f | |
Alexandre Dulaunoy | 93b260f3c6 | |
Thomas Dupuy | bd05eb0bba | |
Alexandre Dulaunoy | 5b68aaebd0 | |
Thomas Dupuy | 209391f110 | |
Alexandre Dulaunoy | c673360afa | |
Alexandre Dulaunoy | 5045af93ca | |
Alexandre Dulaunoy | 21478c0d8d | |
Alexandre Dulaunoy | b649057a5a | |
Alexandre Dulaunoy | aff4345074 | |
Alexandre Dulaunoy | 269f91ad75 | |
Alexandre Dulaunoy | d3d4e7186b | |
Alexandre Dulaunoy | 7e6390c336 | |
Alexandre Dulaunoy | 6438befaf2 | |
Alexandre Dulaunoy | cef6b90c06 | |
Rony | a08ddaf548 | |
Rony | 50f39edc10 | |
Alexandre Dulaunoy | 24f2814c27 | |
Delta-Sierra | 73f71c8b15 | |
Delta-Sierra | fb557fd3a2 | |
Delta-Sierra | 909fc09992 | |
Delta-Sierra | 7c3e8ac068 | |
Delta-Sierra | dcc396108c | |
Delta-Sierra | 9257fb677b | |
Delta-Sierra | 0f7803b091 | |
Sami Mokaddem | 4242732af1 | |
Sami Mokaddem | 04a560efa6 | |
Sami Mokaddem | a9a09d11c6 | |
Alexandre Dulaunoy | 9a366df987 | |
Mathieu Beligon | c35fad3291 | |
Alexandre Dulaunoy | 2d8eff9de9 | |
Alexandre Dulaunoy | 94c3788089 | |
AgatheMgt | aec779d1ee | |
AgatheMgt | f3b346684f | |
AgatheMgt | 9f21e4512c | |
AgatheMgt | 3ce6d7a313 | |
AgatheMgt | a6a16926f6 | |
AgatheMgt | 8b70f5a1fd | |
AgatheMgt | 2be8954ef1 | |
Christophe Vandeplas | 8c2a9af8b8 | |
Daniel Plohmann | 24a3f16ab4 | |
Delta-Sierra | 97690426bf | |
Alexandre Dulaunoy | 6f0208dcaf | |
Alexandre Dulaunoy | ef5af37dbe | |
Alexandre Dulaunoy | c0a07d2246 | |
Alexandre Dulaunoy | 255f3e2d88 | |
botlabsDev | 6416d0b2de | |
Alexandre Dulaunoy | 18069ce5f3 | |
Alexandre Dulaunoy | 7fd5715715 | |
Rony | eebda5f955 | |
Alexandre Dulaunoy | a6da498a4d | |
Rony | ac72e7b639 | |
Rony | 3b67e745e5 | |
botlabsDev | 99ab2a13d6 | |
Badis-dev | 231915f9a4 | |
Badis-dev | 27241135a2 | |
Badis-dev | 78f1c9f345 | |
Badis-dev | 1c707f7c5e | |
Badis-dev | 530a56c3ea | |
Alexandre Dulaunoy | b978bb1c86 | |
Delta-Sierra | 957327383d | |
Delta-Sierra | a7f3df8a9a | |
Delta-Sierra | 8fd3c87b47 | |
Alexandre Dulaunoy | 8e09c9b30c | |
Alexandre Dulaunoy | 21be83e3e9 | |
Daniel Plohmann | 896a451461 | |
Daniel Plohmann | a817324cd4 | |
Mathieu Beligon | 0b456b8afa | |
Mathieu Beligon | d3d241ca54 | |
Mathieu Beligon | 27c05a118e | |
Alexandre Dulaunoy | 089cb39891 | |
Delta-Sierra | c909a35d65 | |
Delta-Sierra | a788c867a7 | |
Delta-Sierra | b0cd884afc | |
Alexandre Dulaunoy | dc4a7d06de | |
Daniel Plohmann | 321e4b4a57 | |
Daniel Plohmann | 254dd47a61 | |
Alexandre Dulaunoy | d4f51cd066 | |
Delta-Sierra | 33ef3317b7 | |
Delta-Sierra | 9b76d71c43 | |
Delta-Sierra | 3184819968 | |
Alexandre Dulaunoy | 3bce478fe4 | |
rwe | 4700780d47 | |
Alexandre Dulaunoy | f49b54281b | |
Alexandre Dulaunoy | 08bf8219e5 | |
Alexandre Dulaunoy | 3328b73185 | |
Kevin Holvoet | 3d23f98d04 | |
Kevin Holvoet | 389add7580 | |
Kevin Holvoet | fa9829cec0 | |
Alexandre Dulaunoy | 7d3e001633 | |
Daniel Plohmann | 833a6e0a8d | |
Daniel Plohmann | 8f928d8eb3 | |
Alexandre Dulaunoy | 2c586d2f96 | |
Delta-Sierra | 5cf1eb01f4 | |
Alexandre Dulaunoy | 1fda357a03 | |
Alexandre Dulaunoy | ef91e5404e | |
Jürgen Löhel | 22046a1eae | |
Delta-Sierra | e523bdaf70 | |
Alexandre Dulaunoy | bce052d33f | |
Jürgen Löhel | 3059c70ae6 | |
Alexandre Dulaunoy | ffd2e74daa | |
Thomas Dupuy | c792bdd1b7 | |
Thomas Dupuy | afaf3a3110 | |
Alexandre Dulaunoy | 58fc75bda0 | |
Jürgen Löhel | 5aa8a8a8b1 | |
Alexandre Dulaunoy | b9d54b8ad9 | |
Alexandre Dulaunoy | a0804c1194 | |
Alexandre Dulaunoy | db9a0dc04d | |
Alexandre Dulaunoy | aa41337fd7 | |
Sami Tainio | dcb87b0dc6 | |
Alexandre Dulaunoy | 298bc784da | |
Alexandre Dulaunoy | d51eecdab8 | |
Alexandre Dulaunoy | adb467743e | |
Alexandre Dulaunoy | b1e388c815 | |
Daniel Plohmann | 3094283252 | |
Raphaël Vinot | 174a812cef | |
Alexandre Dulaunoy | eba1b2839f | |
Raphaël Vinot | b4d518d4f0 | |
Alexandre Dulaunoy | 12617ff627 | |
Alexandre Dulaunoy | b2cc6277cf | |
Alexandre Dulaunoy | 69b582f9ba | |
Alexandre Dulaunoy | bc3ab62917 | |
Alexandre Dulaunoy | ee2a3c83f4 | |
Alexandre Dulaunoy | 01d23b61b7 | |
Alexandre Dulaunoy | 01f2ce68d4 | |
Alexandre Dulaunoy | 5becac98e4 | |
Alexandre Dulaunoy | 18a44d372b | |
Alexandre Dulaunoy | dd210c5d14 | |
Alexandre Dulaunoy | ce79aba48c | |
Alexandre Dulaunoy | ae7b7bd47d | |
Alexandre Dulaunoy | 7b587710b1 | |
Alexandre Dulaunoy | a0b65dd42c | |
Jürgen Löhel | b81ac7f01d | |
Delta-Sierra | b8960393a4 | |
Delta-Sierra | bb92427b65 | |
Alexandre Dulaunoy | f98996bfc6 | |
Delta-Sierra | 78a8cf4ad2 | |
Delta-Sierra | c89623e945 | |
Christophe Vandeplas | aeb5719448 | |
Alexandre Dulaunoy | ab41df7282 | |
Alexandre Dulaunoy | e517787e7c | |
Alexandre Dulaunoy | 69f878c86f | |
Alexandre Dulaunoy | 87f9b0d029 | |
Alexandre Dulaunoy | da91f2abc2 | |
marjatech | d74fdb3e43 | |
Bernardo Santos | e74fcfe268 | |
Bernardo Santos | 5f19983ba3 | |
Bernardo Santos | 49dfcca563 | |
Bernardo Santos | d09681b011 | |
Alexandre Dulaunoy | 20f14c0090 | |
Jeroen Pinoy | 9ec76ae185 | |
Alexandre Dulaunoy | fccefddc48 | |
Thomas Patzke | 26f0c344a1 | |
Alexandre Dulaunoy | 6b279d3b33 | |
Thomas Dupuy | 1985de4d44 | |
Thomas Dupuy | 89a3f986ba | |
Alexandre Dulaunoy | 60cc6dd536 | |
Daniel Plohmann | 3272960a14 | |
Alexandre Dulaunoy | 959b919dc6 | |
Rony | 5dd0c7d8b3 | |
Alexandre Dulaunoy | 8f0a1642e0 | |
Rony | 636ccdedcd | |
Rony | 9ecfecc063 | |
Rony | 32ea60d721 | |
Rony | 52e7d5a0a9 | |
Rony | fb9a41f8e9 | |
Rony | c90c60cb13 | |
Alexandre Dulaunoy | 6c8949caa9 | |
Alexandre Dulaunoy | 6d6776316e | |
Deborah Servili | b6005bd53f | |
Delta-Sierra | 913aff30c3 | |
Jasper Lievisse Adriaanse | 792490298e | |
Delta-Sierra | 97976ba2e8 | |
Delta-Sierra | 92bd2e3ee9 | |
Delta-Sierra | 809860c945 |
|
@ -13,7 +13,7 @@ jobs:
|
|||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
matrix:
|
||||
python-version: [3.6, 3.7, 3.8, 3.9]
|
||||
python-version: [3.8, 3.9, '3.10']
|
||||
|
||||
steps:
|
||||
|
||||
|
@ -44,9 +44,10 @@ jobs:
|
|||
git submodule foreach git pull origin main
|
||||
poetry install
|
||||
popd
|
||||
sudo mount --bind . PyMISPGalaxies/pymispgalaxies/data/misp-galaxy
|
||||
|
||||
- name: Test with Python module
|
||||
run: |
|
||||
pushd PyMISPGalaxies
|
||||
poetry run nosetests-3.4 --with-coverage --cover-package=pymispgalaxies -d
|
||||
poetry run pytest --cov=pymispgalaxies tests/tests.py
|
||||
popd
|
|
@ -1 +1,3 @@
|
|||
__pycache__
|
||||
.DS_Store
|
||||
.idea/
|
||||
|
|
|
@ -0,0 +1,40 @@
|
|||
{
|
||||
"version": "0.2.0",
|
||||
"configurations": [
|
||||
{
|
||||
"name": "gen_mitre",
|
||||
"type": "debugpy",
|
||||
"request": "launch",
|
||||
"program": "${file}",
|
||||
"console": "integratedTerminal",
|
||||
"args": "-p ../../MITRE-ATTACK",
|
||||
"cwd": "${fileDirname}"
|
||||
},
|
||||
{
|
||||
"name": "gen_interpol_dwvat",
|
||||
"type": "debugpy",
|
||||
"request": "launch",
|
||||
"program": "${file}",
|
||||
"console": "integratedTerminal",
|
||||
"args": "-p ../../DW-VA-Taxonomy",
|
||||
"cwd": "${fileDirname}"
|
||||
},
|
||||
{
|
||||
"name": "gen_mitre_atlas",
|
||||
"type": "debugpy",
|
||||
"request": "launch",
|
||||
"program": "${file}",
|
||||
"console": "integratedTerminal",
|
||||
"args": "-p ../../atlas-navigator-data",
|
||||
"cwd": "${fileDirname}"
|
||||
},
|
||||
{
|
||||
"name": "Python Debugger: Current File",
|
||||
"type": "debugpy",
|
||||
"request": "launch",
|
||||
"program": "${file}",
|
||||
"console": "integratedTerminal",
|
||||
"cwd": "${fileDirname}"
|
||||
}
|
||||
]
|
||||
}
|
739
README.md
739
README.md
|
@ -2,78 +2,709 @@
|
|||
|
||||
![Python application](https://github.com/MISP/misp-galaxy/workflows/Python%20application/badge.svg)
|
||||
|
||||
![Screenshot - MISP galaxy integeration in MISP threat intelligence platform](https://raw.githubusercontent.com/MISP/misp-galaxy/aa41337fd78946a60aef3783f58f337d2342430a/doc/images/galaxy.png)
|
||||
|
||||
MISP galaxy is a simple method to express a large object called cluster that can be attached to MISP events or
|
||||
attributes. A cluster can be composed of one or more elements. Elements are expressed as key-values. There
|
||||
are default vocabularies available in MISP galaxy but those can be overwritten, replaced or updated as you wish.
|
||||
are default knowledge base (such as Threat Actors, Tools, Ransomware, ATT&CK matrixes) available in MISP galaxy
|
||||
but those can be overwritten, replaced, updated, forked and shared as you wish.
|
||||
|
||||
Existing clusters and vocabularies can be used as-is or as a template. MISP distribution can be applied
|
||||
Existing clusters and vocabularies can be used as-is or as a common knowledge base. MISP distribution can be applied
|
||||
to each cluster to permit a limited or broader distribution scheme.
|
||||
|
||||
Vocabularies are from existing standards (like STIX, Veris, MISP and so on) or custom ones.
|
||||
Galaxies can be also used to expressed existing matrix-like standards such as MITRE ATT&CK(tm) or custom ones.
|
||||
|
||||
The objective is to have a comment set of clusters for organizations starting analysis but that can be expanded
|
||||
to localized information (which is not shared) or additional information (that can be shared).
|
||||
|
||||
# Available clusters
|
||||
# Available Galaxy - clusters
|
||||
|
||||
- [clusters/android.json](clusters/android.json) - Android malware galaxy based on multiple open sources.
|
||||
- [clusters/banker.json](clusters/banker.json) - A list of banker malware.
|
||||
- [clusters/stealer.json](clusters/stealer.json) - A list of malware stealer.
|
||||
- [clusters/backdoor.json](clusters/backdoor.json) - A list of backdoor malware.
|
||||
- [clusters/botnet.json](clusters/botnet.json) - A list of known botnets.
|
||||
- [clusters/branded_vulnerability.json](clusters/branded_vulnerability.json) - List of known vulnerabilities and exploits.
|
||||
- [clusters/exploit-kit.json](clusters/exploit-kit.json) - Exploit-Kit is an enumeration of some exploitation kits used by adversaries. The list includes document, browser and router exploit kits. It's not meant to be totally exhaustive but aim at covering the most seen in the past 5 years.
|
||||
- [clusters/microsoft-activity-group.json](clusters/microsoft-activity-group.json) - Activity groups as described by Microsoft.
|
||||
- [clusters/preventive-measure.json](clusters/preventive-measure.json) - Preventive measures.
|
||||
- [clusters/ransomware.json](clusters/ransomware.json) - Ransomware galaxy based on https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml
|
||||
- [clusters/rat.json](clusters/rat.json) - remote administration tool or remote access tool (RAT), also called sometimes remote access trojan, is a piece of software or programming that allows a remote "operator" to control a system as if they have physical access to that system.
|
||||
- [clusters/tds.json](clusters/tds.json) - TDS is a list of Traffic Direction System used by adversaries.
|
||||
- [clusters/threat-actor.json](clusters/threat-actor.json) - Adversary groups - Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign. MISP
|
||||
- [clusters/tool.json](clusters/tool.json) - tool is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.
|
||||
## 360.net Threat Actors
|
||||
|
||||
- [clusters/mitre-attack-pattern.json](clusters/mitre-attack-pattern.json) - Attack Pattern - MITRE Adversarial Tactics, Techniques & Common Knowledge (ATT&CK) - v2.0
|
||||
- [clusters/mitre-course-of-action.json](clusters/mitre-course-of-action.json) - Course of Action - MITRE Adversarial Tactics, Techniques & Common Knowledge (ATT&CK) - v2.0
|
||||
- [clusters/mitre-intrusion-set.json](clusters/mitre-intrusion-set.json) - Intrusion Set - MITRE Adversarial Tactics, Techniques & Common Knowledge (ATT&CK) - v2.0
|
||||
- [clusters/mitre-malware.json](clusters/mitre-malware.json) - Malware - MITRE Adversarial Tactics, Techniques & Common Knowledge (ATT&CK) - v2.0
|
||||
- [clusters/mitre-tool.json](clusters/mitre-tool.json) - Tool - MITRE Adversarial Tactics, Techniques & Common Knowledge (ATT&CK) - v2.0
|
||||
[360.net Threat Actors](https://www.misp-project.org/galaxy.html#_360.net_threat_actors) - Known or estimated adversary groups as identified by 360.net.
|
||||
|
||||
- [clusters/mitre-ics-assets.json](clusters/mitre-ics-assets.json) - ICS Assets - A list of asset categories that are commonly found in industrial control systems.
|
||||
- [clusters/mitre-ics-groups.json](clusters/mitre-ics-groups.json) - ICS Groups - Groups are sets of related intrusion activity that are tracked by a common name in the security community.
|
||||
- [clusters/mitre-ics-levels.json](clusters/mitre-ics-levels.json) - ICS Levels - Based on the Purdue Model to aid ATT&CK for ICS users to understand which techniques are applicable to their environment.
|
||||
- [clusters/mitre-ics-software.json](clusters/mitre-ics-software.json) - ICS Software - Software is a generic term for custom or commercial code, operating system utilities, open-source software, or other tools used to conduct behavior modeled in ATT&CK for ICS.
|
||||
- [clusters/mitre-ics-tactics.json](clusters/mitre-ics-tactics.json) - ICS Tectics - A list of all tactics in ATT&CK for ICS.
|
||||
- [clusters/mitre-ics-techniques.json](clusters/mitre-ics-techniques.json) - ICS Techniques - A list of Techniques in ATT&CK for ICS.
|
||||
Category: *actor* - source: *https://apt.360.net/aptlist* - total: *42* elements
|
||||
|
||||
- [clusters/sectors.json](clusters/sectors.json) - Activity sectors
|
||||
- [clusters/cert-eu-govsector.json](clusters/cert-eu-govsector.json) - Cert EU GovSector
|
||||
- [clusters/social-dark-patterns.json](clusters/social-dark-patterns.json) - Social Engineering - Dark Patterns
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_360.net_threat_actors)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/360net.json)]
|
||||
|
||||
# Available Vocabularies
|
||||
## Ammunitions
|
||||
|
||||
A [readable PDF overview of the MISP galaxy is available](https://www.misp.software/galaxy.pdf) or [HTML](https://www.misp.software/galaxy.html) and generated from the JSON.
|
||||
[Ammunitions](https://www.misp-project.org/galaxy.html#_ammunitions) - Common ammunitions galaxy
|
||||
|
||||
Category: *firearm* - source: *https://ammo.com/* - total: *410* elements
|
||||
|
||||
## Common
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_ammunitions)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/ammunitions.json)]
|
||||
|
||||
- [vocabularies/common/certainty-level.json](vocabularies/common/certainty-level.json) - Certainty level of an associated element or cluster.
|
||||
- [vocabularies/common/threat-actor-type.json](vocabularies/common/threat-actor-type.json) - threat actor type vocab as defined by Cert EU.
|
||||
- [vocabularies/common/ttp-category.json](vocabularies/common/ttp-category.json) - ttp category vocab as defined by Cert EU.
|
||||
- [vocabularies/common/ttp-type.json](vocabularies/common/ttp-type.json) - ttp type vocab as defined by Cert EU.
|
||||
## Android
|
||||
|
||||
[Android](https://www.misp-project.org/galaxy.html#_android) - Android malware galaxy based on multiple open sources.
|
||||
|
||||
Category: *tool* - source: *Open Sources* - total: *433* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_android)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/android.json)]
|
||||
|
||||
## Azure Threat Research Matrix
|
||||
|
||||
[Azure Threat Research Matrix](https://www.misp-project.org/galaxy.html#_azure_threat_research_matrix) - The purpose of the Azure Threat Research Matrix (ATRM) is to educate readers on the potential of Azure-based tactics, techniques, and procedures (TTPs). It is not to teach how to weaponize or specifically abuse them. For this reason, some specific commands will be obfuscated or parts will be omitted to prevent abuse.
|
||||
|
||||
Category: *atrm* - source: *https://github.com/microsoft/Azure-Threat-Research-Matrix* - total: *90* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_azure_threat_research_matrix)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/atrm.json)]
|
||||
|
||||
## attck4fraud
|
||||
|
||||
[attck4fraud](https://www.misp-project.org/galaxy.html#_attck4fraud) - attck4fraud - Principles of MITRE ATT&CK in the fraud domain
|
||||
|
||||
Category: *guidelines* - source: *Open Sources* - total: *71* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_attck4fraud)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/attck4fraud.json)]
|
||||
|
||||
## Backdoor
|
||||
|
||||
[Backdoor](https://www.misp-project.org/galaxy.html#_backdoor) - A list of backdoor malware.
|
||||
|
||||
Category: *tool* - source: *Open Sources* - total: *28* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_backdoor)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/backdoor.json)]
|
||||
|
||||
## Banker
|
||||
|
||||
[Banker](https://www.misp-project.org/galaxy.html#_banker) - A list of banker malware.
|
||||
|
||||
Category: *tool* - source: *Open Sources* - total: *53* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_banker)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/banker.json)]
|
||||
|
||||
## Bhadra Framework
|
||||
|
||||
[Bhadra Framework](https://www.misp-project.org/galaxy.html#_bhadra_framework) - Bhadra Threat Modeling Framework
|
||||
|
||||
Category: *mobile* - source: *https://arxiv.org/pdf/2005.05110.pdf* - total: *47* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_bhadra_framework)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/bhadra-framework.json)]
|
||||
|
||||
## Botnet
|
||||
|
||||
[Botnet](https://www.misp-project.org/galaxy.html#_botnet) - botnet galaxy
|
||||
|
||||
Category: *tool* - source: *MISP Project* - total: *130* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_botnet)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/botnet.json)]
|
||||
|
||||
## Branded Vulnerability
|
||||
|
||||
[Branded Vulnerability](https://www.misp-project.org/galaxy.html#_branded_vulnerability) - List of known vulnerabilities and attacks with a branding
|
||||
|
||||
Category: *vulnerability* - source: *Open Sources* - total: *14* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_branded_vulnerability)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/branded_vulnerability.json)]
|
||||
|
||||
## Cert EU GovSector
|
||||
|
||||
[Cert EU GovSector](https://www.misp-project.org/galaxy.html#_cert_eu_govsector) - Cert EU GovSector
|
||||
|
||||
Category: *sector* - source: *CERT-EU* - total: *6* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_cert_eu_govsector)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/cert-eu-govsector.json)]
|
||||
|
||||
## China Defence Universities Tracker
|
||||
|
||||
[China Defence Universities Tracker](https://www.misp-project.org/galaxy.html#_china_defence_universities_tracker) - The China Defence Universities Tracker is a database of Chinese institutions engaged in military or security-related science and technology research. It was created by ASPI’s International Cyber Policy Centre.
|
||||
|
||||
Category: *academic-institution* - source: *ASPI International Cyber Policy Centre* - total: *159* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_china_defence_universities_tracker)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/china-defence-universities.json)]
|
||||
|
||||
## CONCORDIA Mobile Modelling Framework - Attack Pattern
|
||||
|
||||
[CONCORDIA Mobile Modelling Framework - Attack Pattern](https://www.misp-project.org/galaxy.html#_concordia_mobile_modelling_framework_-_attack_pattern) - A list of Techniques in CONCORDIA Mobile Modelling Framework.
|
||||
|
||||
Category: *cmtmf-attack-pattern* - source: *https://5g4iot.vlab.cs.hioa.no/* - total: *93* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_concordia_mobile_modelling_framework_-_attack_pattern)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/cmtmf-attack-pattern.json)]
|
||||
|
||||
## Country
|
||||
|
||||
[Country](https://www.misp-project.org/galaxy.html#_country) - Country meta information based on the database provided by geonames.org.
|
||||
|
||||
Category: *country* - source: *MISP Project* - total: *252* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_country)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/country.json)]
|
||||
|
||||
## Cryptominers
|
||||
|
||||
[Cryptominers](https://www.misp-project.org/galaxy.html#_cryptominers) - A list of cryptominer and cryptojacker malware.
|
||||
|
||||
Category: *Cryptominers* - source: *Open Source Intelligence* - total: *5* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_cryptominers)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/cryptominers.json)]
|
||||
|
||||
## Actor Types
|
||||
|
||||
[Actor Types](https://www.misp-project.org/galaxy.html#_actor_types) - DISARM is a framework designed for describing and understanding disinformation incidents.
|
||||
|
||||
Category: *disarm* - source: *https://github.com/DISARMFoundation/DISARMframeworks* - total: *33* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_actor_types)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/disarm-actortypes.json)]
|
||||
|
||||
## Countermeasures
|
||||
|
||||
[Countermeasures](https://www.misp-project.org/galaxy.html#_countermeasures) - DISARM is a framework designed for describing and understanding disinformation incidents.
|
||||
|
||||
Category: *disarm* - source: *https://github.com/DISARMFoundation/DISARMframeworks* - total: *139* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_countermeasures)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/disarm-countermeasures.json)]
|
||||
|
||||
## Detections
|
||||
|
||||
[Detections](https://www.misp-project.org/galaxy.html#_detections) - DISARM is a framework designed for describing and understanding disinformation incidents.
|
||||
|
||||
Category: *disarm* - source: *https://github.com/DISARMFoundation/DISARMframeworks* - total: *94* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_detections)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/disarm-detections.json)]
|
||||
|
||||
## Techniques
|
||||
|
||||
[Techniques](https://www.misp-project.org/galaxy.html#_techniques) - DISARM is a framework designed for describing and understanding disinformation incidents.
|
||||
|
||||
Category: *disarm* - source: *https://github.com/DISARMFoundation/DISARMframeworks* - total: *298* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_techniques)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/disarm-techniques.json)]
|
||||
|
||||
## Election guidelines
|
||||
|
||||
[Election guidelines](https://www.misp-project.org/galaxy.html#_election_guidelines) - Universal Development and Security Guidelines as Applicable to Election Technology.
|
||||
|
||||
Category: *guidelines* - source: *Open Sources* - total: *23* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_election_guidelines)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/election-guidelines.json)]
|
||||
|
||||
## Entity
|
||||
|
||||
[Entity](https://www.misp-project.org/galaxy.html#_entity) - Description of entities that can be involved in events.
|
||||
|
||||
Category: *actor* - source: *MISP Project* - total: *4* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_entity)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/entity.json)]
|
||||
|
||||
## Exploit-Kit
|
||||
|
||||
[Exploit-Kit](https://www.misp-project.org/galaxy.html#_exploit-kit) - Exploit-Kit is an enumeration of some exploitation kits used by adversaries. The list includes document, browser and router exploit kits.It's not meant to be totally exhaustive but aim at covering the most seen in the past 5 years
|
||||
|
||||
Category: *tool* - source: *MISP Project* - total: *52* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_exploit-kit)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/exploit-kit.json)]
|
||||
|
||||
## Firearms
|
||||
|
||||
[Firearms](https://www.misp-project.org/galaxy.html#_firearms) - Common firearms galaxy
|
||||
|
||||
Category: *firearm* - source: *https://www.impactguns.com* - total: *5953* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_firearms)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/firearms.json)]
|
||||
|
||||
## FIRST DNS Abuse Techniques Matrix
|
||||
|
||||
[FIRST DNS Abuse Techniques Matrix](https://www.misp-project.org/galaxy.html#_first_dns_abuse_techniques_matrix) - The Domain Name System (DNS) is a critical part of the Internet, including mapping domain names to IP addresses. Malicious threat actors use domain names, their corresponding technical resources, and other parts of the DNS infrastructure, including its protocols, for their malicious cyber operations. CERTs are confronted with reported DNS abuse on a continuous basis, and rely heavily on DNS analysis and infrastructure to protect their constituencies. Understanding the international customary norms applicable for detecting and mitigating DNS abuse from the perspective of the global incident response community is critical for the open Internet’s stability, security and resiliency. See also https://www.first.org/global/sigs/dns/ for more information.
|
||||
|
||||
Category: *first-dns* - source: *https://www.first.org/global/sigs/dns/* - total: *21* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_first_dns_abuse_techniques_matrix)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/first-dns.json)]
|
||||
|
||||
## Intelligence Agencies
|
||||
|
||||
[Intelligence Agencies](https://www.misp-project.org/galaxy.html#_intelligence_agencies) - List of intelligence agencies
|
||||
|
||||
Category: *Intelligence Agencies* - source: *https://en.wikipedia.org/wiki/List_of_intelligence_agencies* - total: *436* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_intelligence_agencies)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/intelligence-agencies.json)]
|
||||
|
||||
## INTERPOL DWVA Taxonomy
|
||||
|
||||
[INTERPOL DWVA Taxonomy](https://www.misp-project.org/galaxy.html#_interpol_dwva_taxonomy) - This taxonomy defines common forms of abuses and entities that represent real-world actors and service that are part of a larger Darknet- and Cryptoasset Ecosystems.
|
||||
|
||||
Category: *dwva* - source: *https://interpol-innovation-centre.github.io/DW-VA-Taxonomy/* - total: *94* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_interpol_dwva_taxonomy)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/interpol-dwva.json)]
|
||||
|
||||
## Malpedia
|
||||
|
||||
[Malpedia](https://www.misp-project.org/galaxy.html#_malpedia) - Malware galaxy cluster based on Malpedia.
|
||||
|
||||
Category: *tool* - source: *Malpedia* - total: *3039* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_malpedia)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/malpedia.json)]
|
||||
|
||||
## Microsoft Activity Group actor
|
||||
|
||||
[Microsoft Activity Group actor](https://www.misp-project.org/galaxy.html#_microsoft_activity_group_actor) - Activity groups as described by Microsoft
|
||||
|
||||
Category: *actor* - source: *MISP Project* - total: *79* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_microsoft_activity_group_actor)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/microsoft-activity-group.json)]
|
||||
|
||||
## Misinformation Pattern
|
||||
|
||||
[Misinformation Pattern](https://www.misp-project.org/galaxy.html#_misinformation_pattern) - AM!TT Technique
|
||||
|
||||
Category: *misinformation-pattern* - source: *https://github.com/misinfosecproject/amitt_framework* - total: *61* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_misinformation_pattern)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/misinfosec-amitt-misinformation-pattern.json)]
|
||||
|
||||
## MITRE ATLAS Attack Pattern
|
||||
|
||||
[MITRE ATLAS Attack Pattern](https://www.misp-project.org/galaxy.html#_mitre_atlas_attack_pattern) - MITRE ATLAS Attack Pattern - Adversarial Threat Landscape for Artificial-Intelligence Systems
|
||||
|
||||
Category: *attack-pattern* - source: *https://github.com/mitre-atlas/atlas-navigator-data* - total: *82* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_mitre_atlas_attack_pattern)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-atlas-attack-pattern.json)]
|
||||
|
||||
## MITRE ATLAS Course of Action
|
||||
|
||||
[MITRE ATLAS Course of Action](https://www.misp-project.org/galaxy.html#_mitre_atlas_course_of_action) - MITRE ATLAS Mitigation - Adversarial Threat Landscape for Artificial-Intelligence Systems
|
||||
|
||||
Category: *course-of-action* - source: *https://github.com/mitre-atlas/atlas-navigator-data* - total: *20* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_mitre_atlas_course_of_action)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-atlas-course-of-action.json)]
|
||||
|
||||
## Attack Pattern
|
||||
|
||||
[Attack Pattern](https://www.misp-project.org/galaxy.html#_attack_pattern) - ATT&CK tactic
|
||||
|
||||
Category: *attack-pattern* - source: *https://github.com/mitre/cti* - total: *1141* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_attack_pattern)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-attack-pattern.json)]
|
||||
|
||||
## Course of Action
|
||||
|
||||
[Course of Action](https://www.misp-project.org/galaxy.html#_course_of_action) - ATT&CK Mitigation
|
||||
|
||||
Category: *course-of-action* - source: *https://github.com/mitre/cti* - total: *281* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_course_of_action)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-course-of-action.json)]
|
||||
|
||||
## mitre-data-component
|
||||
|
||||
[mitre-data-component](https://www.misp-project.org/galaxy.html#_mitre-data-component) - Data components are parts of data sources.
|
||||
|
||||
Category: *data-component* - source: *https://github.com/mitre/cti* - total: *117* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_mitre-data-component)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-data-component.json)]
|
||||
|
||||
## mitre-data-source
|
||||
|
||||
[mitre-data-source](https://www.misp-project.org/galaxy.html#_mitre-data-source) - Data sources represent the various subjects/topics of information that can be collected by sensors/logs.
|
||||
|
||||
Category: *data-source* - source: *https://github.com/mitre/cti* - total: *40* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_mitre-data-source)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-data-source.json)]
|
||||
|
||||
## Enterprise Attack - Attack Pattern
|
||||
|
||||
[Enterprise Attack - Attack Pattern](https://www.misp-project.org/galaxy.html#_enterprise_attack_-_attack_pattern) - ATT&CK tactic
|
||||
|
||||
Category: *attack-pattern* - source: *https://github.com/mitre/cti* - total: *219* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_enterprise_attack_-_attack_pattern)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-enterprise-attack-attack-pattern.json)]
|
||||
|
||||
## Enterprise Attack - Course of Action
|
||||
|
||||
[Enterprise Attack - Course of Action](https://www.misp-project.org/galaxy.html#_enterprise_attack_-_course_of_action) - ATT&CK Mitigation
|
||||
|
||||
Category: *course-of-action* - source: *https://github.com/mitre/cti* - total: *215* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_enterprise_attack_-_course_of_action)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-enterprise-attack-course-of-action.json)]
|
||||
|
||||
## Enterprise Attack - Intrusion Set
|
||||
|
||||
[Enterprise Attack - Intrusion Set](https://www.misp-project.org/galaxy.html#_enterprise_attack_-_intrusion_set) - Name of ATT&CK Group
|
||||
|
||||
Category: *actor* - source: *https://github.com/mitre/cti* - total: *69* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_enterprise_attack_-_intrusion_set)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-enterprise-attack-intrusion-set.json)]
|
||||
|
||||
## Enterprise Attack - Malware
|
||||
|
||||
[Enterprise Attack - Malware](https://www.misp-project.org/galaxy.html#_enterprise_attack_-_malware) - Name of ATT&CK software
|
||||
|
||||
Category: *tool* - source: *https://github.com/mitre/cti* - total: *188* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_enterprise_attack_-_malware)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-enterprise-attack-malware.json)]
|
||||
|
||||
## Enterprise Attack - Tool
|
||||
|
||||
[Enterprise Attack - Tool](https://www.misp-project.org/galaxy.html#_enterprise_attack_-_tool) - Name of ATT&CK software
|
||||
|
||||
Category: *tool* - source: *https://github.com/mitre/cti* - total: *45* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_enterprise_attack_-_tool)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-enterprise-attack-tool.json)]
|
||||
|
||||
## Assets
|
||||
|
||||
[Assets](https://www.misp-project.org/galaxy.html#_assets) - A list of asset categories that are commonly found in industrial control systems.
|
||||
|
||||
Category: *asset* - source: *https://collaborate.mitre.org/attackics/index.php/All_Assets* - total: *7* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_assets)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-ics-assets.json)]
|
||||
|
||||
## Groups
|
||||
|
||||
[Groups](https://www.misp-project.org/galaxy.html#_groups) - Groups are sets of related intrusion activity that are tracked by a common name in the security community. Groups are also sometimes referred to as campaigns or intrusion sets. Some groups have multiple names associated with the same set of activities due to various organizations tracking the same set of activities by different names. Groups are mapped to publicly reported technique use and referenced in the ATT&CK for ICS knowledge base. Groups are also mapped to reported software used during intrusions.
|
||||
|
||||
Category: *actor* - source: *https://collaborate.mitre.org/attackics/index.php/Groups* - total: *10* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_groups)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-ics-groups.json)]
|
||||
|
||||
## Levels
|
||||
|
||||
[Levels](https://www.misp-project.org/galaxy.html#_levels) - Based on the Purdue Model to aid ATT&CK for ICS users to understand which techniques are applicable to their environment.
|
||||
|
||||
Category: *level* - source: *https://collaborate.mitre.org/attackics/index.php/All_Levels* - total: *3* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_levels)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-ics-levels.json)]
|
||||
|
||||
## Software
|
||||
|
||||
[Software](https://www.misp-project.org/galaxy.html#_software) - Software is a generic term for custom or commercial code, operating system utilities, open-source software, or other tools used to conduct behavior modeled in ATT&CK for ICS.
|
||||
|
||||
Category: *tool* - source: *https://collaborate.mitre.org/attackics/index.php/Software* - total: *17* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_software)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-ics-software.json)]
|
||||
|
||||
## Tactics
|
||||
|
||||
[Tactics](https://www.misp-project.org/galaxy.html#_tactics) - A list of all 11 tactics in ATT&CK for ICS
|
||||
|
||||
Category: *tactic* - source: *https://collaborate.mitre.org/attackics/index.php/All_Tactics* - total: *9* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_tactics)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-ics-tactics.json)]
|
||||
|
||||
## Techniques
|
||||
|
||||
[Techniques](https://www.misp-project.org/galaxy.html#_techniques) - A list of Techniques in ATT&CK for ICS.
|
||||
|
||||
Category: *attack-pattern* - source: *https://collaborate.mitre.org/attackics/index.php/All_Techniques* - total: *78* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_techniques)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-ics-techniques.json)]
|
||||
|
||||
## Intrusion Set
|
||||
|
||||
[Intrusion Set](https://www.misp-project.org/galaxy.html#_intrusion_set) - Name of ATT&CK Group
|
||||
|
||||
Category: *actor* - source: *https://github.com/mitre/cti* - total: *165* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_intrusion_set)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-intrusion-set.json)]
|
||||
|
||||
## Malware
|
||||
|
||||
[Malware](https://www.misp-project.org/galaxy.html#_malware) - Name of ATT&CK software
|
||||
|
||||
Category: *tool* - source: *https://github.com/mitre/cti* - total: *705* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_malware)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-malware.json)]
|
||||
|
||||
## Mobile Attack - Attack Pattern
|
||||
|
||||
[Mobile Attack - Attack Pattern](https://www.misp-project.org/galaxy.html#_mobile_attack_-_attack_pattern) - ATT&CK tactic
|
||||
|
||||
Category: *attack-pattern* - source: *https://github.com/mitre/cti* - total: *76* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_mobile_attack_-_attack_pattern)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-mobile-attack-attack-pattern.json)]
|
||||
|
||||
## Mobile Attack - Course of Action
|
||||
|
||||
[Mobile Attack - Course of Action](https://www.misp-project.org/galaxy.html#_mobile_attack_-_course_of_action) - ATT&CK Mitigation
|
||||
|
||||
Category: *course-of-action* - source: *https://github.com/mitre/cti* - total: *14* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_mobile_attack_-_course_of_action)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-mobile-attack-course-of-action.json)]
|
||||
|
||||
## Mobile Attack - Intrusion Set
|
||||
|
||||
[Mobile Attack - Intrusion Set](https://www.misp-project.org/galaxy.html#_mobile_attack_-_intrusion_set) - Name of ATT&CK Group
|
||||
|
||||
Category: *actor* - source: *https://github.com/mitre/cti* - total: *1* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_mobile_attack_-_intrusion_set)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-mobile-attack-intrusion-set.json)]
|
||||
|
||||
## Mobile Attack - Malware
|
||||
|
||||
[Mobile Attack - Malware](https://www.misp-project.org/galaxy.html#_mobile_attack_-_malware) - Name of ATT&CK software
|
||||
|
||||
Category: *tool* - source: *https://github.com/mitre/cti* - total: *35* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_mobile_attack_-_malware)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-mobile-attack-malware.json)]
|
||||
|
||||
## Mobile Attack - Tool
|
||||
|
||||
[Mobile Attack - Tool](https://www.misp-project.org/galaxy.html#_mobile_attack_-_tool) - Name of ATT&CK software
|
||||
|
||||
Category: *tool* - source: *https://github.com/mitre/cti* - total: *1* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_mobile_attack_-_tool)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-mobile-attack-tool.json)]
|
||||
|
||||
## Pre Attack - Attack Pattern
|
||||
|
||||
[Pre Attack - Attack Pattern](https://www.misp-project.org/galaxy.html#_pre_attack_-_attack_pattern) - ATT&CK tactic
|
||||
|
||||
Category: *attack-pattern* - source: *https://github.com/mitre/cti* - total: *174* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_pre_attack_-_attack_pattern)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-pre-attack-attack-pattern.json)]
|
||||
|
||||
## Pre Attack - Intrusion Set
|
||||
|
||||
[Pre Attack - Intrusion Set](https://www.misp-project.org/galaxy.html#_pre_attack_-_intrusion_set) - Name of ATT&CK Group
|
||||
|
||||
Category: *actor* - source: *https://github.com/mitre/cti* - total: *7* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_pre_attack_-_intrusion_set)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-pre-attack-intrusion-set.json)]
|
||||
|
||||
## mitre-tool
|
||||
|
||||
[mitre-tool](https://www.misp-project.org/galaxy.html#_mitre-tool) - Name of ATT&CK software
|
||||
|
||||
Category: *tool* - source: *https://github.com/mitre/cti* - total: *87* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_mitre-tool)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-tool.json)]
|
||||
|
||||
## NAICS
|
||||
|
||||
[NAICS](https://www.misp-project.org/galaxy.html#_naics) - The North American Industry Classification System or NAICS is a classification of business establishments by type of economic activity (the process of production).
|
||||
|
||||
Category: *sector* - source: *North American Industry Classification System - NAICS* - total: *2125* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_naics)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/naics.json)]
|
||||
|
||||
## o365-exchange-techniques
|
||||
|
||||
[o365-exchange-techniques](https://www.misp-project.org/galaxy.html#_o365-exchange-techniques) - o365-exchange-techniques - Office365/Exchange related techniques by @johnLaTwC and @inversecos
|
||||
|
||||
Category: *guidelines* - source: *Open Sources, https://www.inversecos.com/2021/09/office365-attacks-bypassing-mfa.html* - total: *62* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_o365-exchange-techniques)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/o365-exchange-techniques.json)]
|
||||
|
||||
## online-service
|
||||
|
||||
[online-service](https://www.misp-project.org/galaxy.html#_online-service) - Known public online services.
|
||||
|
||||
Category: *tool* - source: *Open Sources* - total: *1* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_online-service)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/online-service.json)]
|
||||
|
||||
## Preventive Measure
|
||||
|
||||
[Preventive Measure](https://www.misp-project.org/galaxy.html#_preventive_measure) - Preventive measures based on the ransomware document overview as published in https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml# . The preventive measures are quite generic and can fit any standard Windows infrastructure and their security measures.
|
||||
|
||||
Category: *measure* - source: *MISP Project* - total: *20* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_preventive_measure)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/preventive-measure.json)]
|
||||
|
||||
## Producer
|
||||
|
||||
[Producer](https://www.misp-project.org/galaxy.html#_producer) - List of threat intelligence producer from security vendors to CERTs including any producer of intelligence at large.
|
||||
|
||||
Category: *actor* - source: *MISP Project* - total: *21* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_producer)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/producer.json)]
|
||||
|
||||
## Ransomware
|
||||
|
||||
[Ransomware](https://www.misp-project.org/galaxy.html#_ransomware) - Ransomware galaxy based on https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml and http://pastebin.com/raw/GHgpWjar
|
||||
|
||||
Category: *tool* - source: *Various* - total: *1706* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_ransomware)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/ransomware.json)]
|
||||
|
||||
## RAT
|
||||
|
||||
[RAT](https://www.misp-project.org/galaxy.html#_rat) - remote administration tool or remote access tool (RAT), also called sometimes remote access trojan, is a piece of software or programming that allows a remote "operator" to control a system as if they have physical access to that system.
|
||||
|
||||
Category: *tool* - source: *MISP Project* - total: *266* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_rat)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/rat.json)]
|
||||
|
||||
## Regions UN M49
|
||||
|
||||
[Regions UN M49](https://www.misp-project.org/galaxy.html#_regions_un_m49) - Regions based on UN M49.
|
||||
|
||||
Category: *location* - source: *https://unstats.un.org/unsd/methodology/m49/overview/* - total: *32* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_regions_un_m49)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/region.json)]
|
||||
|
||||
## rsit
|
||||
|
||||
[rsit](https://www.misp-project.org/galaxy.html#_rsit) - rsit
|
||||
|
||||
Category: *rsit* - source: *https://github.com/enisaeu/Reference-Security-Incident-Taxonomy-Task-Force* - total: *39* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_rsit)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/rsit.json)]
|
||||
|
||||
## Sector
|
||||
|
||||
[Sector](https://www.misp-project.org/galaxy.html#_sector) - Activity sectors
|
||||
|
||||
Category: *sector* - source: *CERT-EU* - total: *118* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_sector)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/sector.json)]
|
||||
|
||||
## Sigma-Rules
|
||||
|
||||
[Sigma-Rules](https://www.misp-project.org/galaxy.html#_sigma-rules) - MISP galaxy cluster based on Sigma Rules.
|
||||
|
||||
Category: *rules* - source: *https://github.com/jstnk9/MISP/tree/main/misp-galaxy/sigma* - total: *2888* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_sigma-rules)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/sigma-rules.json)]
|
||||
|
||||
## Dark Patterns
|
||||
|
||||
[Dark Patterns](https://www.misp-project.org/galaxy.html#_dark_patterns) - Dark Patterns are user interface that tricks users into making decisions that benefit the interface's holder to the expense of the user.
|
||||
|
||||
Category: *dark-patterns* - source: *CIRCL* - total: *19* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_dark_patterns)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/social-dark-patterns.json)]
|
||||
|
||||
## SoD Matrix
|
||||
|
||||
[SoD Matrix](https://www.misp-project.org/galaxy.html#_sod_matrix) - SOD Matrix
|
||||
|
||||
Category: *sod-matrix* - source: *https://github.com/cudeso/SoD-Matrix* - total: *276* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_sod_matrix)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/sod-matrix.json)]
|
||||
|
||||
## Stealer
|
||||
|
||||
[Stealer](https://www.misp-project.org/galaxy.html#_stealer) - A list of malware stealer.
|
||||
|
||||
Category: *tool* - source: *Open Sources* - total: *16* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_stealer)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/stealer.json)]
|
||||
|
||||
## Surveillance Vendor
|
||||
|
||||
[Surveillance Vendor](https://www.misp-project.org/galaxy.html#_surveillance_vendor) - List of vendors selling surveillance technologies including malware, interception devices or computer exploitation services.
|
||||
|
||||
Category: *actor* - source: *MISP Project* - total: *50* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_surveillance_vendor)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/surveillance-vendor.json)]
|
||||
|
||||
## Target Information
|
||||
|
||||
[Target Information](https://www.misp-project.org/galaxy.html#_target_information) - Description of targets of threat actors.
|
||||
|
||||
Category: *target* - source: *Various* - total: *241* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_target_information)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/target-information.json)]
|
||||
|
||||
## TDS
|
||||
|
||||
[TDS](https://www.misp-project.org/galaxy.html#_tds) - TDS is a list of Traffic Direction System used by adversaries
|
||||
|
||||
Category: *tool* - source: *MISP Project* - total: *11* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_tds)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tds.json)]
|
||||
|
||||
## Tea Matrix
|
||||
|
||||
[Tea Matrix](https://www.misp-project.org/galaxy.html#_tea_matrix) - Tea Matrix
|
||||
|
||||
Category: *tea-matrix* - source: ** - total: *7* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_tea_matrix)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tea-matrix.json)]
|
||||
|
||||
## Threat Actor
|
||||
|
||||
- [vocabularies/threat-actor/cert-eu-motive.json](vocabularies/threat-actor/cert-eu-motive.json) - Motive vocab as defined by Cert EU.
|
||||
- [vocabularies/threat-actor/intended-effect-vocabulary.json](vocabularies/threat-actor/intended-effect.json) - The IntendedEffectVocab is the default STIX vocabulary for expressing the intended effect of a threat actor. STIX 1.2.1
|
||||
- [vocabularies/threat-actor/motivation-vocabulary.json](vocabularies/threat-actor/motivation.json) - The MotivationVocab is the default STIX vocabulary for expressing the motivation of a threat actor. STIX 1.2.1
|
||||
- [vocabularies/threat-actor/planning-and-operational-support-vocabulary.json](vocabularies/threat-actor/planning-and-operational-support.json) - The PlanningAndOperationalSupportVocab is the default STIX vocabulary for expressing the planning and operational support functions available to a threat actor.
|
||||
- [vocabularies/threat-actor/sophistication.json](vocabularies/threat-actor/sophistication.json) - The ThreatActorSophisticationVocab enumeration is used to define the default STIX vocabulary for expressing the subjective level of sophistication of a threat actor.
|
||||
- [vocabularies/threat-actor/type.json](vocabularies/threat-actor/type.json) - The ThreatActorTypeVocab enumeration is used to define the default STIX vocabulary for expressing the subjective type of a threat actor.
|
||||
[Threat Actor](https://www.misp-project.org/galaxy.html#_threat_actor) - Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign. threat-actor-classification meta can be used to clarify the understanding of the threat-actor if also considered as operation, campaign or activity group.
|
||||
|
||||
## MISP Integration
|
||||
Category: *actor* - source: *MISP Project* - total: *675* elements
|
||||
|
||||
Starting from [MISP 2.4.56](http://www.misp-project.org/2016/12/07/MISP.2.4.56.released.html), galaxy is integrated within the MISP threat sharing platform and users can directly benefit from the available clusters to attach them to the MISP event.
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_threat_actor)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/threat-actor.json)]
|
||||
|
||||
## Tidal Campaigns
|
||||
|
||||
[Tidal Campaigns](https://www.misp-project.org/galaxy.html#_tidal_campaigns) - Tidal Campaigns Cluster
|
||||
|
||||
Category: *Campaigns* - source: *https://app-api.tidalcyber.com/api/v1/campaigns/* - total: *48* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_tidal_campaigns)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tidal-campaigns.json)]
|
||||
|
||||
## Tidal Groups
|
||||
|
||||
[Tidal Groups](https://www.misp-project.org/galaxy.html#_tidal_groups) - Tidal Groups Galaxy
|
||||
|
||||
Category: *Threat Groups* - source: *https://app-api.tidalcyber.com/api/v1/groups/* - total: *172* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_tidal_groups)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tidal-groups.json)]
|
||||
|
||||
## Tidal References
|
||||
|
||||
[Tidal References](https://www.misp-project.org/galaxy.html#_tidal_references) - Tidal References Cluster
|
||||
|
||||
Category: *References* - source: *https://app-api.tidalcyber.com/api/v1/references/* - total: *4104* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_tidal_references)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tidal-references.json)]
|
||||
|
||||
## Tidal Software
|
||||
|
||||
[Tidal Software](https://www.misp-project.org/galaxy.html#_tidal_software) - Tidal Software Cluster
|
||||
|
||||
Category: *Software* - source: *https://app-api.tidalcyber.com/api/v1/software/* - total: *962* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_tidal_software)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tidal-software.json)]
|
||||
|
||||
## Tidal Tactic
|
||||
|
||||
[Tidal Tactic](https://www.misp-project.org/galaxy.html#_tidal_tactic) - Tidal Tactic Cluster
|
||||
|
||||
Category: *Tactic* - source: *https://app-api.tidalcyber.com/api/v1/tactic/* - total: *14* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_tidal_tactic)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tidal-tactic.json)]
|
||||
|
||||
## Tidal Technique
|
||||
|
||||
[Tidal Technique](https://www.misp-project.org/galaxy.html#_tidal_technique) - Tidal Technique Cluster
|
||||
|
||||
Category: *Technique* - source: *https://app-api.tidalcyber.com/api/v1/technique/* - total: *202* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_tidal_technique)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tidal-technique.json)]
|
||||
|
||||
## Threat Matrix for storage services
|
||||
|
||||
[Threat Matrix for storage services](https://www.misp-project.org/galaxy.html#_threat_matrix_for_storage_services) - Microsoft Defender for Cloud threat matrix for storage services contains attack tactics, techniques and mitigations relevant storage services delivered by cloud providers.
|
||||
|
||||
Category: *tmss* - source: *https://github.com/microsoft/Threat-matrix-for-storage-services* - total: *40* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_threat_matrix_for_storage_services)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tmss.json)]
|
||||
|
||||
## Tool
|
||||
|
||||
[Tool](https://www.misp-project.org/galaxy.html#_tool) - threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.
|
||||
|
||||
Category: *tool* - source: *MISP Project* - total: *603* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_tool)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tool.json)]
|
||||
|
||||
## UAVs/UCAVs
|
||||
|
||||
[UAVs/UCAVs](https://www.misp-project.org/galaxy.html#_uavs/ucavs) - Unmanned Aerial Vehicles / Unmanned Combat Aerial Vehicles
|
||||
|
||||
Category: *military equipment* - source: *Popular Mechanics* - total: *36* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_uavs/ucavs)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/uavs.json)]
|
||||
|
||||
## UKHSA Culture Collections
|
||||
|
||||
[UKHSA Culture Collections](https://www.misp-project.org/galaxy.html#_ukhsa_culture_collections) - UK Health Security Agency Culture Collections represent deposits of cultures that consist of expertly preserved, authenticated cell lines and microbial strains of known provenance.
|
||||
|
||||
Category: *virus* - source: *https://www.culturecollections.org.uk* - total: *6667* elements
|
||||
|
||||
[[HTML](https://www.misp-project.org/galaxy.html#_ukhsa_culture_collections)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/ukhsa-culture-collections.json)]
|
||||
|
||||
# Online documentation
|
||||
|
||||
The [misp-galaxy.org](https://misp-galaxy.org) website provides an easily navigable resource for all MISP galaxy clusters.
|
||||
|
||||
A [readable PDF overview of the MISP galaxy is available](https://www.misp.software/galaxy.pdf) or [HTML](https://www.misp.software/galaxy.html) and generated from the JSON.
|
||||
|
||||
![MISP Integration of the MISP galaxy](doc/images/screenshot.png)
|
||||
## How to contribute?
|
||||
|
||||
- [Read the contribution document](CONTRIBUTE.md)
|
||||
|
@ -87,12 +718,12 @@ The MISP galaxy (JSON files) are dual-licensed under:
|
|||
or
|
||||
|
||||
~~~~
|
||||
Copyright (c) 2015-2019 Alexandre Dulaunoy - a@foo.be
|
||||
Copyright (c) 2015-2019 CIRCL - Computer Incident Response Center Luxembourg
|
||||
Copyright (c) 2015-2019 Andras Iklody
|
||||
Copyright (c) 2015-2019 Raphael Vinot
|
||||
Copyright (c) 2015-2019 Deborah Servili
|
||||
Copyright (c) 2016-2019 Various contributors to MISP Project
|
||||
Copyright (c) 2015-2024 Alexandre Dulaunoy - a@foo.be
|
||||
Copyright (c) 2015-2024 CIRCL - Computer Incident Response Center Luxembourg
|
||||
Copyright (c) 2015-2024 Andras Iklody
|
||||
Copyright (c) 2015-2024 Raphael Vinot
|
||||
Copyright (c) 2015-2024 Deborah Servili
|
||||
Copyright (c) 2016-2024 Various contributors to MISP Project
|
||||
|
||||
Redistribution and use in source and binary forms, with or without modification,
|
||||
are permitted provided that the following conditions are met:
|
||||
|
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
@ -4653,7 +4653,47 @@
|
|||
},
|
||||
"uuid": "aef548fb-76f5-4eb9-9942-f189cb0d16f6",
|
||||
"value": "Razdel"
|
||||
},
|
||||
{
|
||||
"description": "Vulture is an Android banking trojan found in Google Play by ThreatFabric. It uses screen recording and keylogging as main strategy to harvest login credentials.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.threatfabric.com/blogs/vultur-v-for-vnc.html",
|
||||
"https://twitter.com/_icebre4ker_/status/1485651238175846400"
|
||||
]
|
||||
},
|
||||
"uuid": "66026639-132f-436e-8348-1219714e9f62",
|
||||
"value": "Vulture"
|
||||
},
|
||||
{
|
||||
"description": "Starting in June 2018, a number of new malware downloader samples that infect users with BankBot Anubis (aka Go_P00t) was discovered. The campaign features at least 10 malicious downloaders disguised as various applications, all of which fetch mobile banking Trojans that run on Android-based devices. Anubis Masquerades as Google Protect.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://securityintelligence.com/anubis-strikes-again-mobile-malware-continues-to-plague-users-in-official-app-stores/"
|
||||
]
|
||||
},
|
||||
"uuid": "d21ab582-2286-4827-9710-0eb283244ff1",
|
||||
"value": "Anubis"
|
||||
},
|
||||
{
|
||||
"description": "The Android banking Trojan Godfather is currently being utilized by cybercriminals to attack users of popular financial services across the globe. Godfather is designed to allow threat actors to harvest login credentials for banking applications and other financial services, and drain the accounts. To date, its victims include users of over 400 international targets, including banking applications, cryptocurrency wallets, and crypto exchanges.\nFew people realize that hiding under Godfather’s hood is an old banking Trojan called Anubis, whose functionality has become outdated due to Android updates and the efforts of malware detection and prevention providers.\nGroup-IB first detected Godfather, a mobile banking Trojan that steals the banking and cryptocurrency exchange credentials of users, in June 2021. Almost a year later, in March 2022, researchers at Threat Fabric were the first to mention the banking Trojan publicly. A few months later, in June, the Trojan stopped being circulated. One of the reasons, Group-IB analysts believe, why Godfather was taken out of use was for developers to update the Trojan further. Sure enough, Godfather reappeared in September 2022, now with slightly modified WebSocket functionality.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://blog.group-ib.com/godfather-trojan"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "d21ab582-2286-4827-9710-0eb283244ff1",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "successor-of"
|
||||
}
|
||||
],
|
||||
"uuid": "dddfa582-3df3-4832-bffe-c38e70b710ac",
|
||||
"value": "GodFather"
|
||||
}
|
||||
],
|
||||
"version": 20
|
||||
"version": 22
|
||||
}
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -1,6 +1,7 @@
|
|||
{
|
||||
"authors": [
|
||||
"Francesco Bigarella"
|
||||
"Francesco Bigarella",
|
||||
"Christophe Vandeplas"
|
||||
],
|
||||
"category": "guidelines",
|
||||
"description": "attck4fraud - Principles of MITRE ATT&CK in the fraud domain",
|
||||
|
@ -24,7 +25,8 @@
|
|||
"mitigation": "Implementation of DKIM and SPF authentication to detected spoofed email senders; anti-phishing solutions.",
|
||||
"refs": [
|
||||
"https://blog.malwarebytes.com/cybercrime/2015/02/amazon-notice-ticket-number-phish-seeks-card-details/",
|
||||
"https://www.bleepingcomputer.com/news/security/widespread-apple-id-phishing-attack-pretends-to-be-app-store-receipts/"
|
||||
"https://www.bleepingcomputer.com/news/security/widespread-apple-id-phishing-attack-pretends-to-be-app-store-receipts/",
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
],
|
||||
"victim": "end customer, enterprise"
|
||||
},
|
||||
|
@ -46,7 +48,11 @@
|
|||
"mitigation": "Implementation of DKIM and SPF authentication to detected spoofed email senders; flagging email coming from outside the enterprise (enterprise); anti-phishing solutions; awareness training (enterprise).",
|
||||
"refs": [
|
||||
"http://fortune.com/2017/04/27/facebook-google-rimasauskas/",
|
||||
"https://www.ibtimes.co.uk/russian-hackers-fancy-bear-likely-breached-olympic-drug-testing-agency-dnc-experts-say-1577508"
|
||||
"https://www.ibtimes.co.uk/russian-hackers-fancy-bear-likely-breached-olympic-drug-testing-agency-dnc-experts-say-1577508",
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
],
|
||||
"synonyms": [
|
||||
"Spear-phishing"
|
||||
],
|
||||
"victim": "end customer, enterprise"
|
||||
},
|
||||
|
@ -77,13 +83,34 @@
|
|||
"https://krebsonsecurity.com/2014/11/skimmer-innovation-wiretapping-atms/",
|
||||
"https://krebsonsecurity.com/2016/09/secret-service-warns-of-periscope-skimmers/",
|
||||
"https://krebsonsecurity.com/2011/03/green-skimmers-skimming-green",
|
||||
"https://blog.dieboldnixdorf.com/have-you-asked-yourself-this-question-about-skimming/"
|
||||
"https://blog.dieboldnixdorf.com/have-you-asked-yourself-this-question-about-skimming/",
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
],
|
||||
"synonyms": [
|
||||
"Skimming - CPP ATM"
|
||||
],
|
||||
"victim": "end customer, enterprise"
|
||||
},
|
||||
"uuid": "0e45e11c-9c24-49a2-b1fe-5d78a235844b",
|
||||
"value": "ATM skimming"
|
||||
},
|
||||
{
|
||||
"description": "Trap the cash dispenser with a physical component. Type 1 are visible to the user and type 2 are hidden in the cash dispenser",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Initiation"
|
||||
],
|
||||
"refs": [
|
||||
"https://medium.com/@netsentries/beware-of-atm-cash-trapping-9421e498dfcf",
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
],
|
||||
"synonyms": [
|
||||
"Cash Trapping"
|
||||
]
|
||||
},
|
||||
"uuid": "1e709b6e-ff4a-4645-adec-42f9636d38f8",
|
||||
"value": "ATM cash trapping"
|
||||
},
|
||||
{
|
||||
"description": "ATM Shimming refers to the act of capturing a bank card data accessing the EMV chip installed on the card while presenting the card to a ATM. Due to their low profile, shimmers can be fit inside ATM card readers and are therefore more difficult to detect.",
|
||||
"meta": {
|
||||
|
@ -109,20 +136,29 @@
|
|||
"value": "ATM Shimming"
|
||||
},
|
||||
{
|
||||
"description": "Vishing",
|
||||
"description": "Also known as voice phishing, is the criminal practice of using social engineering over the telephone system to gain access to private personal and financial information from the public for the purpose of financial reward. It is also employed by attackers for reconnaissance purposes to gather more detailed intelligence on a target organisation.",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Initiation"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
]
|
||||
},
|
||||
"uuid": "308fb88c-412a-4468-91ed-468d07fe4170",
|
||||
"value": "Vishing"
|
||||
},
|
||||
{
|
||||
"description": "POS Skimming",
|
||||
"description": "CPP analysis identifies the likely merchant, POS or ATM location from where card numbers were stolen so that banks can mitigate fraud on other compromised cards.",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Initiation"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
],
|
||||
"synonyms": [
|
||||
"Skimming - CPP POS"
|
||||
]
|
||||
},
|
||||
"uuid": "c33778e5-b5cc-4d12-8e4e-a329156d988c",
|
||||
|
@ -139,10 +175,13 @@
|
|||
"value": "Social Media Scams"
|
||||
},
|
||||
{
|
||||
"description": "Malware",
|
||||
"description": "Software which is specifically designed to disrupt, damage, or gain authorised access to a computer system.",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Target Compromise"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
]
|
||||
},
|
||||
"uuid": "6ee0f7cd-a0ef-46c5-9d80-f0fbac2a9140",
|
||||
|
@ -159,10 +198,16 @@
|
|||
"value": "Account-Checking Services"
|
||||
},
|
||||
{
|
||||
"description": "ATM Black Box Attack",
|
||||
"description": "Type of Jackpotting attack. Connection of an unauthorized device which sends dispense commands directly to the ATM cash dispenser in order to “cash out” the ATM.",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Target Compromise"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
],
|
||||
"synonyms": [
|
||||
"Black Box Attack"
|
||||
]
|
||||
},
|
||||
"uuid": "6bec22cb-9aed-426a-bffc-b0a78db6527a",
|
||||
|
@ -179,20 +224,29 @@
|
|||
"value": "Insider Trading"
|
||||
},
|
||||
{
|
||||
"description": "Investment Fraud",
|
||||
"description": "A deceptive practice in the stock or commodities markets that induces investors to make purchase or sale decisions on the basis of false information, frequently resulting in losses, in violation of securities laws.",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Perform Fraud"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
]
|
||||
},
|
||||
"uuid": "92f5f46f-c506-45de-9a7f-f1128e40d47c",
|
||||
"value": "Investment Fraud"
|
||||
},
|
||||
{
|
||||
"description": "Romance Scam",
|
||||
"description": "Romance scam is a confidence trick involving feigning romantic intentions towards a victim, gaining their affection, and then using that goodwill to commit fraud. Fraudulent acts may involve access to the victim's money, bank accounts, credit cards, passports, e-mail accounts, or national identification numbers; or forcing the victims to commit financial fraud on their behalf.",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Perform Fraud"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
],
|
||||
"synonyms": [
|
||||
"Romance Fraud"
|
||||
]
|
||||
},
|
||||
"uuid": "8ac64815-52c0-4d14-a4e4-4a19b2a6057d",
|
||||
|
@ -219,10 +273,16 @@
|
|||
"value": "Cash Recovery Scam"
|
||||
},
|
||||
{
|
||||
"description": "Fake Invoice Fraud",
|
||||
"description": "Invoice fraud happens when a company or organisation is tricked into changing bank account payee details for a payment. Criminals pose as regular suppliers to the company or organisation and will make a formal request for bank account details to be changed or emit false invoices.",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Perform Fraud"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
],
|
||||
"synonyms": [
|
||||
"Invoice Fraud"
|
||||
]
|
||||
},
|
||||
"uuid": "a0f764d1-b541-4ee7-bb30-21b9a735f644",
|
||||
|
@ -259,20 +319,32 @@
|
|||
"value": "CxO Fraud"
|
||||
},
|
||||
{
|
||||
"description": "Compromised Payment Cards",
|
||||
"description": "The loss of or theft of a card, which is subsequently used for illegal purposes until blocked by the card issuer.",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Obtain Fraudulent Assets"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
],
|
||||
"synonyms": [
|
||||
"Lost/Stolen Card"
|
||||
]
|
||||
},
|
||||
"uuid": "d46e397f-8957-41f1-8736-13400b9e82fc",
|
||||
"value": "Compromised Payment Cards"
|
||||
},
|
||||
{
|
||||
"description": "Compromised Account Credentials",
|
||||
"description": "Account takeover fraud is a form of identity theft in which the fraudster gets access to a victim's bank or credit card accounts -- through a data breach, malware or phishing -- and uses them to make unauthorised transaction.",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Obtain Fraudulent Assets"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
],
|
||||
"synonyms": [
|
||||
"Account Takeover Fraud"
|
||||
]
|
||||
},
|
||||
"uuid": "7d71e71c-502f-412a-8fc7-584de8a9d203",
|
||||
|
@ -378,7 +450,514 @@
|
|||
},
|
||||
"uuid": "9bfd2f4f-39a7-43fe-b5cd-a345a065276d",
|
||||
"value": "ATM Explosive Attack"
|
||||
},
|
||||
{
|
||||
"description": "A card not present transaction (CNP, MO/TO, Mail Order / Telephone Order, MOTOEC) is a payment card transaction made where the cardholder does not or cannot physically present the card for a merchant's visual examination at the time that an order is given and payment effected",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Perform Fraud"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
]
|
||||
},
|
||||
"uuid": "a13829f4-be4b-5ada-8be4-3515b080cf6c",
|
||||
"value": "CNP – Card Not Present"
|
||||
},
|
||||
{
|
||||
"description": "A card present transaction occurs when a cardholder physically presents a card to request and authorise a financial transaction",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Perform Fraud"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
]
|
||||
},
|
||||
"uuid": "422f283a-19e0-56da-b348-98b5d31fcea6",
|
||||
"value": "CP – Card Present"
|
||||
},
|
||||
{
|
||||
"description": "Fraud that occurs when a merchant account is used without the intention of operating a legitimate business transaction.",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Perform Fraud"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
]
|
||||
},
|
||||
"uuid": "ccd0dcc5-5f86-52fb-8e72-7aa6e8f55f8a",
|
||||
"value": "Merchant Fraud"
|
||||
},
|
||||
{
|
||||
"description": "Fraud that involves virtual currency, or virtual money, which is a type of unregulated, digital money, issued and usually controlled by its developers and used and accepted among the members of a specific virtual community.",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Monetisation"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
]
|
||||
},
|
||||
"uuid": "69273dd2-cc8d-5a83-9544-1b6f6a8f8a53",
|
||||
"value": "Virtual Currency Fraud"
|
||||
},
|
||||
{
|
||||
"description": "A category of criminal acts that involve making the unlawful use of cheques in order to illegally acquire or borrow funds that do not exist within the account balance or account-holder's legal ownership. Most methods involve taking advantage the time between the negotiation of the cheque and its clearance at the cheque writer's financial institution to draw out these funds.",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Monetisation"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
]
|
||||
},
|
||||
"uuid": "b70d490e-7eef-5219-ab93-4ea085bf9361",
|
||||
"value": "Cheque Fraud"
|
||||
},
|
||||
{
|
||||
"description": "Fraud perpetrated via omni- channel means to digital banking or payments channels such as home banking or other electronic services.",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Perform Fraud"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
]
|
||||
},
|
||||
"uuid": "39de6438-4c1f-5bdc-b9a8-5cc3e889eaaf",
|
||||
"value": "Digital Fraud"
|
||||
},
|
||||
{
|
||||
"description": "Fraud perpetrated via mobile devices to digital banking, payments channels such as home banking or other electronic services, or online merchants",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Perform Fraud"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
]
|
||||
},
|
||||
"uuid": "147b0d04-933c-5244-8c67-33914426d47b",
|
||||
"value": "Mobile Fraud"
|
||||
},
|
||||
{
|
||||
"description": "Fraud perpetrated via land line telephone means to banking or payments channels such as home banking or other electronic services or merchants",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Perform Fraud"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
]
|
||||
},
|
||||
"uuid": "5e28b366-d9f0-5079-b796-3fa424ec365a",
|
||||
"value": "Telephone Fraud"
|
||||
},
|
||||
{
|
||||
"description": "Fraud occurs when a standing order is falsely created or adulterated. A standing order is an automated method of making payments, where a person or business instructs their bank to pay another person or business, a fixed amount of money at regular intervals. Fraud occurs when a standing order is falsely created or adulterated.",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Assets Transfer"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
]
|
||||
},
|
||||
"uuid": "86e2f55d-cf76-5be8-9cf3-7bfa24d0ea2a",
|
||||
"value": "Standing Order Fraud"
|
||||
},
|
||||
{
|
||||
"description": "A scam in which cybercriminals spoof company email accounts and impersonate executives to try and fool an employee in accounting or HR into executing unauthorized wire transfers, or sending out confidential information",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Initiation"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
]
|
||||
},
|
||||
"uuid": "55a413e3-5eba-5eac-a36b-575bdb2e7cd7",
|
||||
"value": "CEO/BEC Fraud"
|
||||
},
|
||||
{
|
||||
"description": "An illegal process of concealing the origins of money obtained illegally by passing it through a complex sequence of banking transfers or commercial transactions. The overall scheme of this process returns the money to the launderer in an obscure and indirect way.",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Monetisation"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
]
|
||||
},
|
||||
"uuid": "d0492296-9ba7-59ad-a510-f8a0526c114a",
|
||||
"value": "Money laundering"
|
||||
},
|
||||
{
|
||||
"description": "Credit cards are produced in BIN ranges. Where an issuer does not use random generation of the card number, it is possible for an attacker to obtain one good card number and generate valid card numbers",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Perform Fraud"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
]
|
||||
},
|
||||
"uuid": "37ff3b85-80f5-5380-8ce0-defee3ba819f",
|
||||
"value": "BIN Attack"
|
||||
},
|
||||
{
|
||||
"description": "In computing, a denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Initiation"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
]
|
||||
},
|
||||
"uuid": "7ca098c2-9f6e-56be-8b32-7f36833803ee",
|
||||
"value": "DoS - Denial of Service Attack"
|
||||
},
|
||||
{
|
||||
"description": "In cryptography and computer security, a man-in-the-middle attack (MITM) is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Initiation"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
]
|
||||
},
|
||||
"uuid": "bcd23dee-c9da-548d-9d74-2ed7d71133be",
|
||||
"value": "MITM - Man-in-the-Middle Attack"
|
||||
},
|
||||
{
|
||||
"description": "Unauthorized physical manipulation of ATM cash withdrawal. Appears that cash has not been dispensed – a reversal message generated – SEE FULL TERMINAL FRAUD DEFINITION",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Target Compromise"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
]
|
||||
},
|
||||
"uuid": "2ac0d577-7de1-5cbd-bf8a-30b79cd7f6cc",
|
||||
"value": "Transaction Reversal Fraud"
|
||||
},
|
||||
{
|
||||
"description": "The data contained in an authorisation message is manipulated to try to fool the payment processor.",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Target Compromise"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
]
|
||||
},
|
||||
"uuid": "fb5b4715-5e6b-5134-a99a-b154b8f2cb84",
|
||||
"value": "Transaction Message Adulteration"
|
||||
},
|
||||
{
|
||||
"description": "Fraud committed against a financial institution by one of its own customers",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Obtain Fraudulent Assets"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
]
|
||||
},
|
||||
"uuid": "09ac2614-d332-51b4-b7b0-ce3f9a74539b",
|
||||
"value": "First Party (Friendly) Fraud"
|
||||
},
|
||||
{
|
||||
"description": "Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials. Alternatively, an adversary may intercept a message from a legitimate sender and attempt to make it look like the message comes from them without changing its content. The latter form of this attack can be used to hijack credentials from legitimate users. Identity Spoofing attacks need not be limited to transmitted messages - any resource that is associated with an identity (for example, a file with a signature) can be the target of an attack where the adversary attempts to change the apparent identity",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Obtain Fraudulent Assets"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
]
|
||||
},
|
||||
"uuid": "b105c344-448c-5d70-bb64-31f0f1246389",
|
||||
"value": "Identity Spoofing (or entity hacking)"
|
||||
},
|
||||
{
|
||||
"description": "A form of fraud in which victims are manipulated into making real-time payments to fraudsters, typically by social engineering attacks involving impersonation.",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Assets Transfer"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
]
|
||||
},
|
||||
"uuid": "b36f88c8-3682-5cac-b89d-33f64f91fc94",
|
||||
"value": "Authorised Push Payment Fraud"
|
||||
},
|
||||
{
|
||||
"description": "Direct debit fraud can take place in several ways. It is often associated with identity theft, where the scammer gains access to the bank account information by posing as the victim. They can pay for services and products via a direct debit option and use this account until its owner notices.",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Assets Transfer"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
]
|
||||
},
|
||||
"uuid": "def44822-3b24-5612-b6a2-da77f84fb5d9",
|
||||
"value": "Direct Debit Fraud"
|
||||
},
|
||||
{
|
||||
"description": "Obtaining benefit through coercion",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Perform Fraud"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
]
|
||||
},
|
||||
"uuid": "e376947a-2e73-5c81-b8d5-7ac8a3ecc7a1",
|
||||
"value": "Extortion"
|
||||
},
|
||||
{
|
||||
"description": "Also known as \"SMS Phishing\", is a form of criminal activity using social engineering techniques. SMS phishing uses cell phone text messages to deliver information and/or requests to induce people to divulge or to take action that will compromise their personal or confidential information.",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Initiation"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
]
|
||||
},
|
||||
"uuid": "7607cd1c-c237-55c8-8dc6-d552ca28b86f",
|
||||
"value": "Smishing"
|
||||
},
|
||||
{
|
||||
"description": "Technique used to obtain information such as personal identification numbers (PINs), passwords and other confidential data by looking over the victim's shoulder",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Initiation"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
]
|
||||
},
|
||||
"uuid": "7304230c-a2ba-5f85-915b-21ef2df62c0a",
|
||||
"value": "Shoulder Surfing"
|
||||
},
|
||||
{
|
||||
"description": "The process of diverting the attention of an individual or group from a desired area of focus and thereby blocking or diminishing the reception of desired information.",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Initiation"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
]
|
||||
},
|
||||
"uuid": "cd4a2731-b691-5c91-a608-cf6c431be0ba",
|
||||
"value": "Distraction"
|
||||
},
|
||||
{
|
||||
"description": "Authorised push payment fraud happens when fraudsters deceive consumers or individuals at a business to send them a payment under false pretences to a bank account controlled by the fraudster. As payments made using real-time payment schemes are irrevocable, the victims cannot reverse a payment once they realise they have been conned.",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Initiation"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
]
|
||||
},
|
||||
"uuid": "056a1cf1-0c75-59cc-9d73-f3b5b70ab77e",
|
||||
"value": "Push Payments"
|
||||
},
|
||||
{
|
||||
"description": "Unauthorised software, or authorises software run in an unauthorized manner on ATM PC - SEE FULL TERMINAL FRAUD DEFINITION",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Initiation"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
]
|
||||
},
|
||||
"uuid": "956593f4-ff08-523f-995a-6b8c56c101be",
|
||||
"value": "ATM Malware"
|
||||
},
|
||||
{
|
||||
"description": "A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used from a PC or Computer Network by an entity unauthorised to do so.",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Initiation"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
]
|
||||
},
|
||||
"uuid": "65c6719e-9daf-578a-8d86-0f65b3054e75",
|
||||
"value": "Data Breach"
|
||||
},
|
||||
{
|
||||
"description": "A type of malicious software designed to block access to a computer system until a sum of money is paid",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Initiation"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
]
|
||||
},
|
||||
"uuid": "73e1bbdc-1b73-5b84-9f6c-6d13c491bb47",
|
||||
"value": "Ransomware"
|
||||
},
|
||||
{
|
||||
"description": "A website that is not a legitimate venue, the site is designed to entice the visitor into revealing sensitive information, to download some form of malware or to purchase products that never arrive",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Initiation"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
]
|
||||
},
|
||||
"uuid": "d86ff26f-b9c3-5668-8eef-7a178b6fe158",
|
||||
"value": "Fake Website"
|
||||
},
|
||||
{
|
||||
"description": "Apps in mobile devices that trick users into downloading them. They may also pose as quirky and attractive apps, providing interesting services. Once installed on a mobile device, fake apps can perform a variety of malicious routines.",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Initiation"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
]
|
||||
},
|
||||
"uuid": "8dba8e97-7af4-5e76-8dde-3be54c9e8a6c",
|
||||
"value": "Fake App"
|
||||
},
|
||||
{
|
||||
"description": "Cyber criminals introduce skimming code on e-commerce payment card processing web pages to capture credit card and personally identifiable information and send the stolen data to a domain under their control.",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Initiation"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
]
|
||||
},
|
||||
"uuid": "7f5886b8-06a2-51cc-8428-5cb67615e3b2",
|
||||
"value": "e-Skimming"
|
||||
},
|
||||
{
|
||||
"description": "CPP analysis identifies Payment Terminal parking, transport, fuel, etc. locations, from where card numbers were stolen so that banks can mitigate fraud on other compromised cards.",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Initiation"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
]
|
||||
},
|
||||
"uuid": "e89436a5-1b58-5676-a34d-d654c59a7d32",
|
||||
"value": "Skimming - CPP UPT"
|
||||
},
|
||||
{
|
||||
"description": "Same as e-Skimming",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Initiation"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
]
|
||||
},
|
||||
"uuid": "80165f05-1c1d-5f41-96b6-464ac065b052",
|
||||
"value": "Skimming - CPP Virtual Terminal"
|
||||
},
|
||||
{
|
||||
"description": "Unauthorized physical ATM manipulation, preventing card from being returned to customer - SEE FULL TERMINAL FRAUD DEFINITION",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Initiation"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
]
|
||||
},
|
||||
"uuid": "493b35ed-9415-5de5-a5cb-298f169cc4f4",
|
||||
"value": "Card Trapping"
|
||||
},
|
||||
{
|
||||
"description": "Patch management is the best practice of upgrading existing software applications to remove any weak security patches that could be exploited by hackers. Lack of proper patching allows cyber criminals to exploit systems and networks.",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Due Diligence"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
]
|
||||
},
|
||||
"uuid": "0e7a4057-d84b-5451-9006-5a5efe9e948a",
|
||||
"value": "Lack of Patching / Security"
|
||||
},
|
||||
{
|
||||
"description": "Process where an information system is deployed into a Production Environed with faults, errors or vulnerabilities",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Due Diligence"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
]
|
||||
},
|
||||
"uuid": "b132c566-7656-5b2b-b157-5734c9e30cc8",
|
||||
"value": "Bad implementation"
|
||||
},
|
||||
{
|
||||
"description": "Implementation of a system, solution or service not according to defined and tested best practices.",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Due Diligence"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
]
|
||||
},
|
||||
"uuid": "dd09e952-7992-5a37-a9c4-ed978d89a939",
|
||||
"value": "Deployment Error"
|
||||
},
|
||||
{
|
||||
"description": "Merchants not following best practice procedures to avoid criminal or fraudulent activity,",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Due Diligence"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
]
|
||||
},
|
||||
"uuid": "39a06139-ece8-5d8c-947e-cf0b4dbdccf6",
|
||||
"value": "Merchant Negligence"
|
||||
},
|
||||
{
|
||||
"description": "Implementation of a sstem, solution or service not according to defined and tested standards",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"fraud-tactics:Due Diligence"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.association-secure-transactions.eu/industry-information/fraud-definitions/"
|
||||
]
|
||||
},
|
||||
"uuid": "a52f8c2e-4a38-5b1b-a4b0-4710606cd86f",
|
||||
"value": "Implementation not according to Standards"
|
||||
}
|
||||
],
|
||||
"version": 3
|
||||
"version": 6
|
||||
}
|
||||
|
|
|
@ -135,11 +135,360 @@
|
|||
"refs": [
|
||||
"https://www.advanced-intel.com/post/anatomy-of-attack-inside-bazarbackdoor-to-ryuk-ransomware-one-group-via-cobalt-strike",
|
||||
"https://www.pandasecurity.com/en/mediacenter/business/bazarbackdoor-trickbot-backdoor/"
|
||||
],
|
||||
"synonyms": [
|
||||
"BEERBOT",
|
||||
"KEGTAP",
|
||||
"Team9Backdoor",
|
||||
"bazaloader",
|
||||
"bazarloader",
|
||||
"bazaarloader"
|
||||
]
|
||||
},
|
||||
"uuid": "1523a693-5d90-4da1-86d2-b5d22317820d",
|
||||
"value": "BazarBackdoor"
|
||||
},
|
||||
{
|
||||
"description": "Backdoor.Sunburst is Malwarebytes’ detection name for a trojanized update to SolarWind’s Orion IT monitoring and management software.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/",
|
||||
"https://www.varonis.com/blog/solarwinds-sunburst-backdoor-inside-the-stealthy-apt-campaign/",
|
||||
"https://blog.malwarebytes.com/detections/backdoor-sunburst/",
|
||||
"https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/",
|
||||
"https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/"
|
||||
],
|
||||
"synonyms": [
|
||||
"Solarigate"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "d9b2305e-9802-483c-a95d-2ae8525c7704",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "dropped-by"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d7247cf9-13b6-4781-b789-a5f33521633b",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "used-by"
|
||||
}
|
||||
],
|
||||
"uuid": "16902832-0118-40f2-b29e-eaba799b2bf4",
|
||||
"value": "SUNBURST"
|
||||
},
|
||||
{
|
||||
"description": "BPFDoor is a passive backdoor used by a China-based threat actor. This backdoor supports multiple protocols for communicating with a C2 including TCP, UDP, and ICMP allowing the threat actor a variety of mechanisms to interact with the implant",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://troopers.de/troopers22/talks/7cv8pz/",
|
||||
"https://doublepulsar.com/bpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896?gi=1effe9eb6507",
|
||||
"https://twitter.com/cyb3rops/status/1523227511551033349",
|
||||
"https://twitter.com/CraigHRowland/status/1523266585133457408"
|
||||
]
|
||||
},
|
||||
"uuid": "0c3b1aa5-3a33-493e-9126-28ebced4ed09",
|
||||
"value": "BPFDoor"
|
||||
},
|
||||
{
|
||||
"description": "According to Mandiant, this malware family is attributed to potential chinese background and its Linux variant is related to exploitation of Fortinet's SSL-VPN (CVE-2022-42475).",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://malpedia.caad.fkie.fraunhofer.de/details/win.boldmove",
|
||||
"https://malpedia.caad.fkie.fraunhofer.de/details/elf.boldmove",
|
||||
"https://www.mandiant.com/resources/blog/chinese-actors-exploit-fortios-flaw"
|
||||
]
|
||||
},
|
||||
"uuid": "2cef78bd-f097-4477-8888-79359042b515",
|
||||
"value": "BOLDMOVE"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://securelist.com/bad-magic-apt/109087/"
|
||||
]
|
||||
},
|
||||
"uuid": "c866b002-1cb6-4c91-8a8b-f0b0c6ac2b1a",
|
||||
"value": "PowerMagic"
|
||||
},
|
||||
{
|
||||
"description": "VEILEDSIGNAL is a backdoor written in C that is able to execute shellcode and terminate itself. Additionally, VEILEDSIGNAL relies on additional modules that connect via Windows named pipes to interact with the Command and Control(C2) infrastructure.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise"
|
||||
]
|
||||
},
|
||||
"uuid": "f482f9bb-ced1-4a2f-90cd-07df7163b44f",
|
||||
"value": "VEILEDSIGNAL"
|
||||
},
|
||||
{
|
||||
"description": "POOLRAT is a C/C++ macOS backdoor capable of collecting basic system information and executing commands. The commands performed include running arbitrary commands, secure deleting files, reading and writing files, updating the configuration.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise"
|
||||
]
|
||||
},
|
||||
"uuid": "617009c2-e6bc-4881-8f46-b9b4a68f4c04",
|
||||
"value": "POOLRAT"
|
||||
},
|
||||
{
|
||||
"description": "BIGRAISIN is a C\\C++ Windows based backdoor. It is capable of executing downloaded commands, executing downloaded files, and deleting files. Availability: Non-public",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://mandiant.widen.net/s/zvmfw5fnjs/apt43-report"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "aac49b4e-74e9-49fa-84f9-e340cf8bafbc",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "used-by"
|
||||
}
|
||||
],
|
||||
"uuid": "6d7adc1e-c6a5-42a2-8477-ce51b40674a6",
|
||||
"value": "BIGRAISIN"
|
||||
},
|
||||
{
|
||||
"description": "FASTFIRE is a malicious APK that connects to a server and sends details of the compromised device back to command and control (C2). Availability: Non-public",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://mandiant.widen.net/s/zvmfw5fnjs/apt43-report"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "aac49b4e-74e9-49fa-84f9-e340cf8bafbc",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "used-by"
|
||||
}
|
||||
],
|
||||
"uuid": "767b4d07-2746-4ad2-bc79-de15fc495e3a",
|
||||
"value": "FASTFIRE"
|
||||
},
|
||||
{
|
||||
"description": "GRAYZONE is a C/C++ Windows backdoor capable of collecting system information, logging keystrokes, and downloading additional stages from the C2 server. Availability: Non-public",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://mandiant.widen.net/s/zvmfw5fnjs/apt43-report"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "aac49b4e-74e9-49fa-84f9-e340cf8bafbc",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "used-by"
|
||||
}
|
||||
],
|
||||
"uuid": "0aea9604-62dd-4646-b47d-556e09ce558e",
|
||||
"value": "GRAYZONE"
|
||||
},
|
||||
{
|
||||
"description": "HANGMAN.V2 is a variant of the backdoor HANGMAN. HANGMAN.V2 is very similar to HANGMAN, but uses HTTP for the network communications and formats data passed to the C2 server differently. Availability: Non-public",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://mandiant.widen.net/s/zvmfw5fnjs/apt43-report"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "3e489132-8687-46b3-b9a7-74ba8fafaddf",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "variant-of"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "aac49b4e-74e9-49fa-84f9-e340cf8bafbc",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "used-by"
|
||||
}
|
||||
],
|
||||
"uuid": "f62813e9-251f-4f5c-bf27-cba2d933392b",
|
||||
"value": "HANGMAN.V2"
|
||||
},
|
||||
{
|
||||
"description": "LOGCABIN is a file-less and modular backdoor with multiple stages. The stages consist of several VisualBasic and PowerShell scripts that are downloaded and executed. LOGCABIN collects detailed system information and sends it to the C2 before performing additional commands. Availability: Non-public",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://mandiant.widen.net/s/zvmfw5fnjs/apt43-report"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "aac49b4e-74e9-49fa-84f9-e340cf8bafbc",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "used-by"
|
||||
}
|
||||
],
|
||||
"uuid": "43c91440-1f70-40df-b006-ae9507b04225",
|
||||
"value": "LOGCABIN"
|
||||
},
|
||||
{
|
||||
"description": "SOURDOUGH is a backdoor written in C that communicates via HTTP. Its capabilities include keylogging, screenshot capture, file transfer, file execution, and directory enumeration. Availability: Non-public",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://mandiant.widen.net/s/zvmfw5fnjs/apt43-report"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "aac49b4e-74e9-49fa-84f9-e340cf8bafbc",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "used-by"
|
||||
}
|
||||
],
|
||||
"uuid": "8a52581c-3308-47b8-869a-cd06053c6eff",
|
||||
"value": "SOURDOUGH"
|
||||
},
|
||||
{
|
||||
"description": "TROIBOMB is a C/C++ Windows backdoor that is capable of collecting system information and performing commands from the C2 server. Availability: Non-public",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://mandiant.widen.net/s/zvmfw5fnjs/apt43-report"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "aac49b4e-74e9-49fa-84f9-e340cf8bafbc",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "used-by"
|
||||
}
|
||||
],
|
||||
"uuid": "f8444fcc-730e-4898-8ef5-6cc1976ff475",
|
||||
"value": "TROIBOMB"
|
||||
},
|
||||
{
|
||||
"description": "ZIPLINE makes use of extensive functionality to ensure the authentication of its custom protocol used to establish command and control (C2).",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.mandiant.com/resources/blog/investigating-ivanti-zero-day-exploitation"
|
||||
]
|
||||
},
|
||||
"uuid": "14504cbe-8423-47aa-a947-a3ab5549a068",
|
||||
"value": "ZIPLINE"
|
||||
},
|
||||
{
|
||||
"description": "SPAWNSNAIL is a backdoor that listens on localhost. It is designed to run by injecting into the dsmdm process (process responsible for supporting mobile device management features). It creates a backdoor by exposing a limited SSH server on localhost port 8300. We assess that the attacker uses the SPAWNMOLE tunneler to interact with SPAWNSNAIL.\n\nSPAWNSNAIL's second purpose is to inject SPAWNSLOTH into dslogserver, a process supporting event logging on Connect Secure.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "6fcf8d1f-2e68-4982-a579-2ca5595e4990",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "used-by"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "e6cf28a6-94a9-4aab-b919-ad2f6a7e3b87",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "preceded-by"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "6c89c51f-1b97-4966-abc1-9cf526bb2892",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "interacts-with"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "2c237974-edc2-460a-90b5-20f699560da3",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "injects"
|
||||
}
|
||||
],
|
||||
"uuid": "de390f3e-c0d1-4c70-b121-a7a98f7326aa",
|
||||
"value": "SPAWNSNAIL"
|
||||
},
|
||||
{
|
||||
"description": "BRICKSTORM is a Go backdoor targeting VMware vCenter servers. It supports the ability to set itself up as a web server, perform file system and directory manipulation, perform file operations such as upload/download, run shell commands, and perform SOCKS relaying. BRICKSTORM communicates over WebSockets to a hard-coded C2.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "f288f686-b5b3-4c86-9960-5f8fb18709a3",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "used-by"
|
||||
}
|
||||
],
|
||||
"uuid": "64a0e3ab-e201-4fdc-9836-85365dfa84bb",
|
||||
"value": "BRICKSTORM"
|
||||
},
|
||||
{
|
||||
"description": "PHANTOMNET is a modular backdoor that communicates using a custom communication protocol over TCP. PHANTOMNET's core functionality involves expanding its capabilities through a plugin management system. The downloaded plugins are mapped directly into memory and executed.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "c5ea778c-df2f-4c63-b401-dded9cb2419c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "is-deployed-by"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "540b3e66-edbf-40ee-ae05-474b27c1ff40",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "executed-by"
|
||||
}
|
||||
],
|
||||
"uuid": "f97ea150-a727-4d47-823a-41de07a43ea9",
|
||||
"value": "PHANTOMNET"
|
||||
},
|
||||
{
|
||||
"description": "TERRIBLETEA is a Go backdoor that communicates over HTTP using XXTEA for encrypted communications. It is built using multiple open-source Go modules and has a multitude of capabilities including Command execution, Keystroke logging, SOCKS5 proxy, Port scanning, File system interaction, SQL query execution, Screen captures, Ability to open a new SSH session, execute commands, and upload files to a remote server. ",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "083a637b-c58c-4ccb-ab59-81d783873e80",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "is-deployed-by "
|
||||
}
|
||||
],
|
||||
"uuid": "4838b37b-2d1f-4cb8-945d-7185580f0bff",
|
||||
"value": "TERRIBLETEA"
|
||||
}
|
||||
],
|
||||
"version": 10
|
||||
"version": 19
|
||||
}
|
||||
|
|
|
@ -674,6 +674,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "used-by"
|
||||
}
|
||||
],
|
||||
"uuid": "e683cd91-40b4-4e1c-be25-34a27610a22e",
|
||||
|
@ -890,7 +897,11 @@
|
|||
"refs": [
|
||||
"https://www.bleepingcomputer.com/news/security/new-icedid-banking-trojan-discovered/",
|
||||
"https://securityintelligence.com/new-banking-trojan-icedid-discovered-by-ibm-x-force-research/",
|
||||
"http://blog.talosintelligence.com/2018/04/icedid-banking-trojan.html"
|
||||
"http://blog.talosintelligence.com/2018/04/icedid-banking-trojan.html",
|
||||
"https://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/"
|
||||
],
|
||||
"synonyms": [
|
||||
"BokBot"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
|
@ -1191,7 +1202,29 @@
|
|||
},
|
||||
"uuid": "fa574138-a3bd-4ebc-a5f7-3b465df7106f",
|
||||
"value": "Dark Tequila"
|
||||
},
|
||||
{
|
||||
"description": "Distributed by Malteiro",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://blog.scilabs.mx/en/cyber-threat-profile-malteiro/"
|
||||
],
|
||||
"synonyms": [
|
||||
"URSA"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "ba57c28a-47d0-46ba-a933-9aed69f7b84f",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "delivered-by"
|
||||
}
|
||||
],
|
||||
"uuid": "d27eea57-e55f-40b1-9690-55c2c8500876",
|
||||
"value": "Malteiro"
|
||||
}
|
||||
],
|
||||
"version": 16
|
||||
"version": 19
|
||||
}
|
||||
|
|
|
@ -1181,7 +1181,857 @@
|
|||
},
|
||||
"uuid": "ea2906a5-d493-4afa-b770-436c0c246c78",
|
||||
"value": "Mozi"
|
||||
},
|
||||
{
|
||||
"description": "UPAS-Kit was advertised by auroras a/k/a vinny in middle of june 2012 via exploit.in. Upas is the predecessor of Kronos. Marcus Hutchins helped create and, in partnership with another, sell malicious computer code, a/k/a malware, known as UPAS-Kit.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://research.checkpoint.com/2018/deep-dive-upas-kit-vs-kronos/",
|
||||
"https://malware.dontneedcoffee.com/2012/08/inside-upas-kit1.0.1.1.html",
|
||||
"https://web.archive.org/web/20130120062602/http://onthar.in/articles/upas-kit-analysis/",
|
||||
"https://regmedia.co.uk/2019/04/19/plea.pdf"
|
||||
],
|
||||
"synonyms": [
|
||||
"Rombrast"
|
||||
]
|
||||
},
|
||||
"uuid": "099223a1-4a6e-4024-8e48-dbe199ec7244",
|
||||
"value": "UPAS-Kit"
|
||||
},
|
||||
{
|
||||
"description": "Proofpoint describes Phorpiex/Trik as a SDBot fork (thus IRC-based) that has been used to distribute GandCrab, Pushdo, Pony, and coinminers. The name Trik is derived from PDB strings.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://malpedia.caad.fkie.fraunhofer.de/details/win.phorpiex"
|
||||
],
|
||||
"synonyms": [
|
||||
"Trik"
|
||||
]
|
||||
},
|
||||
"uuid": "26339b2e-7d82-4844-a9f0-81b0dd85e37c",
|
||||
"value": "Phorpiex"
|
||||
},
|
||||
{
|
||||
"description": "First activity observed in October 2017. DDG is a botnet with P2P capability that is targeting crypto currency mining (Monero).",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://twitter.com/JiaYu_521/status/1204248344043778048",
|
||||
"https://blog.netlab.360.com/ddg-a-mining-botnet-aiming-at-database-servers/",
|
||||
"https://blog.netlab.360.com/ddg-botnet-round-x-is-there-an-ending/",
|
||||
"https://blog.netlab.360.com/threat-alert-ddg-3013-is-out/",
|
||||
"https://blog.netlab.360.com/old-botnets-never-die-and-ddg-refuse-to-fade-away/",
|
||||
"https://blog.netlab.360.com/ddg-mining-botnet-jin-qi-huo-dong-fen-xi/",
|
||||
"https://malpedia.caad.fkie.fraunhofer.de/details/elf.ddg"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "5c42585b-ea92-4fe2-8a79-bb47a3df67ad",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "25a745c8-0d2a-40e1-9bb2-3704d1bd49e3",
|
||||
"value": "DDG"
|
||||
},
|
||||
{
|
||||
"description": "A multi-component botnet targeting Windows Computer. Glupteba is known to steal user credentials and cookies, mine cryptocurrencies on infected hosts, deploy and operate proxy components targeting Windows systems and IoT devices. The botnet has been observed targeting victims worldwide, including the US, India, Brazil and Southeast Asia. The Glupteba malware family is primarily distributed through pay per install (PPI) networks and via traffic purchased from traffic distribution systems (TDS).",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://blog.google/threat-analysis-group/disrupting-glupteba-operation/"
|
||||
]
|
||||
},
|
||||
"uuid": "37c5d3ad-9057-4fcb-9fb3-4f7e5377a304",
|
||||
"value": "Glupteba"
|
||||
},
|
||||
{
|
||||
"description": "DDoS Botnet",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.virusbulletin.com/conference/vb2016/abstracts/elknot-ddos-botnets-we-watched",
|
||||
"https://www.virusbulletin.com/uploads/pdf/conference_slides/2016/Liu_Wang-vb-2016-TheElknotDDoSBotnetsWeWatched.pdf"
|
||||
],
|
||||
"synonyms": [
|
||||
"Linux/BillGates",
|
||||
"BillGates"
|
||||
]
|
||||
},
|
||||
"uuid": "98392af9-d4a4-4e63-aded-f802a0fa6ef7",
|
||||
"value": "Elknot"
|
||||
},
|
||||
{
|
||||
"description": "Advanced modular botnet that is reportedly linked to the Sandworm or Voodoo Bear advanced persistent threat (APT) group.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.trendmicro.com/en_us/research/22/c/cyclops-blink-sets-sights-on-asus-routers--.html",
|
||||
"https://www.cisa.gov/uscert/ncas/alerts/aa22-054a"
|
||||
]
|
||||
},
|
||||
"uuid": "b184c123-6d3e-4152-8c2e-72e3e61d2f5a",
|
||||
"value": "Cyclops Blink"
|
||||
},
|
||||
{
|
||||
"description": "Botnet",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://blog.netlab.360.com/abcbot_an_evolving_botnet_en"
|
||||
]
|
||||
},
|
||||
"uuid": "bcc60155-e824-4adb-a906-eec43c2d1ae8",
|
||||
"value": "Abcbot"
|
||||
},
|
||||
{
|
||||
"description": "Botnet",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://blog.netlab.360.com/some_details_of_the_ddos_attacks_targeting_ukraine_and_russia_in_recent_days"
|
||||
]
|
||||
},
|
||||
"uuid": "3e40c1af-51f5-4b02-b189-74567125c6e0",
|
||||
"value": "Ripprbot"
|
||||
},
|
||||
{
|
||||
"description": "In mid-March [2022], FortiGuard Labs observed a new DDoS botnet calling itself “Enemybot” and attributing itself to Keksec, a threat group that specializes in cryptomining and DDoS attacks.\n\nThis botnet is mainly derived from Gafgyt’s source code but has been observed to borrow several modules from Mirai’s original source code.\n\nIt uses several methods of obfuscation for its strings to hinder analysis and hide itself from other botnets. Furthermore, it connects to a command-and-control (C2) server that is hidden in the Tor network, making its takedown more complicated.\n\nEnemybot has been seen targeting routers from Seowon Intech, D-Link, and exploits a recently reported iRZ router vulnerability to infect more devices.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.securonix.com/blog/detecting-the-enemybot-botnet-advisory/",
|
||||
"https://malpedia.caad.fkie.fraunhofer.de/details/elf.enemybot",
|
||||
"https://www.fortinet.com/blog/threat-research/enemybot-a-look-into-keksecs-latest-ddos-botnet",
|
||||
"https://cybersecurity.att.com/blogs/labs-research/rapidly-evolving-iot-malware-enemybot-now-targeting-content-management-system-servers"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "262d18be-7cab-46c2-bcb0-47fff17604aa",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "fcdfd4af-da35-49a8-9610-19be8a487185",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "variant-of"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "40795af6-b721-11e8-9fcb-570c0b384135",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "variant-of"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "e878d24d-f122-48c4-930c-f6b6d5f0ee28",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "variant-of"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "421a3805-7741-4315-82c2-6c9aa30d0953",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "variant-of"
|
||||
}
|
||||
],
|
||||
"uuid": "a5a067c9-c4d7-4f33-8e6f-01b903f89908",
|
||||
"value": "EnemyBot"
|
||||
},
|
||||
{
|
||||
"description": "Discovered in 2008 and under constant development, with gaps in operational use in the wild; operators are occasionally known as GOLD LAGOON. Banking Trojan, steals financial data, browser information/hooks, keystrokes, credentials; described by CheckPoint as a “Swiss Army knife”. Known to leverage many other tools; for example, PowerShell and Mimikatz are used for self-propagation. Attempts obfuscation via legitimate process injection. Known to serve as a dropper for ProLock ransomware. Infection vectors are common, with malspam as the most frequent. Active in 2020 – two big campaigns, one from March to June, second Starting in July and ongoing, as part of latest Emotet campaign. Newer version appeared in August.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.cisa.gov/sites/default/files/publications/202010221030_QakBot%20TLPWHITE.pdf",
|
||||
"https://www.trendmicro.com/en_us/research/22/f/black-basta-ransomware-operators-expand-their-attack-arsenal-wit.html",
|
||||
"https://www.cynet.com/blog/orion-threat-alert-qakbot-ttps-arsenal-and-the-black-basta-ransomware/"
|
||||
],
|
||||
"synonyms": [
|
||||
"QakBot",
|
||||
"Pinkslipbot"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "c4417bfb-717f-48d9-bd56-bc9e85d07c19",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "dropped"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "9db5f425-fe49-4137-8598-840e7290ed0f",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "used-by"
|
||||
}
|
||||
],
|
||||
"uuid": "421a3805-7741-4315-82c2-6c9aa30d0953",
|
||||
"value": "Qbot"
|
||||
},
|
||||
{
|
||||
"description": "This malware is characterized by alternative DNS connections and connects to several *.lib domains using custom DNS servers.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.lacework.com/blog/kinsing-dark-iot-botnet-among-threats-targeting-cve-2022-26134/"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "fcdfd4af-da35-49a8-9610-19be8a487185",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "variant-of"
|
||||
}
|
||||
],
|
||||
"uuid": "505c6a54-a701-4a4b-85d4-0f2038b7b46a",
|
||||
"value": "Dark.IoT"
|
||||
},
|
||||
{
|
||||
"description": "Akamai Security Research has observed a new golang malware which they named KmsdBot. The malware scans for open SSH ports and performs a simple dictionary attack against it. The researchers from Akamai monitored only DDoS activity, but discovered also the functionality to launch cryptomining. The malware has varied targets including the gaming industry, technology industry, and luxury car manufacturers.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.akamai.com/blog/security-research/kmdsbot-the-attack-and-mine-malware"
|
||||
]
|
||||
},
|
||||
"uuid": "b6919400-9b16-48ae-8379-fab26a506e32",
|
||||
"value": "KmsdBot"
|
||||
},
|
||||
{
|
||||
"description": "Akamai researchers on the Security Intelligence Response Team (SIRT) have discovered a new Go-based, DDoS-focused botnet. The malware appears to have been named “Hinata” by the malware author after a character from the popular anime series, Naruto. We are calling it “HinataBot.” Looks like an attempt to rewrite Mirai in Go. The threat actors behind HinataBot originally distributed Mirai binaries.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.akamai.com/blog/security-research/hinatabot-uncovering-new-golang-ddos-botnet",
|
||||
"https://malpedia.caad.fkie.fraunhofer.de/details/elf.hinata_bot"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "fcdfd4af-da35-49a8-9610-19be8a487185",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "040f2e89-b8be-4150-9426-c30f75e858a2",
|
||||
"value": "HinataBot"
|
||||
},
|
||||
{
|
||||
"description": "3ve, pronounced as “Eve”, was a botnet that was halted in late 2018. 3ve utilized the malware packages Boaxxe and Kovter to infect a network of PCs. They were spread through emails and fake downloads, and once infected, the bots would generate fake clicks on online advertisements. The clicks would be used on fake websites, which hosted ads and then absorbed the ad revenue from the false impressions. Bots were able to mimic desktop and mobile traffic in order to evade detection, and went through several evolutions of tactics to grow over time. At its peak, the botnet controlled more than one million residential and corporate IP-addresses, largely within Europe and North America.",
|
||||
"meta": {
|
||||
"date": "2018",
|
||||
"refs": [
|
||||
"https://en.wikipedia.org/wiki/3ve"
|
||||
]
|
||||
},
|
||||
"uuid": "43db3e92-8c98-11ee-b9d1-0242ac120002",
|
||||
"value": "3ve"
|
||||
},
|
||||
{
|
||||
"description": "7777-Botnet has been observed brute forcing Microsoft Azure instances via Microsoft Azure PowerShell bruteforcing. The botnet has a unique pattern of opening port 7777 on infected devices, returning an “xlogin:” message. The botnet has been used for low-volume attacks against targets of all industry sectors at a global scale, almost exclusively targeting C-Level employee logins. Due to the very low volume of around 2–3 login requests per week, the botnet is able to evade most security solutions. ",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://gi7w0rm.medium.com/the-curious-case-of-the-7777-botnet-86e3464c3ffd"
|
||||
]
|
||||
},
|
||||
"uuid": "9b3699d1-00bf-4f37-8e67-c4548b5c829a",
|
||||
"value": "7777-Botnet"
|
||||
},
|
||||
{
|
||||
"description": "Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called tasks) for all or specifically targeted computers compromised by the malware.",
|
||||
"meta": {
|
||||
"date": "October 2018",
|
||||
"refs": [
|
||||
"https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey"
|
||||
]
|
||||
},
|
||||
"uuid": "063e95fc-8c98-11ee-b9d1-0242ac120002",
|
||||
"value": "Amadey"
|
||||
},
|
||||
{
|
||||
"description": "AndroidBauts botnet is a network of infected Android devices that are used for promoting advertisements to users online. At one point, the number of infected devices was more than 550,000. The creators of the AndroidBauts botnet are able to gather data regarding the compromised devices - both software and hardware.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.bsi.bund.de/EN/Themen/Verbraucherinnen-und-Verbraucher/Cyber-Sicherheitslage/Methoden-der-Cyber-Kriminalitaet/Botnetze/Steckbriefe-aktueller-Botnetze/Steckbriefe/Bauts/AndroidBauts.html"
|
||||
]
|
||||
},
|
||||
"uuid": "a9e34144-8c98-11ee-b9d1-0242ac120002",
|
||||
"value": "AndroidBauts"
|
||||
},
|
||||
{
|
||||
"description": "Andromeda botnet, also known as Gamarue or Wauchos, was first introduced to the public in 2011. During this time it was used to distribute large quantities of malware. According to Microsoft the Andromeda botnet was used to spread more than 80 malware families including ransomware, worms, and more. Andromeda is a modular malware, meaning additional components can be purchased to provide extra functionality.",
|
||||
"meta": {
|
||||
"date": "2011",
|
||||
"refs": [
|
||||
"https://blogs.blackberry.com/en/2020/05/threat-spotlight-andromeda",
|
||||
"https://en.wikipedia.org/wiki/Andromeda_(trojan)"
|
||||
],
|
||||
"synonyms": [
|
||||
"Gamarue",
|
||||
"Wauchos"
|
||||
]
|
||||
},
|
||||
"uuid": "520d2484-8c99-11ee-b9d1-0242ac120002",
|
||||
"value": "Andromeda"
|
||||
},
|
||||
{
|
||||
"description": "ArrkiiSDK is potentially unwanted application (PUA) for Android devices. Its functions include unauthorised user tracking, ad fraud and the silent installation of additional applications without the user's permission. ArrkiiSDK relies on the user actively installing an infected application, which is normally hidden within another software package that appears completely harmless.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.bsi.bund.de/EN/Themen/Verbraucherinnen-und-Verbraucher/Cyber-Sicherheitslage/Methoden-der-Cyber-Kriminalitaet/Botnetze/Steckbriefe-aktueller-Botnetze/steckbriefe-aktueller-botnetze.html"
|
||||
]
|
||||
},
|
||||
"uuid": "b3fdb226-8c99-11ee-b9d1-0242ac120002",
|
||||
"value": "ArrkiiSDK"
|
||||
},
|
||||
{
|
||||
"description": "Avalanche refers to a large global network hosting infrastructure used by cyber criminals to conduct phishing and malware distribution campaigns and money mule schemes. is a set of computer programs to conduct a DDoS attack. It is believed that trinoo networks have been set up on thousands of systems on the Internet that have been compromised by remote buffer overrun exploits. Cyber criminals utilized Avalanche botnet infrastructure to host and distribute a variety of malware variants to victims, including the targeting of over 40 major financial institutions. Victims may have had their sensitive personal information stolen (e.g., user account credentials). Victims’ compromised systems may also have been used to conduct other malicious activity, such as launching denial-of-service (DoS) attacks or distributing malware variants to other victims’ computers. In addition, Avalanche infrastructure was used to run money mule schemes where criminals recruited people to commit fraud involving transporting and laundering stolen money or merchandise. Avalanche used fast-flux DNS, a technique to hide the criminal servers, behind a constantly changing network of compromised systems acting as proxies.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.cisa.gov/news-events/alerts/2016/12/01/avalanche-crimeware-service-infrastructure"
|
||||
]
|
||||
},
|
||||
"uuid": "da635b2e-22f3-4374-8fca-67c4bd3cb978",
|
||||
"value": "Avalanche"
|
||||
},
|
||||
{
|
||||
"description": "Bayrob evolved from a backdoor trojan used for fraud into a cryptocurrency miner. Symantec discovered multiple versions of Bayrob malware, and witnessed Bayrob as it morphed from online fraud to a 300,000+ botnet for cryptocurrency mining.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.bleepingcomputer.com/news/security/bayrob-malware-gang-had-elite-tactics-but-they-still-got-caught-anyway/",
|
||||
"https://community.broadcom.com/symantecenterprise/viewdocument/bayrob-three-suspects-extradited-t?CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments"
|
||||
]
|
||||
},
|
||||
"uuid": "693e1ce8-8c9a-11ee-b9d1-0242ac120002",
|
||||
"value": "Bayrob"
|
||||
},
|
||||
{
|
||||
"description": "Bedep has been mostly observed in ad-fraud campaigns, although it can also generally load modules for different tasks. It was dropped by the Angler Exploit Kit.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://malpedia.caad.fkie.fraunhofer.de/details/win.bedep"
|
||||
]
|
||||
},
|
||||
"uuid": "b97f3868-8c9a-11ee-b9d1-0242ac120002",
|
||||
"value": "Bedep"
|
||||
},
|
||||
{
|
||||
"description": "Bolek is a malware from the Kbot/Carberp family. It is being subject to frequent updates and has malicious capabilities which include self-spreading through USB and network shares, TOR network access, screen captures and web injects, and uses asymmetric cryptography to secure network communications.",
|
||||
"meta": {
|
||||
"date": "May 2016",
|
||||
"refs": [
|
||||
"https://www.bitsight.com/blog/bolek-an-evolving-botnet-targets-poland-and-ukraine"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "0cac5b2b-a06d-40c1-b192-159148dd0132",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "79f62503-b947-40fe-91f3-4a5d567df3c6",
|
||||
"value": "Bolek"
|
||||
},
|
||||
{
|
||||
"description": "The Carna botnet was a botnet of 420,000 devices created by an anonymous hacker to measure the extent of the Internet. The data was collected by infiltrating Internet devices, especially routers, that used a default password or no password at all.",
|
||||
"meta": {
|
||||
"date": "2012",
|
||||
"refs": [
|
||||
"https://en.wikipedia.org/wiki/Carna_botnet"
|
||||
]
|
||||
},
|
||||
"uuid": "152cdb68-8ca3-11ee-b9d1-0242ac120002",
|
||||
"value": "Carna"
|
||||
},
|
||||
{
|
||||
"description": "Code Shikara is a computer worm, related to the Dorkbot family, that attacks through social engineering and capable of spying on users' browsing activities, meanwhile stealing their personal online/offline information and/or credentials.",
|
||||
"meta": {
|
||||
"date": "2011",
|
||||
"refs": [
|
||||
"https://en.wikipedia.org/wiki/Code_Shikara"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "93e26758-6848-4e53-ae92-a4dc9804c2f2",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "variant-of"
|
||||
}
|
||||
],
|
||||
"uuid": "8b21d8e6-8ca3-11ee-b9d1-0242ac120002",
|
||||
"value": "Code Shikara"
|
||||
},
|
||||
{
|
||||
"description": "DDoS-as-a-service botnet calling itself Condi. This malware employs several techniques to keep itself running in an infected system. At the same time, it also prevents infections from other botnets by attempting to terminate their processes. Typical to Mirai-based botnets, this malware cannot survive a system reboot.",
|
||||
"meta": {
|
||||
"date": "2023",
|
||||
"refs": [
|
||||
"https://www.fortinet.com/blog/threat-research/condi-ddos-botnet-spreads-via-tp-links-cve-2023-1389"
|
||||
]
|
||||
},
|
||||
"uuid": "0913ea8c-8ca4-11ee-b9d1-0242ac120002",
|
||||
"value": "Condi"
|
||||
},
|
||||
{
|
||||
"description": "Cooee is a trojan pre-installed on some Phillips smartphones that displays annoying advertisements and downloads and installs different software without user knowledge.",
|
||||
"meta": {
|
||||
"date": "2016",
|
||||
"refs": [
|
||||
"https://news.softpedia.com/news/trojan-found-preinstalled-on-the-firmware-of-some-phillips-s307-android-smartphones-499177.shtml"
|
||||
]
|
||||
},
|
||||
"uuid": "cbad44ed-b4d0-42c9-acfc-ee58ff85da99",
|
||||
"value": "Cooee"
|
||||
},
|
||||
{
|
||||
"description": "Coreflood is a trojan horse and botnet created by a group of Russian hackers and released in 2010. The FBI included on its list of infected systems approximately 17 state or local government agencies, including one police department; three airports; two defense contractors; five banks or financial institutions; approximately 30 colleges or universities; approximately 20 hospital or health care companies; and hundreds of businesses. It is present on more than 2.3 million computers worldwide and as of May 2011 remains a threat.",
|
||||
"meta": {
|
||||
"date": "2010",
|
||||
"refs": [
|
||||
"https://en.wikipedia.org/wiki/Coreflood"
|
||||
]
|
||||
},
|
||||
"uuid": "4f24b1dd-01a0-43cf-a0bb-eb2d70f727c1",
|
||||
"value": "Coreflood"
|
||||
},
|
||||
{
|
||||
"description": "In 2021 Crackonosh has been found in 222,000 compromised computers that were used to download illegal, torrented versions of popular video games. Crackonosh successfully operated for years because it had built-in mechanisms to disable security software and updates, which made it difficult for users to detect and remove the program. The malware is thought to have originated in the Czech Republic, but it had a global reach.",
|
||||
"meta": {
|
||||
"date": "2010",
|
||||
"refs": [
|
||||
"https://finance.yahoo.com/news/monero-mining-malware-crackonosh-infected-192448133.html"
|
||||
]
|
||||
},
|
||||
"uuid": "4ccad4ee-3bff-41ac-8d05-0d5acbaaefbe",
|
||||
"value": "Crackonosh"
|
||||
},
|
||||
{
|
||||
"description": "FluBot is a remote control and info stealer malware. It has abilities to read and send SMS message, delete app, and execute arbitrary commands. It is often distributed through SMS messages. PRODAFT describes FluBot as a banking malware which originally targeted Spain. Since the first quarter of 2021 it has been targeting many other European countries as well as Japan. It uses a DGA for it's C&C and relies on both DNS and DNS-over-HTTPS for name resolution. Despite arrests of multiple people suspected of involvement with this malware in March of 2021, the campaign has only intensified since.",
|
||||
"meta": {
|
||||
"date": "2021",
|
||||
"refs": [
|
||||
"https://malpedia.caad.fkie.fraunhofer.de/details/apk.flubot"
|
||||
],
|
||||
"synonyms": [
|
||||
"Cabassous",
|
||||
"FakeChat"
|
||||
]
|
||||
},
|
||||
"uuid": "4fc7daf0-c88f-4bbd-bf3c-7189ca1fdc69",
|
||||
"value": "FluBot"
|
||||
},
|
||||
{
|
||||
"description": "FritzFrog is a decentralized botnet that uses P2P protocols to distribute control over all of its nodes, thereby avoiding having one controller or single point of failure.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://en.wikipedia.org/wiki/FritzFrog"
|
||||
]
|
||||
},
|
||||
"uuid": "fc903c58-145a-4b68-98e6-3f496c5c1a19",
|
||||
"value": "FritzFrog"
|
||||
},
|
||||
{
|
||||
"description": "Gootkit is a trojan that steals confidential information and allows criminals to take control of infected systems remotely. Gootkit can also be used to install additional malware, such as Emotet. This botnet is a type of malware bot that may perform many malicious tasks, such as downloading and executing additional malware, receiving commands from a control server and relaying specific information and telemetry back to the control server, updating or deleting itself, stealing login and password information, logging keystrokes, participating in a Distributed Denial of Service (DDoS) attack, or locking and encrypting the contents of your computer and demanding payment for its safe return.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.fortiguard.com/encyclopedia/botnet/7630462"
|
||||
]
|
||||
},
|
||||
"uuid": "410685be-999d-472e-8fd9-15366b6031a1",
|
||||
"value": "Gootkit"
|
||||
},
|
||||
{
|
||||
"description": "The Great Cannon of China is an Internet attack tool that is used by the Chinese government to launch distributed denial-of-service attacks on websites by performing a man-in-the-middle attack on large amounts of web traffic and injecting code which causes the end-user's web browsers to flood traffic to targeted websites.[1] According to the researchers at the Citizen Lab, the International Computer Science Institute, and Princeton University's Center for Information Technology Policy, who coined the term, the Great Cannon hijacks foreign web traffic intended for Chinese websites and re-purposes them to flood targeted web servers with enormous amounts of traffic in an attempt to disrupt their operations.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://en.wikipedia.org/wiki/Great_Cannon"
|
||||
]
|
||||
},
|
||||
"uuid": "b56c8516-1f1c-42f6-8b89-37d90f50eb35",
|
||||
"value": "Great Cannon"
|
||||
},
|
||||
{
|
||||
"description": "The Hail Mary Cloud was, or is, a password guessing botnet, which used a statistical equivalent to brute force password guessing. The botnet ran from possibly as early as 2005, and certainly from 2007 until 2012 and possibly later. The botnet was named and documented by Peter N. M. Hansteen. The principle is that a botnet can try several thousands of more likely passwords against thousands of hosts, rather than millions of passwords against one host. Since the attacks were widely distributed, the frequency on a given server was low and was unlikely to trigger alarms. Moreover, the attacks come from different members of the botnet, thus decreasing the effectiveness of both IP based detection and blocking.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://en.wikipedia.org/wiki/Hail_Mary_Cloud"
|
||||
]
|
||||
},
|
||||
"uuid": "5ae51675-518d-4e16-b339-2b029f5055e0",
|
||||
"value": "Hail Mary Cloud"
|
||||
},
|
||||
{
|
||||
"description": "Joker is a trojan that is included in several unsuspecting apps that have been offered via the Google Play Store, among others. The malware silently interacts with ad networks to perform clicks on ad banners and subscribe to paid premium services. To do this, Joker is able to read SMS messages, contact lists and device information from the victim system. It collects data from infected systems, intercepts sensitive communications and transmits the information to a remote attacker.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.bsi.bund.de/EN/Themen/Verbraucherinnen-und-Verbraucher/Cyber-Sicherheitslage/Methoden-der-Cyber-Kriminalitaet/Botnetze/Steckbriefe-aktueller-Botnetze/Steckbriefe/Joker/Joker.html"
|
||||
]
|
||||
},
|
||||
"uuid": "879bbd30-4f89-4dcb-a225-ecfed25a552f",
|
||||
"value": "Joker"
|
||||
},
|
||||
{
|
||||
"description": "KBOT penetrates users’ computers via the Internet or a local network, or from infected external media. After the infected file is launched, the malware gains a foothold in the system, writing itself to Startup and the Task Scheduler, and then deploys web injects to try to steal the victim’s bank and personal data. For the same purpose, KBOT can download additional stealer modules that harvest and send to the C&C server almost full information about the user: passwords/logins, cryptowallet data, lists of files and installed applications, and so on.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://securelist.com/kbot-sometimes-they-come-back/96157/",
|
||||
"https://cofense.com/blog/bolek-leaked-carberp-kbot-source-code-complicit-new-phishing-campaigns/"
|
||||
]
|
||||
},
|
||||
"uuid": "0cac5b2b-a06d-40c1-b192-159148dd0132",
|
||||
"value": "KBOT"
|
||||
},
|
||||
{
|
||||
"description": "Linux.Darlloz is a worm which infects Linux embedded systems. Linux.Darlloz was first discovered by Symantec in 2013.[3] Linux.Darlloz targets the Internet of things and infects routers, security cameras, set-top boxes by exploiting a PHP vulnerability. The worm was based on a Proof of concept code that was released in October 2013. inux.Darlloz utilizes vulnerability (CVE-2012-1823) to exploit systems in order to compromise systems. Linux.Darlloz was later found in March 2014 to have started mining crypto currencies such as Mincoin and Dogecoin. Linux.Aidra, the malware that Linux.Darlloz attempts usurp - like some of the variants of Darlloz, Linux.Aidra targets smaller devices, specifically cable and DSL modems. The worm adds them to a botnet, which can be utilized by the attackers to perform DDoS attacks.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://en.wikipedia.org/wiki/Linux.Darlloz",
|
||||
"https://www.wired.com/2014/01/spime-watch-linux-darlloz-internet-things-worm/"
|
||||
]
|
||||
},
|
||||
"uuid": "3bc577c9-2081-4d13-a77d-91497439e634",
|
||||
"value": "Linux.Darlloz"
|
||||
},
|
||||
{
|
||||
"description": "Marcher is a banking trojan for Android devices. Researchers at Dutch security firm Securify have conducted a detailed analysis of the Android banking Trojan known as Marcher and discovered that a single botnet has managed to steal a significant number of payment cards. Securify has identified nine Marcher botnets over the last 6 months, and each of them has been provided with new modules and targeted web injects by the Trojan’s creators.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.bsi.bund.de/EN/Themen/Verbraucherinnen-und-Verbraucher/Cyber-Sicherheitslage/Methoden-der-Cyber-Kriminalitaet/Botnetze/Steckbriefe-aktueller-Botnetze/steckbriefe-aktueller-botnetze.html",
|
||||
"https://www.securityweek.com/thousands-android-devices-infected-marcher-trojan/"
|
||||
]
|
||||
},
|
||||
"uuid": "3b27313a-3122-4f7e-970e-4dc50f90526d",
|
||||
"value": "Marcher"
|
||||
},
|
||||
{
|
||||
"description": "Matsnu is a malware downloader. The malware downloaded may include the banking trojans Citadel and URLZone/Bebloh. Matsnu can also be expanded with additional functions using plug-ins. One of these plug-ins is designed to capture access data for e-mail accounts and FTP programs and pass this information to the operator of the malware.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.bsi.bund.de/EN/Themen/Verbraucherinnen-und-Verbraucher/Cyber-Sicherheitslage/Methoden-der-Cyber-Kriminalitaet/Botnetze/Steckbriefe-aktueller-Botnetze/steckbriefe-aktueller-botnetze.html",
|
||||
"https://threatpost.com/matsnu-botnet-dga-discovers-power-of-words/109426/"
|
||||
]
|
||||
},
|
||||
"uuid": "f69bc11f-871b-49c6-a2d9-66ac6a4a8ea6",
|
||||
"value": "Matsnu"
|
||||
},
|
||||
{
|
||||
"description": "Methbot was an advertising fraud scheme. Methbot was first tracked in 2015 by cybersecurity firm White Ops, and the botnet saw rapidly increased activity in 2016. The botnet originated in Russia (though it was not state sponsored), and utilized foreign computers and networks in Europe and North America. The infrastructure consisted of 571,904 dedicated IPs, 6,000 domains, and 250,267 distinct URLs, each of which could only house a video ad, and used variants of the names of famous publishers to fool those looking into the domains. This led the operators to game the system, leading ad selection algorithms to select these fake web pages over larger corporate pages from legitimate companies, and charge advertisers at a premium. About 570,000 bots were used to execute clicks on those websites, “watching” up to 300 million video ads a day while the bots mimicked normal computer user behavior. Estimated clicks per day generally reached between 200 and 300 million per day. The botnet relied on data servers instead of more traditional botnets that rely on infected PCs and mobile devices.",
|
||||
"meta": {
|
||||
"date": "2015",
|
||||
"refs": [
|
||||
"https://en.wikipedia.org/wiki/Methbot"
|
||||
]
|
||||
},
|
||||
"uuid": "24341069-4a99-4da7-b89c-230a788bb9d6",
|
||||
"value": "Methbot"
|
||||
},
|
||||
{
|
||||
"description": "The Metulji botnet, discovered in June 2011, is a botnet mainly involved in cyberscamming and denial of service attacks. Before the botnet itself was dismantled, it consisted of over 12 million individual zombie computers infected with the Butterfly Bot, making it, as of June 2011, the largest known botnet. It is not known what type of computers are vulnerable, or how to tell if a computer is a part of this botnet.",
|
||||
"meta": {
|
||||
"date": "2011",
|
||||
"refs": [
|
||||
"https://en.wikipedia.org/wiki/Metulji_botnet"
|
||||
]
|
||||
},
|
||||
"uuid": "e3727560-aa99-47fb-8639-8bcf9c722168",
|
||||
"value": "Metulji"
|
||||
},
|
||||
{
|
||||
"description": "The Mevade Botnet, also known as Sefnit or SBC, is a massive botnet. Its operators are unknown and its motives seems to be multi-purpose. In late 2013 the Tor anonymity network saw a very sudden and significant increase in users, from 800,000 daily to more than 5,000,000. A botnet was suspected and fingers pointed at Mevade. Trend Micro reported that its Smart Protection Network saw a tor module being distributed to Mevade Trojans.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://en.wikipedia.org/wiki/Mevade_Botnet"
|
||||
],
|
||||
"synonyms": [
|
||||
"Sefnit",
|
||||
"SBC"
|
||||
]
|
||||
},
|
||||
"uuid": "9531f3c0-edb4-4bc9-9b4a-5b55d482b235",
|
||||
"value": "Mevade"
|
||||
},
|
||||
{
|
||||
"description": "MobiDash is a piece of adware for Android devices. The user is shown advertisements without their consent. Mobidash can also make calls in the background.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.bsi.bund.de/EN/Themen/Verbraucherinnen-und-Verbraucher/Cyber-Sicherheitslage/Methoden-der-Cyber-Kriminalitaet/Botnetze/Steckbriefe-aktueller-Botnetze/steckbriefe-aktueller-botnetze.html"
|
||||
]
|
||||
},
|
||||
"uuid": "8b1df851-125e-41dc-b91d-96b7d78825ca",
|
||||
"value": "MobiDash"
|
||||
},
|
||||
{
|
||||
"description": "Mutabaha is a Trojan for Windows devices. Outfire, a Chromium-based browser, is downloaded and installed. This pretends to be the version of the Google Chrome browser. Mutabaha is able to drain data and manipulate advertisements. Mutabaha is downloaded and installed by another malware. As a rule, this dropper is removed after the malware has been installed, making it almost impossible to trace the infection.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.bsi.bund.de/EN/Themen/Verbraucherinnen-und-Verbraucher/Cyber-Sicherheitslage/Methoden-der-Cyber-Kriminalitaet/Botnetze/Steckbriefe-aktueller-Botnetze/steckbriefe-aktueller-botnetze.html"
|
||||
]
|
||||
},
|
||||
"uuid": "ee68d82a-c0c1-472a-a14b-127c4f811161",
|
||||
"value": "Mutabaha"
|
||||
},
|
||||
{
|
||||
"description": "MyDoom is a malicious program that opens a backdoor to the infected device. Through this backdoor the attacker can gain access to the system and carry out further actions. The attack possibilities are diverse and range from information theft to the reloading of additional malware. MyDoom adds infected computers to a botnet and then carries out distributed denial of service (DDoS) attacks. When the worm takes control over the victim’s OS, it then opens various ports and provides a backdoor to invite even more malware in.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.bsi.bund.de/EN/Themen/Verbraucherinnen-und-Verbraucher/Cyber-Sicherheitslage/Methoden-der-Cyber-Kriminalitaet/Botnetze/Steckbriefe-aktueller-Botnetze/steckbriefe-aktueller-botnetze.html",
|
||||
"https://nordvpn.com/blog/mydoom-virus/"
|
||||
]
|
||||
},
|
||||
"uuid": "51f0388c-6984-40ac-9cbc-15c5f8685005",
|
||||
"value": "MyDoom"
|
||||
},
|
||||
{
|
||||
"description": "The Necurs botnet is a distributor of many pieces of malware, most notably Locky. Around June 1, 2016, the botnet went offline, perhaps due to a glitch in the command and control server running Necurs. However, three weeks later, Jon French from AppRiver discovered a spike in spam emails, signifying either a temporary spike in the botnet's activity or return to its normal pre-June 1 state. In a 2020 report, it was noted to have particularly targeted India, Southeast Asia, Turkey and Mexico.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://en.wikipedia.org/wiki/Necurs_botnet"
|
||||
]
|
||||
},
|
||||
"uuid": "92e12541-a834-49e6-857e-d36847551a3c",
|
||||
"value": "Necurs"
|
||||
},
|
||||
{
|
||||
"description": "The Nitol botnet mostly involved in spreading malware and distributed denial-of-service attacks. The Nitol Botnet was first discovered around December 2012, with analysis of the botnet indicating that the botnet is mostly prevalent in China where an estimate 85% of the infections are detected. In China the botnet was found to be present on systems that came brand-new from the factory, indicating the trojan was installed somewhere during the assembly and manufacturing process. According to Microsoft the systems at risk also contained a counterfeit installation of Microsoft Windows. On 10 September 2012 Microsoft took action against the Nitol Botnet by obtaining a court order and subsequently sinkholing the 3322.org domain. The 3322.org domain is a Dynamic DNS which was used by the botnet creators as a command and control infrastructure for controlling their botnet. Microsoft later settled with 3322.org operator Pen Yong, which allowed the latter to continue operating the domain on the condition that any subdomains linked to malware remain sinkholed.",
|
||||
"meta": {
|
||||
"date": "2012",
|
||||
"refs": [
|
||||
"https://en.wikipedia.org/wiki/Nitol_botnet"
|
||||
]
|
||||
},
|
||||
"uuid": "ff0e33a7-0c68-4c53-bfc2-8d22eca09748",
|
||||
"value": "Nitol"
|
||||
},
|
||||
{
|
||||
"description": "Nymaim was discovered in 2013. At that time it was only a dropper used to distribute TorrentLocker. In February 2016 it became popular again after incorporating leaked ISFB code, dubbed Goznym. When dropper obtains C&C address, it starts real communication. It downloads two important binaries and a lot more: payload – banker module (responsible for web injects – passive member of botnet); optional bot module (it is trying to open ports on a router and become an active part of a botnet. When it fails to do so, it removes itself from a system).",
|
||||
"meta": {
|
||||
"date": "2013",
|
||||
"refs": [
|
||||
"https://cert.pl/en/posts/2017/01/nymaim-revisited/"
|
||||
]
|
||||
},
|
||||
"uuid": "629cae99-a671-4162-a080-b971de54d7a1",
|
||||
"value": "Nymaim"
|
||||
},
|
||||
{
|
||||
"description": "PBot is a P2P botnet derived from the Mirai source code. PBot performs MITB (man-in-the-browser) attacks and injects various scripts into legitimate websites. Its capabilities may go beyond simple injections of ads, depending on the intentions of its distributors.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.malwarebytes.com/blog/news/2018/04/pbot-python-based-adware",
|
||||
"https://malpedia.caad.fkie.fraunhofer.de/details/elf.pbot",
|
||||
"https://www.bitdefender.com/blog/businessinsights/ddos-attacks-increase-28-as-pbot-authors-use-decades-old-php-code/"
|
||||
],
|
||||
"synonyms": [
|
||||
"PythonBot"
|
||||
]
|
||||
},
|
||||
"uuid": "d7047c78-1ace-4e53-93c9-a867996914ef",
|
||||
"value": "PBot"
|
||||
},
|
||||
{
|
||||
"description": "Pirrit is a potentially unwanted application (PUA) for Windows and MacOS devices. It displays additional pop-ups and advertisements when the device is used. Pirrit downloads other malicious programs from a server and runs these programs; it can also manipulate system files.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.bsi.bund.de/EN/Themen/Verbraucherinnen-und-Verbraucher/Cyber-Sicherheitslage/Methoden-der-Cyber-Kriminalitaet/Botnetze/Steckbriefe-aktueller-Botnetze/steckbriefe-aktueller-botnetze.html"
|
||||
]
|
||||
},
|
||||
"uuid": "42fc0e31-60c0-4a7d-8ad8-1121bb65c629",
|
||||
"value": "Pirrit"
|
||||
},
|
||||
{
|
||||
"description": "Pitou is a trojan for Windows devices. Its functions are to steal passwords and collect various pieces of information about the mobile phone, such as its location and contacts.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.bsi.bund.de/EN/Themen/Verbraucherinnen-und-Verbraucher/Cyber-Sicherheitslage/Methoden-der-Cyber-Kriminalitaet/Botnetze/Steckbriefe-aktueller-Botnetze/steckbriefe-aktueller-botnetze.html"
|
||||
]
|
||||
},
|
||||
"uuid": "76ed7f49-6f18-4e86-a429-7aab82468ef6",
|
||||
"value": "Pitou"
|
||||
},
|
||||
{
|
||||
"description": "Prometei is a cryptocurrency-mining botnet. Despite their activities being visible in logs, some botnets successfully fly under detection teams' radar, possibly due to their small size or constant development on the adversary's part. Prometei is just one of these types of networks that focuses on Monero mining.",
|
||||
"meta": {
|
||||
"date": "2020",
|
||||
"refs": [
|
||||
"https://blog.talosintelligence.com/prometei-botnet-and-its-quest-for-monero/"
|
||||
]
|
||||
},
|
||||
"uuid": "64d360dd-a48f-4b85-98ea-b2b5dcf81898",
|
||||
"value": "Prometei"
|
||||
},
|
||||
{
|
||||
"description": "PrizeRAT is a trojan for Android devices. Its functions include unauthorised user tracking, stealing passwords and the silent installation of additional applications without the user's permission. As the malware is part of the firmware of the device, it is not generally recognised by anti-virus solutions for Android. The risk affects a limited group of mobile end devices made by Chinese manufacturers for the low-price segment.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.bsi.bund.de/EN/Themen/Verbraucherinnen-und-Verbraucher/Cyber-Sicherheitslage/Methoden-der-Cyber-Kriminalitaet/Botnetze/Steckbriefe-aktueller-Botnetze/steckbriefe-aktueller-botnetze.html"
|
||||
]
|
||||
},
|
||||
"uuid": "440889c8-4986-4568-8fe4-f560d0d28cd7",
|
||||
"value": "PrizeRAT"
|
||||
},
|
||||
{
|
||||
"description": "Pushlran is a potentially unwanted application (PUA) for Android devices. It displays additional pop-ups and advertisements when the device is used. The app collects data from infected systems, intercepts sensitive communication and passes this information to a remote attacker.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.bsi.bund.de/EN/Themen/Verbraucherinnen-und-Verbraucher/Cyber-Sicherheitslage/Methoden-der-Cyber-Kriminalitaet/Botnetze/Steckbriefe-aktueller-Botnetze/steckbriefe-aktueller-botnetze.html"
|
||||
]
|
||||
},
|
||||
"uuid": "ef861a3e-b81c-43ea-8fad-03633219302f",
|
||||
"value": "Pushlran"
|
||||
},
|
||||
{
|
||||
"description": "Pykspa is a piece of malware that can be used to remotely control infected systems. It also enables attackers to download other malware or extract personal data. There are a number of versions of this malware and it has been developed over a long period of time. Some of the most recent versions of Pykspa are able to deactivate security systems such as anti-virus programs.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.bsi.bund.de/EN/Themen/Verbraucherinnen-und-Verbraucher/Cyber-Sicherheitslage/Methoden-der-Cyber-Kriminalitaet/Botnetze/Steckbriefe-aktueller-Botnetze/steckbriefe-aktueller-botnetze.html"
|
||||
]
|
||||
},
|
||||
"uuid": "c49b614b-c158-42e4-91e5-c96c7573b510",
|
||||
"value": "Pykspa"
|
||||
},
|
||||
{
|
||||
"description": "Qsnatch is a trojan for Linux devices that primarily attacks network drives manufactured by QNAP. Its functions include stealing access data and opening backdoors to infected devices. Through this backdoor, the attacker can gain access to the system and perform other actions. The malware is capable of a wide range of attack types, from information theft to downloading other malware.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.bsi.bund.de/EN/Themen/Verbraucherinnen-und-Verbraucher/Cyber-Sicherheitslage/Methoden-der-Cyber-Kriminalitaet/Botnetze/Steckbriefe-aktueller-Botnetze/steckbriefe-aktueller-botnetze.html"
|
||||
]
|
||||
},
|
||||
"uuid": "513ec176-3772-40be-be88-3bcd08382f54",
|
||||
"value": "Qsnatch"
|
||||
},
|
||||
{
|
||||
"description": "Remaiten is malware which infects Linux on embedded systems by brute forcing using frequently used default username and passwords combinations from a list in order to infect a system. Remaiten combines the features of the Tsunami and LizardStresser (aka Torlus) malware families. The command and control for Remaiten are handled by IRC communications. Additionally the command and control is done by an actual IRC channel rather than only the IRC protocol. This is an improvement over bots such as Tsunami and Torlus making Remaiten a greater threat than both combined. To avoid detection, Remaiten tries to determine the platform of a device to download the architecture-appropriate component from the command & control server. Once Remaiten infects a device it is able to perform actions such as launching distributed denial of service attacks or download more malware on a device.[5] Remaiten is able to scan and remove competing bots on a system compromised by it.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://en.wikipedia.org/wiki/Remaiten"
|
||||
]
|
||||
},
|
||||
"uuid": "44460f62-85b9-4a36-99f7-553f58231ae2",
|
||||
"value": "Remaiten"
|
||||
},
|
||||
{
|
||||
"description": "Retadup is a worm affecting Windows machines primarily throughout Latin America. Its objective is to achieve persistence on its victims’ computers, to spread itself far and wide and to install additional malware payloads on infected machines. In the vast majority of cases, the installed payload is a piece of malware mining cryptocurrency on the malware authors’ behalf. The French law enforcement agency, National Gendarmerie, in 2019 announced the successful takedown of one of the largest wide-spread RETADUP botnet malware and how it remotely disinfected more than 850,000 computers worldwide with the help of researchers.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://decoded.avast.io/janvojtesek/putting-an-end-to-retadup-a-malicious-worm-that-infected-hundreds-of-thousands/",
|
||||
"https://thehackernews.com/2019/08/retadup-botnet-malware.html"
|
||||
]
|
||||
},
|
||||
"uuid": "a860f4b7-68e9-4252-8ef5-2bb2ce0bc790",
|
||||
"value": "Retadup"
|
||||
},
|
||||
{
|
||||
"description": "RootSTV is a trojan and downloader for Android devices, mainly SmartTVs. RootSTV downloads additional malicious programs from a server and executes them without the user's consent. ",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.bsi.bund.de/EN/Themen/Verbraucherinnen-und-Verbraucher/Cyber-Sicherheitslage/Methoden-der-Cyber-Kriminalitaet/Botnetze/Steckbriefe-aktueller-Botnetze/steckbriefe-aktueller-botnetze_node.html"
|
||||
]
|
||||
},
|
||||
"uuid": "0170e672-7459-4bb3-8c1f-dc70d6249843",
|
||||
"value": "RootSTV"
|
||||
},
|
||||
{
|
||||
"description": "Rovnix is a data-stealing trojan that spreads by email and infects Windows PCs. Initial versions of the malware featured the extraction of data from compromised machines using unencrypted comms but more recently this has evolved to feature encryption during broadcast. The malware spread via e-mails infected with the Andromeda downloader. The infected attachment gets executed by an unwary user and this in turn downloads and runs Rovnix. The whole attack is designed to steal financial information, mainly credit card numbers. A new cluster of infections by the Rovnix Trojan has infected more than 130,000 Windows computers in the UK alone.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.theregister.com/2014/11/06/rovnix_trojan_outbreak/"
|
||||
]
|
||||
},
|
||||
"uuid": "3c4b55a6-fff0-4faf-9f7f-19f18d35223f",
|
||||
"value": "Rovnix"
|
||||
},
|
||||
{
|
||||
"description": "Slenfbot was first discovered in 2007 and, since then, numerous variants have followed; each with slightly different characteristics and new additions to the worm's payload, such as the ability to provide the attacker with unauthorized access to the compromised host. Slenfbot primarily spreads by luring users to follow links to websites, which contain a malicious payload. Slenfbot propagates via instant messaging applications, removable drives and/or the local network via network shares. The code for Slenfbot appears to be closely managed, which may provide attribution to a single group and/or indicate that a large portion of the code is shared amongst multiple groups. The inclusion of other malware families and variants as well as its own continuous evolution, makes Slenfbot a highly effective downloader with a propensity to cause even more damage to compromised systems.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://en.wikipedia.org/wiki/Slenfbot"
|
||||
]
|
||||
},
|
||||
"uuid": "03d4ec41-3042-44fa-8de0-127981e21e63",
|
||||
"value": "Slenfbot"
|
||||
},
|
||||
{
|
||||
"description": "Stacheldraht is malware which performs a distributed denial-of-service (DDoS) attack. Stacheldraht uses a number of different denial-of-service (DoS) attack methods, including Ping flood, UDP flood, TCP SYN flood, and Smurf attack. Further, it can detect and automatically enable source address forgery. Adding encryption, it combines features of Trinoo and of Tribe Flood Network. The software runs on both Linux and Solaris.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://en.wikipedia.org/wiki/Stacheldraht"
|
||||
]
|
||||
},
|
||||
"uuid": "c2052368-e9f1-494c-8f23-a8d8a7cbd97b",
|
||||
"value": "Stacheldraht"
|
||||
},
|
||||
{
|
||||
"description": "Suppobox is a trojan that intercepts any network traffic connected with a monetary transaction when users buy or sell products online. The malware focuses on auction websites.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.bsi.bund.de/EN/Themen/Verbraucherinnen-und-Verbraucher/Cyber-Sicherheitslage/Methoden-der-Cyber-Kriminalitaet/Botnetze/Steckbriefe-aktueller-Botnetze/steckbriefe-aktueller-botnetze.html"
|
||||
],
|
||||
"synonyms": [
|
||||
"Bayrob",
|
||||
"Nivdort"
|
||||
]
|
||||
},
|
||||
"uuid": "de003ee4-ab51-44fb-891d-133a1efaa7d7",
|
||||
"value": "Suppobox"
|
||||
},
|
||||
{
|
||||
"description": "Triada is a trojan for Android devices. Triada's primary function is to record text messages. For example, it intercepts in-app purchases via text message and redirects payments made. Triada downloads other malware from a server and runs these programs.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.bsi.bund.de/EN/Themen/Verbraucherinnen-und-Verbraucher/Cyber-Sicherheitslage/Methoden-der-Cyber-Kriminalitaet/Botnetze/Steckbriefe-aktueller-Botnetze/steckbriefe-aktueller-botnetze.html"
|
||||
],
|
||||
"synonyms": [
|
||||
"APK. Triada"
|
||||
]
|
||||
},
|
||||
"uuid": "0f1cc805-dd9c-483d-b6b8-8c1b67861a7d",
|
||||
"value": "Triada"
|
||||
},
|
||||
{
|
||||
"description": "Trinoo is a set of computer programs to conduct a DDoS attack. It is believed that trinoo networks have been set up on thousands of systems on the Internet that have been compromised by remote buffer overrun exploits.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://en.wikipedia.org/wiki/Trinoo"
|
||||
],
|
||||
"synonyms": [
|
||||
"trin00"
|
||||
]
|
||||
},
|
||||
"uuid": "99a0484c-c252-4ce8-8e7c-413f58a373b9",
|
||||
"value": "Trinoo"
|
||||
},
|
||||
{
|
||||
"description": "Zemra is a DDoS Bot which was first discovered in underground forums in May 2012. Zemra is capable of HTTP and SYN Flood flooding and also has a simple Command & Control panel that is protected with 256-bit DES encryption for communicating with its command and control (C&C) server. Zemra also sends information such as Computer name, Language settings, and Windows version. It will send this data to a remote location on a specific date and time. It also opens a backdoor on TCP port 7710 to receive commands from a remote command-and-control server, and it is able to monitor devices, collect system information, execute files, and even update or uninstall itself if necessary.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://en.wikipedia.org/wiki/Zemra"
|
||||
]
|
||||
},
|
||||
"uuid": "67d3961e-675f-4e81-bf8b-5b2fa1606d3c",
|
||||
"value": "Zemra"
|
||||
},
|
||||
{
|
||||
"description": "Ztorg is a trojan for Android devices. Its functions include unauthorised user tracking, stealing passwords, the silent installation of additional applications without the user's permission, and the collection of data on the mobile phone, such as its location and contacts. Ztorg is a piece of malware that opens a backdoor to an infected device. Through this backdoor, the attacker can gain access to the system and perform other actions. The malware is capable of a wide range of attack types, from information theft to downloading other malware.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.bsi.bund.de/EN/Themen/Verbraucherinnen-und-Verbraucher/Cyber-Sicherheitslage/Methoden-der-Cyber-Kriminalitaet/Botnetze/Steckbriefe-aktueller-Botnetze/steckbriefe-aktueller-botnetze_node.html"
|
||||
]
|
||||
},
|
||||
"uuid": "40cd57f6-39c9-4a9f-b4cf-de4762642bff",
|
||||
"value": "Ztorg"
|
||||
}
|
||||
],
|
||||
"version": 22
|
||||
"version": 35
|
||||
}
|
||||
|
|
|
@ -0,0 +1,745 @@
|
|||
{
|
||||
"authors": [
|
||||
"Badis Belhadj-Chaidi",
|
||||
"Thomas Pedrotti"
|
||||
],
|
||||
"category": "tool",
|
||||
"description": "Cancer classifying",
|
||||
"name": "Cancer",
|
||||
"source": "MISP Project",
|
||||
"type": "disease",
|
||||
"uuid": "c03eba6e-a08a-11ec-b909-0242ac120002",
|
||||
"values": [
|
||||
{
|
||||
"description": "Adenoid cystic carcinoma is a rare kind of cancer that usually starts in the glands that make saliva. These are under your tongue and on each side of your jaw below the jawbone. But it also can occur in other parts of your mouth and throat or other areas of your body, such as your sweat glands or tear glands.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/adenoid-cystic-carcinoma-facts"
|
||||
]
|
||||
},
|
||||
"uuid": "cd28ecc2-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Adenoid Cystic Carcinoma "
|
||||
},
|
||||
{
|
||||
"description": "Adrenal cancer is part of a group of tumors called neuroendocrine tumors (NETs). These can start in hormone-producing glands all over your body. Adrenal cancer starts in small glands called adrenal glands. You have two of them, one on top of each kidney. Cancer can happen in one or both.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/adrenal-cancer"
|
||||
]
|
||||
},
|
||||
"uuid": "cd28ee02-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Adrenal Gland Cancer"
|
||||
},
|
||||
{
|
||||
"description": "Amyloidosis is when an abnormal protein called amyloid builds up in your tissues and organs. When it does, it affects their shape and how they work. Amyloidosis is a serious health problem that can lead to life-threatening organ failure.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/lymphoma/amyloidosis-symptoms-causes-treatments#1"
|
||||
]
|
||||
},
|
||||
"uuid": "cd28ef4c-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Amyloidosis"
|
||||
},
|
||||
{
|
||||
"description": "Anal cancer is an uncommon malignancy that starts in the anus -- the opening at the end of the rectum.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/what-is-anal-cancer"
|
||||
]
|
||||
},
|
||||
"uuid": "cd28f078-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Anal Cancer"
|
||||
},
|
||||
{
|
||||
"description": "Ataxia is a movement disorder caused by problems in the brain. When you have ataxia, you have trouble moving parts of your body the way you want. Or the muscles in your arms and legs might move when you don’t want them to. The word ataxia actually means “without coordination.”",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/brain/ataxia-types-brain-and-nervous-system"
|
||||
]
|
||||
},
|
||||
"uuid": "cd28f1ae-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Ataxia-Telangiectasia"
|
||||
},
|
||||
{
|
||||
"description": "Moles, which usually look like small brown spots, are just groups of cells. The average adult has between 10 and 45 of them on their body. Most aren’t dangerous. Some go away as you get older. But how do you know if yours are normal? The best way is to look for specific features or changes that mean you should get a mole checked out.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/melanoma-skin-cancer/skin-mole-normal"
|
||||
]
|
||||
},
|
||||
"uuid": "cd28f2d0-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Atypical Mole Syndrome"
|
||||
},
|
||||
{
|
||||
"description": "Basal cell carcinoma is a cancer that grows on parts of your skin that get a lot of sun. It's natural to feel worried when your doctor tells you that you have it, but keep in mind that it's the least risky type of skin cancer. As long as you catch it early, you can be cured.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/melanoma-skin-cancer/melanoma-guide/basal-cell-carcinoma#1"
|
||||
]
|
||||
},
|
||||
"uuid": "cd28f708-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Basal Cell Carcinoma"
|
||||
},
|
||||
{
|
||||
"description": "Bile duct cancer, also called cholangiocarcinoma, is when unusual cells grow out of control inside your bile ducts. Those are thin tubes about 4 to 5 inches long that move a fluid called bile from your liver to your gallbladder and small intestine. Bile helps you digest fat in the food you eat.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/bile-duct-cancer"
|
||||
]
|
||||
},
|
||||
"uuid": "cd28f852-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Bile Duct Cancer"
|
||||
},
|
||||
{
|
||||
"description": "If your doctor tells you that you have cystic lung disease, it means you have one of a group of conditions that cause lung cysts -- sacs of tissue filled with air or fluid. Treatments can help, but your options depend on which type you have.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/lung/what-is-cystic-lung-disease"
|
||||
]
|
||||
},
|
||||
"uuid": "cd28f974-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Birt Hogg Dube Syndrome"
|
||||
},
|
||||
{
|
||||
"description": "The bladder is a hollow, flexible pouch in your pelvis. Its main job is to store urine before it leaves your body. Your kidneys make pee. Tubes called ureters carry the pee from your kidneys to your bladder. When you use the bathroom, the muscles in your bladder push the urine out through a tube called the urethra.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/bladder-cancer/default.htm"
|
||||
]
|
||||
},
|
||||
"uuid": "cd28fa82-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Bladder Cancer"
|
||||
},
|
||||
{
|
||||
"description": "Bone cancer is when unusual cells grow out of control in your bone. It destroys normal bone tissue. It may start in your bone or spread there from other parts of your body (called metastasis).",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/bone-tumors"
|
||||
]
|
||||
},
|
||||
"uuid": "cd28fb9a-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Bone Cancer"
|
||||
},
|
||||
{
|
||||
"description": "Brain tumors are abnormal growths of cells in the brain. Although such growths are popularly called brain tumors, not all brain tumors are cancer. Cancer is a term reserved for malignant tumors. Malignant tumors can grow and spread aggressively, overpowering healthy cells by taking their space, blood, and nutrients. They can also spread to distant parts of the body. Like all cells of the body, tumor cells need blood and nutrients to survive.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/brain-cancer/default.htm"
|
||||
]
|
||||
},
|
||||
"uuid": "cd28fd02-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Brain Tumor"
|
||||
},
|
||||
{
|
||||
"description": "Like all forms of cancer, breast cancer is made of unusual cells that grow out of control. Those cells may also travel to places in your body where they aren’t usually found. When that happens, the cancer is called metastatic.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/breast-cancer/default.htm"
|
||||
]
|
||||
},
|
||||
"uuid": "cd28fe38-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Breast Cancer"
|
||||
},
|
||||
{
|
||||
"description": "Even though men don't have breasts like women’s, they have a small amount of breast tissue. The \"breasts\" of a man are similar to the breasts of a girl before puberty. Girls’ tissue grows and develops, but men’s doesn't. But because they still have breast tissue, men can get breast cancer. Men get the same types of breast cancers that women do, but cancers involving the parts that make and store milk are rare. The risk of a man getting breast cancer in his lifetime is about 1 per 1,000.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/breast-cancer/breast-cancer-men"
|
||||
]
|
||||
},
|
||||
"uuid": "cd28ff5a-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Breast Cancer in Men"
|
||||
},
|
||||
{
|
||||
"description": "If your doctor tells you that you've got a carcinoid tumor, there's a lot to take in. The condition is a type of cancer, but unlike some other kinds, there's more than one part of the body where it might start. And depending on where you get it, you could have a bunch of different symptoms, from pain in your belly to a bad cough. All carcinoid tumors, wherever they show up, affect cells that make hormones. They're part of a group of diseases called neuroendocrine tumors (NETs).",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/carcinoid-tumors"
|
||||
]
|
||||
},
|
||||
"uuid": "cd29023e-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Carcinoid Tumor"
|
||||
},
|
||||
{
|
||||
"description": "Cervical cancer happens when cells change in women’s cervix, which connects the uterus and vagina. This cancer can affect the deeper tissues of their cervix and may spread to other parts of their body (metastasize), often the lungs, liver, bladder, vagina, and rectum.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/cervical-cancer/default.htm"
|
||||
]
|
||||
},
|
||||
"uuid": "cd290392-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Cervical Cancer"
|
||||
},
|
||||
{
|
||||
"description": "Colorectal cancer, sometimes called colon cancer, starts when cells that line your colon or rectum grow out of control. It’s the third leading cause of cancer deaths among American men and women.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/colorectal-cancer/default.htm"
|
||||
]
|
||||
},
|
||||
"uuid": "cd2904be-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Colorectal Cancer"
|
||||
},
|
||||
{
|
||||
"description": "Ductal carcinoma is a common type of breast cancer that starts in cells that line the milk ducts, which carry breast milk to the nipple.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/breast-cancer/guide/ductal-carcinoma-invasive-in-situ"
|
||||
]
|
||||
},
|
||||
"uuid": "cd2905d6-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Ductal Carcinoma"
|
||||
},
|
||||
{
|
||||
"description": "Cancer can affect the uterus, the hollow, pear-shaped organ where a baby grows. The uterus is lined with a special tissue called the endometrium. When cancer grows in this lining, it is called endometrial cancer. Most cancers of the uterus are endometrial cancer.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/understanding-endometrial-cancer-basics"
|
||||
]
|
||||
},
|
||||
"uuid": "cd29070c-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Endometrial Cancer"
|
||||
},
|
||||
{
|
||||
"description": "Esophageal cancer occurs when cancer cells develop in the esophagus, a tube-like structure that runs from your throat to your stomach. Food goes from the mouth to the stomach through the esophagus. The cancer starts at the inner layer of the esophagus and can spread throughout the other layers of the esophagus and to other parts of the body (metastasis).",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/esophageal-cancer"
|
||||
]
|
||||
},
|
||||
"uuid": "cd2908ba-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Esophageal Cancer"
|
||||
},
|
||||
{
|
||||
"description": "Stomach cancer begins when cancer cells form in the inner lining of your stomach. These cells can grow into a tumor. Also called gastric cancer, the disease usually grows slowly over many years. Stomach cancer is most often seen in people in their late 60s through 80s.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/stomach-gastric-cancer"
|
||||
]
|
||||
},
|
||||
"uuid": "cd290a2c-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Gastric Cancer"
|
||||
},
|
||||
{
|
||||
"description": "Gastrointestinal stromal tumor is a type of cancer known as a soft tissue sarcoma that affects the GI tract. However, GIST has become a treatable disease over time. Maintaining a healthy lifestyle and following doctor’s orders will help improve your treatment experience.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/daily-life-with-gist"
|
||||
]
|
||||
},
|
||||
"uuid": "cd290d38-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Gastrontestinal Stromal Tumor - GIST"
|
||||
},
|
||||
{
|
||||
"description": "HER2-positive breast cancer is when breast cancer cells have a protein receptor called HER2 (human epidermal growth factor receptor 2). Normally, this protein helps breast cells grow, divide, and repair themselves. But sometimes, something goes wrong in the gene that controls the HER2 protein and your body makes too many of these receptors. This causes your breast cells to grow and divide uncontrollably. About 1 of 5 breast cancers are HER2-positive.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/breast-cancer/her2"
|
||||
]
|
||||
},
|
||||
"uuid": "cd291184-a08a-11ec-b909-0242ac120002",
|
||||
"value": "HER2-Positive Breast Cancer"
|
||||
},
|
||||
{
|
||||
"description": "Pancreatic NETs grow in your pancreas, a gland in your belly that has two big jobs. It makes juices to digest food, and it makes hormones, which are chemicals that control different actions in your body. NETs grow in the cells that make hormones.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/pancreatic-neuroendocrine-tumors-nets"
|
||||
]
|
||||
},
|
||||
"uuid": "cd2912b0-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Islet Cell Tumor"
|
||||
},
|
||||
{
|
||||
"description": "One of the risk factors for colorectal cancer is a family history of the disease. Colorectal cancer is called \"hereditary\" or \"inherited\" when several generations of a family have it. Experts have found gene changes (also known as mutations or abnormalities) that cause colorectal cancer.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/colorectal-cancer/guide/inherited-colorectal-cancer"
|
||||
]
|
||||
},
|
||||
"uuid": "cd2913c8-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Juvenile Polyposis Syndrome"
|
||||
},
|
||||
{
|
||||
"description": "Kidney cancer -- also called renal cancer -- is a disease in which kidney cells become malignant (cancerous) and grow out of control, forming a tumor. Almost all kidney cancers first appear in the lining of tiny tubes (tubules) in the kidney. This type of kidney cancer is called renal cell carcinoma.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/understanding-kidney-cancer"
|
||||
]
|
||||
},
|
||||
"uuid": "cd2914e0-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Kidney Cancer"
|
||||
},
|
||||
{
|
||||
"description": "Laryngeal cancer develops when cancer cells form in the tissue of the larynx, or voice box. It’s one of the most common types of head and neck cancers, affecting about 12,620 adults in the U.S. each year. Men are almost four times more likely to be diagnosed with it than women.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/what-is-laryngeal-cancer"
|
||||
]
|
||||
},
|
||||
"uuid": "cd2915f8-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Laryngeal Cancer"
|
||||
},
|
||||
{
|
||||
"description": "B-cell acute lymphoblastic leukemia is a cancer that affects your \"B lymphocytes\" -- white blood cells that grow in the soft center of your bones, called marrow.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/lymphoma/b-cell-acute-lymphoblastic-leukemia-adults#1"
|
||||
]
|
||||
},
|
||||
"uuid": "cd291710-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Leukemia - Acute Lymphoblastic Leukemia"
|
||||
},
|
||||
{
|
||||
"description": "Acute lymphoblastic leukemia (ALL) is a type of blood cancer that starts in white blood cells in your bone marrow, the soft inner part of your bones. It develops from immature lymphocytes, a kind of white blood cell that’s key to your immune system. ALL is also known as acute lymphocytic leukemia or acute lymphoid leukemia. ”Acute” means it gets worse quickly. It’s a rare type of leukemia, or blood cancer, in adults but the most common type in children.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/lymphoma/acute-lymphoblastic-leukemia"
|
||||
]
|
||||
},
|
||||
"uuid": "cd291828-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Leukemia - Acute Lymphocytic (ALL)"
|
||||
},
|
||||
{
|
||||
"description": "Acute myeloid leukemia (AML) is a type of blood cancer. It starts in your bone marrow, the soft inner parts of bones. AML usually begins in cells that turn into white blood cells, but it can start in other blood-forming cells, as well.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/lymphoma/acute-myeloid-leukemia-symptoms-treatments#1"
|
||||
]
|
||||
},
|
||||
"uuid": "cd291aee-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Leukemia - Acute Myeloid AML"
|
||||
},
|
||||
{
|
||||
"description": "Leukemia is a blood cancer caused by a rise in the number of white blood cells in your body. Those white blood cells crowd out the red blood cells and platelets that your body needs to be healthy. The extra white blood cells don’t work right.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/lymphoma/understanding-leukemia-basics"
|
||||
]
|
||||
},
|
||||
"uuid": "cd291c1a-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Leukemia - Adult"
|
||||
},
|
||||
{
|
||||
"description": "Childhood leukemia, the most common type of cancer in children and teens, is a cancer of the white blood cells. Abnormal white blood cells form in the bone marrow. They quickly travel through the bloodstream and crowd out healthy cells. This raises the body's chances of infection and other problems.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/lymphoma/childhood-leukemia-symptoms-treatments"
|
||||
]
|
||||
},
|
||||
"uuid": "cd291d3c-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Leukemia - Childhood"
|
||||
},
|
||||
{
|
||||
"description": "Chronic lymphocytic leukemia (CLL) is a cancer that affects a type of white blood cell called a \"lymphocyte.\" Lymphocytes help your body fight infection. They're made in the soft center of your bones, called the marrow. If you have CLL, your body makes an abnormally high number of lymphocytes that aren't working right.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/lymphoma/chronic-lymphocytic-leukemia-rare#1"
|
||||
]
|
||||
},
|
||||
"uuid": "cd291e54-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Leukemia - Chronic Lymphocytic - CLL"
|
||||
},
|
||||
{
|
||||
"description": "Chronic myelogenous leukemia (CML) is a cancer that affects your blood cells and bone marrow -- the soft part inside your bones where blood cells are made. You may also hear your doctor call it chronic myeloid leukemia. It's the same disease, just a different name.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/lymphoma/cml-need-to-know-first"
|
||||
]
|
||||
},
|
||||
"uuid": "cd291f76-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Leukemia - Chronic Myeloid - CML"
|
||||
},
|
||||
{
|
||||
"description": "The liver continuously filters blood that circulates through the body, converting nutrients and drugs absorbed from the digestive tract into ready-to-use chemicals. The liver performs many other important functions, such as removing toxins and other chemical waste products from the blood and readying them for excretion. Because all the blood in the body must pass through it, the liver is unusually accessible to cancer cells traveling in the bloodstream.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/understanding-liver-cancer-basic-information"
|
||||
]
|
||||
},
|
||||
"uuid": "cd2921f6-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Liver Cancer"
|
||||
},
|
||||
{
|
||||
"description": "Invasive lobular carcinoma (ILC) is breast cancer that begins in one of the glands that make milk, called lobules, and spreads to other parts of the breast. It’s the second most common form of breast cancer after invasive ductal carcinoma, which begins in a milk duct.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/breast-cancer/guide/lobular-carcinoma-invasive-and-in-situ"
|
||||
]
|
||||
},
|
||||
"uuid": "cd292336-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Lobular Carcinoma"
|
||||
},
|
||||
{
|
||||
"description": "It’s cancer that starts in your lungs and can spread to other parts of your body. Although it’s the top cause of cancer deaths for U.S. men and women, it’s also one of the most preventable kinds, by not smoking and avoiding other people’s secondhand smoke.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/lung-cancer/default.htm"
|
||||
]
|
||||
},
|
||||
"uuid": "cd29244e-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Lung Cancer"
|
||||
},
|
||||
{
|
||||
"description": "When cells of the lung start growing rapidly in an uncontrolled manner, the condition is called lung cancer. Cancer can affect any part of the lung, and it's the leading cause of cancer deaths in both women and men in the United States, Canada, and China. There are two main types of lung cancer. Small-cell lung cancer (SCLC), sometimes called small-cell carcinoma, causes about 10%-15% of all lung cancer. Non-small-cell lung cancer (NSCLC) causes the rest.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/lung-cancer/small-cell-lung-cancer"
|
||||
]
|
||||
},
|
||||
"uuid": "cd29278c-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Lung Cancer - Small Cell"
|
||||
},
|
||||
{
|
||||
"description": "Hodgkin lymphoma, also known as Hodgkin's disease, is a type of lymphoma, a cancer of the lymphatic system.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/lymphoma/understanding-hodgkins-disease-basic-information"
|
||||
]
|
||||
},
|
||||
"uuid": "cd2928c2-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Lymphoma - Hodgkin's"
|
||||
},
|
||||
{
|
||||
"description": "Lymphoma occurs when the lymph-node cells or the lymphocytes begin to multiply uncontrollably, producing cancerous cells that have the abnormal capacity to invade other tissues throughout the body. Non-Hodgkin lymphoma is further classified into a variety of subtypes based on the cell of origin (B-cell or T-cell), and the cell characteristics.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/lymphoma/understanding-non-hodgkins-lymphoma-basics"
|
||||
]
|
||||
},
|
||||
"uuid": "cd292a52-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Lymphoma - Non-Hodgkin's"
|
||||
},
|
||||
{
|
||||
"description": "Glioma is a broad category of brain and spinal cord tumors that come from glial cells brain cells that support nerve cells.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/brain-cancer/malignant-gliomas"
|
||||
]
|
||||
},
|
||||
"uuid": "cd292bb0-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Malignant Glioma"
|
||||
},
|
||||
{
|
||||
"description": "There are three major types of skin cancers: basal cell carcinoma (BCC), squamous cell carcinoma (SCC), and melanoma.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/melanoma-skin-cancer/default.htm"
|
||||
]
|
||||
},
|
||||
"uuid": "cd292cc8-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Melanoma"
|
||||
},
|
||||
{
|
||||
"description": "A meningioma is a tumor that forms on membranes that cover the brain and spinal cord just inside the skull.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/brain-cancer/meningioma-causes-symptoms-treatment"
|
||||
]
|
||||
},
|
||||
"uuid": "cd292de0-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Meningioma"
|
||||
},
|
||||
{
|
||||
"description": "Multiple myeloma, also known as Kahler's disease, is a type of blood cancer. There's no cure, but treatments can slow its spread and sometimes make symptoms go away.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/multiple-myeloma/guide/multiple-myeloma-symptoms-causes-treatment"
|
||||
]
|
||||
},
|
||||
"uuid": "cd292f02-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Multiple Myeloma"
|
||||
},
|
||||
{
|
||||
"description": "Myelodysplastic syndromes are a rare group of disorders in which your body no longer makes enough healthy blood cells. You might sometimes hear it called a “bone marrow failure disorder.”",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/lymphoma/myelodysplastic-syndrome-causes-symptoms-treatment"
|
||||
]
|
||||
},
|
||||
"uuid": "cd29301a-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Myelodysplastic Syndrome (MDS)"
|
||||
},
|
||||
{
|
||||
"description": "MNasopharyngeal cancer is a rare type of head and neck cancer. It starts in the upper part of your throat, behind the nose. This area is called the nasopharynx.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/nasopharyngeal-cancer"
|
||||
]
|
||||
},
|
||||
"uuid": "cd2934c0-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Nasopharyngeal Cancer"
|
||||
},
|
||||
{
|
||||
"description": "When you first hear that you've got a neuroendocrine tumor, you'll have lots of questions about what it is and how it will affect you. There are quite a few types of this disease, and it can show up in many places in your body.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/neuroendocrine-tumors"
|
||||
]
|
||||
},
|
||||
"uuid": "cd293628-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Neuroendocrine Tumor"
|
||||
},
|
||||
{
|
||||
"description": "Oral cancer appears as a growth or sore in the mouth that does not go away. About 50,000 people in the U.S. get oral cancer each year, 70% of them men. Oral cancer includes cancers of the lips, tongue, cheeks, floor of the mouth, hard and soft palate, sinuses, and pharynx (throat. It can be life-threatening if not diagnosed and treated early.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/oral-health/guide/oral-cancer"
|
||||
]
|
||||
},
|
||||
"uuid": "cd293768-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Oral Cancer"
|
||||
},
|
||||
{
|
||||
"description": "Osteosarcoma, also called osteogenic sarcoma, is a kind of bone cancer. It happens when the cells that grow new bone form a cancerous tumor. Treatment -- chemotherapy and surgery to take out the tumor -- is usually successful when the disease is diagnosed early, before it can spread.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/what-is-osteosarcoma"
|
||||
]
|
||||
},
|
||||
"uuid": "cd2938a8-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Osteosarcoma"
|
||||
},
|
||||
{
|
||||
"description": "Ovarian cancer happens when cells that are not normal grow in one or both of your ovaries, two small glands located on either side of your uterus.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/ovarian-cancer/guide/ovarian-cancer-overview-facts"
|
||||
]
|
||||
},
|
||||
"uuid": "cd2939ca-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Ovarian Cancer"
|
||||
},
|
||||
{
|
||||
"description": "Pancreatic cancer is classified according to which part of the pancreas is affected: the part that makes digestive substances (exocrine) or the part that makes insulin and other hormones (endocrine).",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/pancreatic-cancer/information-pancreatic-cancer"
|
||||
]
|
||||
},
|
||||
"uuid": "cd293ae2-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Pancreatic Cancer"
|
||||
},
|
||||
{
|
||||
"description": "Pancreatic NETs grow in your pancreas, a gland in your belly that has two big jobs. It makes juices to digest food, and it makes hormones, which are chemicals that control different actions in your body. NETs grow in the cells that make hormones.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/pancreatic-neuroendocrine-tumors-nets"
|
||||
]
|
||||
},
|
||||
"uuid": "cd293bfa-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Pancreatic Neuroendocrine Tumors"
|
||||
},
|
||||
{
|
||||
"description": "The parathyroid glands are four tiny glands attached to the thyroid. They are located under the Adam’s apple in your neck.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/parathyroid-cancer"
|
||||
]
|
||||
},
|
||||
"uuid": "cd293d1c-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Parathyroid Cancer"
|
||||
},
|
||||
{
|
||||
"description": "Penile Cancer is cancer that starts in the penis, the outer part of the man's sexual tract. Most penile cancers start in a flat type of skin cell called a squamous cell. Squamous cell penile cancer usually grows slowly.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/penile-cancer-directory"
|
||||
]
|
||||
},
|
||||
"uuid": "cd294032-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Penile Cancer"
|
||||
},
|
||||
{
|
||||
"description": "Peritoneal cancer is a rare cancer. It develops in a thin layer of tissue that lines the abdomen. It also covers the uterus, bladder, and rectum.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/peritoneal-cancer-prognosis-symptoms-treatments"
|
||||
]
|
||||
},
|
||||
"uuid": "cd294262-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Peritoneal Cancer"
|
||||
},
|
||||
{
|
||||
"description": "Scattered dark brown macules appear on the lips of an adult with Peutz-Jeghers syndrome. These macules also appear inside the mouth. Pigmented macules on the lips may fade with time, but the intraoral pigmentation persists for life.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/skin-problems-and-treatments/picture-of-peutz-jeghers-syndrome"
|
||||
]
|
||||
},
|
||||
"uuid": "cd2943b6-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Peutz-Jeghers Syndrome"
|
||||
},
|
||||
{
|
||||
"description": "A pituitary gland tumor is a group of abnormal cells that grows out of control in your pituitary gland. Most of these tumors are not cancerous. Pituitary cancer is very rare.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/brain-cancer/pituitary-gland-tumors"
|
||||
]
|
||||
},
|
||||
"uuid": "cd2944e2-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Pituitary Gland Tumor"
|
||||
},
|
||||
{
|
||||
"description": "Polycythemia vera (PV) is a blood cancer that begins in the marrow of your bones, the soft center where new blood cells grow. It causes your marrow to make too many red blood cells so your blood is too thick.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/polycythemia-vera"
|
||||
]
|
||||
},
|
||||
"uuid": "cd294604-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Polycythemia Vera"
|
||||
},
|
||||
{
|
||||
"description": "Cancer of the prostate, a gland in the male reproductive system, is a major health concern for American men. The disease is rare before age 50, and experts believe most elderly men have traces of it.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/prostate-cancer/guide/prostate-cancer-overview-facts"
|
||||
]
|
||||
},
|
||||
"uuid": "cd294712-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Prostate Cancer"
|
||||
},
|
||||
{
|
||||
"description": "It's the most common type of kidney cancer. Although it’s a serious disease, finding and treating it early makes it more likely that you’ll be cured. No matter when you’re diagnosed, you can do certain things to ease your symptoms and feel better during your treatment.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/renal-cell-carcinoma"
|
||||
]
|
||||
},
|
||||
"uuid": "cd29483e-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Renal Cell Carcinoma"
|
||||
},
|
||||
{
|
||||
"description": "This is a rare form of eye cancer that usually happens in childhood. It starts in the retina -- the part of the eye that senses light and sends pictures to the brain.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/what-is-retinoblastoma"
|
||||
]
|
||||
},
|
||||
"uuid": "cd294960-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Retinoblastoma"
|
||||
},
|
||||
{
|
||||
"description": "You have hundreds of salivary glands in and around your mouth. Some are so small you can only see them with the help of a microscope. Because there are so many salivary glands, and so many types of cells in those glands, there are also hundreds of types of salivary gland cancer. Most of them are extremely rare, and more than half of salivary gland tumors turn out to be benign (not cancer).",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/salivary-gland-cancer"
|
||||
]
|
||||
},
|
||||
"uuid": "cd294c94-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Salivary Gland Cancer"
|
||||
},
|
||||
{
|
||||
"description": "A sarcoma is a rare kind of cancer. Sarcomas are different from the much more common carcinomas because they happen in a different kind of tissue. Sarcomas grow in connective tissue -- cells that connect or support other kinds of tissue in your body. These tumors are most common in the bones, muscles, tendons, cartilage, nerves, fat, and blood vessels of your arms and legs, but they can also happen in other areas of your body..",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/sarcoma"
|
||||
]
|
||||
},
|
||||
"uuid": "cd294dc0-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Sarcoma"
|
||||
},
|
||||
{
|
||||
"description": "Kaposi’s sarcoma (KS) is a form of cancer in which tumors with tiny blood vessels grow below the surface of your skin and in your mouth, nose, eyes, and anus. It can spread to your lungs, liver, stomach, intestines, and lymph nodes, the glands that help your body fight infection.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/hiv-aids/guide/aids-hiv-opportunistic-infections-kaposis-sarcoma"
|
||||
]
|
||||
},
|
||||
"uuid": "cd294ee2-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Sarcoma - Kaposi"
|
||||
},
|
||||
{
|
||||
"description": "Skin cancer is the most common of all human cancers. In 2020, more than 100,000 people in the U.S. are expected to be diagnosed with some type of the disease. Nearly 7,000 are expected to die.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/melanoma-skin-cancer/melanoma-guide/skin-cancer#1"
|
||||
]
|
||||
},
|
||||
"uuid": "cd294ffa-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Skin Cancer"
|
||||
},
|
||||
{
|
||||
"description": "Small intestine cancer is a rare disease where cells in the tissue of the small intestine change. They grow out of control and can form a mass, or tumor.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/cancer-of-the-small-intestine"
|
||||
]
|
||||
},
|
||||
"uuid": "cd295112-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Small Intestine Cancer"
|
||||
},
|
||||
{
|
||||
"description": "Stomach cancer begins when cancer cells form in the inner lining of your stomach. These cells can grow into a tumor. Also called gastric cancer, the disease usually grows slowly over many years. Stomach cancer is most often seen in people in their late 60s through 80s.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/stomach-gastric-cancer"
|
||||
]
|
||||
},
|
||||
"uuid": "cd29522a-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Stomach Cancer"
|
||||
},
|
||||
{
|
||||
"description": "Cancer can occur in many areas of the body, including the sexual organs. Men have two testicles, sometimes called testes. They are one of many glands in the body. Their job is to make male hormones and sperm. They hang beneath and behind a man's penis in a pouch of skin called the scrotum.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/understanding-testicular-cancer-basics"
|
||||
]
|
||||
},
|
||||
"uuid": "cd295338-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Testicular Cancer"
|
||||
},
|
||||
{
|
||||
"description": "Thymoma and thymic carcinoma are two types of thymus cancer. The thymus is a small organ in the upper chest. It’s in front of and above the heart. It makes white blood cells that help your body fight infection.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/thymoma-thymic-carcinoma"
|
||||
]
|
||||
},
|
||||
"uuid": "cd295658-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Thymoma"
|
||||
},
|
||||
{
|
||||
"description": "Thyroid cancer develops when cells change or mutate. The abnormal cells begin multiplying in your thyroid and, once there are enough of them, they form a tumor.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/what-is-thyroid-cancer"
|
||||
]
|
||||
},
|
||||
"uuid": "cd2957ac-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Thyroid Cancer"
|
||||
},
|
||||
{
|
||||
"description": "Cancer can affect the uterus, the hollow, pear-shaped organ where a baby grows. The uterus is lined with a special tissue called the endometrium. When cancer grows in this lining, it is called endometrial cancer. Most cancers of the uterus are endometrial cancer.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/understanding-endometrial-cancer-basics"
|
||||
]
|
||||
},
|
||||
"uuid": "cd29591e-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Uterine (Endometrial) Cancer"
|
||||
},
|
||||
{
|
||||
"description": "Vaginal cancer happens when cancerous cells grow in your vagina.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/what-is-vaginal-cancer"
|
||||
]
|
||||
},
|
||||
"uuid": "cd295a40-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Vaginal Cancer"
|
||||
},
|
||||
{
|
||||
"description": "A Wilms tumor (also called a nephroblastoma) is the most common kidney cancer in children. Most children with it have a tumor on one kidney, but about 5% get a tumor on both.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.webmd.com/cancer/what-is-wilms-tumor"
|
||||
]
|
||||
},
|
||||
"uuid": "cd295b58-a08a-11ec-b909-0242ac120002",
|
||||
"value": "Wilms' Tumor "
|
||||
}
|
||||
],
|
||||
"version": 1
|
||||
}
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
@ -42,7 +42,37 @@
|
|||
},
|
||||
"uuid": "20e563b0-f0c9-4253-aedd-a4542d6689ed",
|
||||
"value": "WannaMine"
|
||||
},
|
||||
{
|
||||
"description": "Blue Mockingbird Crypto miner is a crypto-mining payload within DLLs on Windows Systems.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://redcanary.com/blog/blue-mockingbird-cryptominer/"
|
||||
]
|
||||
},
|
||||
"uuid": "3dd091c9-608f-44d6-ac0c-5dfdf9bb4518",
|
||||
"value": "Blue Mockingbird Cryptominer"
|
||||
},
|
||||
{
|
||||
"description": "The Krane malware uses SSH brute-force techniques to drop the XMRig cryptominer on the target to mine for the Hashvault pool.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://cujo.com/threat-alert-krane-malware/"
|
||||
]
|
||||
},
|
||||
"uuid": "a0c0ab05-c390-425c-9311-f64bf7ca9145",
|
||||
"value": "Krane"
|
||||
},
|
||||
{
|
||||
"description": "“Hezb”, which is based on command line artifact data, was observed around Kinsing. This malware is relatively new and was recently reported in late May exploiting WSO2 RCE (CVE-2022-29464) in the wild. Several malware components were observed, the first of which was an XMRig miner installed as “Hezb”. Additional modules included a polkit exploit for privilege escalation as well as a zero-detection ELF payload named “kik”.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.lacework.com/blog/kinsing-dark-iot-botnet-among-threats-targeting-cve-2022-26134/"
|
||||
]
|
||||
},
|
||||
"uuid": "428bbf01-7756-48a2-848d-6bca3997f1df",
|
||||
"value": "Hezb"
|
||||
}
|
||||
],
|
||||
"version": 1
|
||||
"version": 3
|
||||
}
|
||||
|
|
|
@ -0,0 +1,945 @@
|
|||
{
|
||||
"authors": [
|
||||
"DISARM Project"
|
||||
],
|
||||
"category": "disarm",
|
||||
"description": "DISARM is a framework designed for describing and understanding disinformation incidents.",
|
||||
"name": "Actor Types",
|
||||
"source": "https://github.com/DISARMFoundation/DISARMframeworks",
|
||||
"type": "disarm-actortypes",
|
||||
"uuid": "f1cb3e2f-f760-54a1-a3aa-a4f0fc342750",
|
||||
"values": [
|
||||
{
|
||||
"description": "Person who can wrangle data, implement machine learning algorithms etc",
|
||||
"meta": {
|
||||
"external_id": "A001",
|
||||
"kill_chain": [
|
||||
"sectors:Nonprofit",
|
||||
"sectors:Civil Society",
|
||||
"sectors:Government",
|
||||
"sectors:Academic",
|
||||
"sectors:Activist",
|
||||
"sectors:General Public",
|
||||
"sectors:Social Media Company",
|
||||
"sectors:Other Tech Company",
|
||||
"sectors:Other Company",
|
||||
"sectors:Media"
|
||||
],
|
||||
"refs": [
|
||||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/actortypes/A001.md"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "9167d3c2-1f91-58f1-9dc2-fbe948f6b31c",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "590350b9-2614-572b-825b-b2498ebf4c17",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "187285bb-a282-5a6a-833e-01d9744165c4",
|
||||
"type": "detects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d4f0dd4b-6818-52a4-b4ca-e1fef024c1a0",
|
||||
"type": "detects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "5aca53f0-2c85-5298-9eeb-4ac8325abb6b",
|
||||
"type": "detects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d24431db-fc6e-5c62-b3d0-113a2219dbec",
|
||||
"type": "detects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "745658e5-5437-5f92-b2c4-80569a3cb330",
|
||||
"type": "detects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d3216499-77fd-528e-8b65-7c3bded9adda",
|
||||
"type": "detects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "1dc819ef-5eb6-51df-9614-bc9bf8218279",
|
||||
"type": "detects"
|
||||
}
|
||||
],
|
||||
"uuid": "03aaf19c-42b9-5b8e-9d47-a6bb291f10fa",
|
||||
"value": "data scientist"
|
||||
},
|
||||
{
|
||||
"description": "Person being targeted by disinformation campaign",
|
||||
"meta": {
|
||||
"external_id": "A002",
|
||||
"kill_chain": [
|
||||
"sectors:Nonprofit",
|
||||
"sectors:Civil Society",
|
||||
"sectors:Government",
|
||||
"sectors:Academic",
|
||||
"sectors:Activist",
|
||||
"sectors:General Public",
|
||||
"sectors:Social Media Company",
|
||||
"sectors:Other Tech Company",
|
||||
"sectors:Other Company",
|
||||
"sectors:Media"
|
||||
],
|
||||
"refs": [
|
||||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/actortypes/A002.md"
|
||||
]
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "d202541b-34c0-573f-9e70-d6b0568194f6",
|
||||
"value": "target"
|
||||
},
|
||||
{
|
||||
"description": "Influencer",
|
||||
"meta": {
|
||||
"external_id": "A003",
|
||||
"kill_chain": [
|
||||
"sectors:Nonprofit",
|
||||
"sectors:Civil Society",
|
||||
"sectors:Government",
|
||||
"sectors:Academic",
|
||||
"sectors:Activist",
|
||||
"sectors:General Public",
|
||||
"sectors:Social Media Company",
|
||||
"sectors:Other Tech Company",
|
||||
"sectors:Other Company",
|
||||
"sectors:Media"
|
||||
],
|
||||
"refs": [
|
||||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/actortypes/A003.md"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "67bab8b7-908b-5b0f-bf56-26502798d743",
|
||||
"type": "affects"
|
||||
}
|
||||
],
|
||||
"uuid": "52f3153f-d7ab-5e42-9ee6-aea591856214",
|
||||
"value": "trusted authority"
|
||||
},
|
||||
{
|
||||
"description": "",
|
||||
"meta": {
|
||||
"external_id": "A004",
|
||||
"kill_chain": [
|
||||
"sectors:Civil Society"
|
||||
],
|
||||
"refs": [
|
||||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/actortypes/A004.md"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "d7895c21-5e79-58db-b055-1e065abf524b",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "2fe43d88-db8f-5156-98fb-4b9db0e5fff3",
|
||||
"type": "affects"
|
||||
}
|
||||
],
|
||||
"uuid": "d710c91e-a2f2-54ba-9477-fe51b9f31f76",
|
||||
"value": "activist"
|
||||
},
|
||||
{
|
||||
"description": "",
|
||||
"meta": {
|
||||
"external_id": "A005",
|
||||
"kill_chain": [
|
||||
"sectors:Civil Society"
|
||||
],
|
||||
"refs": [
|
||||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/actortypes/A005.md"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "c52274ce-09fe-5b50-b2f2-741be794da6e",
|
||||
"type": "affects"
|
||||
}
|
||||
],
|
||||
"uuid": "09f16551-695e-5d72-b58f-6cd256f7cb68",
|
||||
"value": "community group"
|
||||
},
|
||||
{
|
||||
"description": "",
|
||||
"meta": {
|
||||
"external_id": "A006",
|
||||
"kill_chain": [
|
||||
"sectors:Civil Society"
|
||||
],
|
||||
"refs": [
|
||||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/actortypes/A006.md"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "60e783f2-4e22-5495-abdf-cb73e1a5a4c1",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "523a0f1c-bb9e-5784-8838-ca7bc389688b",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "943ccc85-a339-5e32-ade9-09bc4bf6b4fd",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "c52274ce-09fe-5b50-b2f2-741be794da6e",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "5c8fc207-b237-58cc-bedd-024fea386a7a",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d00320eb-5cc4-52e1-ae09-8b2d79affda2",
|
||||
"type": "affects"
|
||||
}
|
||||
],
|
||||
"uuid": "a73d7508-4e4b-57d8-9dbf-15ac73b65a15",
|
||||
"value": "educator"
|
||||
},
|
||||
{
|
||||
"description": "Someone with the skills to verify whether information posted is factual",
|
||||
"meta": {
|
||||
"external_id": "A007",
|
||||
"kill_chain": [
|
||||
"sectors:Civil Society"
|
||||
],
|
||||
"refs": [
|
||||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/actortypes/A007.md"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "26781c01-b62d-5091-99f4-047e4a0e825e",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "5036147d-f885-5d57-98ea-2e0c478611cc",
|
||||
"type": "affects"
|
||||
}
|
||||
],
|
||||
"uuid": "997129f2-3afb-5d5e-9b67-d864c9721676",
|
||||
"value": "factchecker"
|
||||
},
|
||||
{
|
||||
"description": "",
|
||||
"meta": {
|
||||
"external_id": "A008",
|
||||
"kill_chain": [
|
||||
"sectors:Civil Society"
|
||||
],
|
||||
"refs": [
|
||||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/actortypes/A008.md"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "c52274ce-09fe-5b50-b2f2-741be794da6e",
|
||||
"type": "affects"
|
||||
}
|
||||
],
|
||||
"uuid": "b2457b24-f997-573e-9c25-90eab4559f8e",
|
||||
"value": "library"
|
||||
},
|
||||
{
|
||||
"description": "",
|
||||
"meta": {
|
||||
"external_id": "A009",
|
||||
"kill_chain": [
|
||||
"sectors:Civil Society"
|
||||
],
|
||||
"refs": [
|
||||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/actortypes/A009.md"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "c52274ce-09fe-5b50-b2f2-741be794da6e",
|
||||
"type": "affects"
|
||||
}
|
||||
],
|
||||
"uuid": "253aa4f0-d720-50b7-a462-70c85f5f5b9f",
|
||||
"value": "NGO"
|
||||
},
|
||||
{
|
||||
"description": "",
|
||||
"meta": {
|
||||
"external_id": "A010",
|
||||
"kill_chain": [
|
||||
"sectors:Civil Society"
|
||||
],
|
||||
"refs": [
|
||||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/actortypes/A010.md"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "c52274ce-09fe-5b50-b2f2-741be794da6e",
|
||||
"type": "affects"
|
||||
}
|
||||
],
|
||||
"uuid": "c198d0db-7fea-523d-acc5-24b1e7d3f47c",
|
||||
"value": "religious organisation"
|
||||
},
|
||||
{
|
||||
"description": "",
|
||||
"meta": {
|
||||
"external_id": "A011",
|
||||
"kill_chain": [
|
||||
"sectors:Civil Society"
|
||||
],
|
||||
"refs": [
|
||||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/actortypes/A011.md"
|
||||
]
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "f5b2ceb2-8f32-58f7-9225-c71a8242c932",
|
||||
"value": "school"
|
||||
},
|
||||
{
|
||||
"description": "Anyone who owns an account online",
|
||||
"meta": {
|
||||
"external_id": "A012",
|
||||
"kill_chain": [
|
||||
"sectors:General Public"
|
||||
],
|
||||
"refs": [
|
||||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/actortypes/A012.md"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "5481cc36-5af8-5ddf-bcb7-638d3be3f583",
|
||||
"type": "affects"
|
||||
}
|
||||
],
|
||||
"uuid": "e2947637-eba1-526e-820d-7d9c0d27b6be",
|
||||
"value": "account owner"
|
||||
},
|
||||
{
|
||||
"description": "",
|
||||
"meta": {
|
||||
"external_id": "A013",
|
||||
"kill_chain": [
|
||||
"sectors:General Public"
|
||||
],
|
||||
"refs": [
|
||||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/actortypes/A013.md"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "686ccd43-c358-5d5d-bd42-3e2279151670",
|
||||
"type": "affects"
|
||||
}
|
||||
],
|
||||
"uuid": "6330d1dc-258f-5631-95e2-66390937cec3",
|
||||
"value": "content creator"
|
||||
},
|
||||
{
|
||||
"description": "",
|
||||
"meta": {
|
||||
"external_id": "A014",
|
||||
"kill_chain": [
|
||||
"sectors:General Public"
|
||||
],
|
||||
"refs": [
|
||||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/actortypes/A014.md"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "7ef86cff-4401-518b-92fc-a0d88c23f280",
|
||||
"type": "affects"
|
||||
}
|
||||
],
|
||||
"uuid": "019e73b3-c4be-5a28-a86b-4eb6d2df1217",
|
||||
"value": "elves"
|
||||
},
|
||||
{
|
||||
"description": "",
|
||||
"meta": {
|
||||
"external_id": "A015",
|
||||
"kill_chain": [
|
||||
"sectors:General Public"
|
||||
],
|
||||
"refs": [
|
||||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/actortypes/A015.md"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "1744386c-0d46-54a8-a5b8-cba1bd7dc369",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "8cfe6ea3-7271-5578-b4f7-8eb3edbe43f5",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "7ef86cff-4401-518b-92fc-a0d88c23f280",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "11380b67-28d8-5034-a79b-fbb6150ad302",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "187285bb-a282-5a6a-833e-01d9744165c4",
|
||||
"type": "detects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "94d622e2-5909-5f88-aaaf-846907cbda1f",
|
||||
"type": "detects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "61aa4bb6-218c-5a10-9f1c-1a494f6871e7",
|
||||
"type": "detects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "7806c5d1-7c44-5ff5-a539-361c3381a67d",
|
||||
"type": "detects"
|
||||
}
|
||||
],
|
||||
"uuid": "f6c98378-65be-5f14-af3e-326909d70d77",
|
||||
"value": "general public"
|
||||
},
|
||||
{
|
||||
"description": "",
|
||||
"meta": {
|
||||
"external_id": "A016",
|
||||
"kill_chain": [
|
||||
"sectors:General Public"
|
||||
],
|
||||
"refs": [
|
||||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/actortypes/A016.md"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "60e783f2-4e22-5495-abdf-cb73e1a5a4c1",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "590350b9-2614-572b-825b-b2498ebf4c17",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "a479d596-6f66-53eb-ae24-d3a67536464f",
|
||||
"type": "affects"
|
||||
}
|
||||
],
|
||||
"uuid": "ebd92d67-1d68-5542-8b48-3cfc939db88a",
|
||||
"value": "influencer"
|
||||
},
|
||||
{
|
||||
"description": "For example the DHS",
|
||||
"meta": {
|
||||
"external_id": "A017",
|
||||
"kill_chain": [
|
||||
"sectors:Government"
|
||||
],
|
||||
"refs": [
|
||||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/actortypes/A017.md"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "c52274ce-09fe-5b50-b2f2-741be794da6e",
|
||||
"type": "affects"
|
||||
}
|
||||
],
|
||||
"uuid": "91c80826-4428-5a58-8e54-337dfee99584",
|
||||
"value": "coordinating body"
|
||||
},
|
||||
{
|
||||
"description": "Government agencies",
|
||||
"meta": {
|
||||
"external_id": "A018",
|
||||
"kill_chain": [
|
||||
"sectors:Government"
|
||||
],
|
||||
"refs": [
|
||||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/actortypes/A018.md"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "27acb21d-afef-52b5-be75-886d2af18067",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "877c29b5-38ae-570a-93b3-9e4e70ec27ef",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "3055e156-f234-5293-9ab2-d9761a620060",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "9133c9a6-500e-537d-aaa8-be8c5da12a93",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "e81b12d2-491b-534a-88bb-221ab2cbf828",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d00320eb-5cc4-52e1-ae09-8b2d79affda2",
|
||||
"type": "affects"
|
||||
}
|
||||
],
|
||||
"uuid": "1975d955-01ff-5cbb-8897-b08a0b235370",
|
||||
"value": "government"
|
||||
},
|
||||
{
|
||||
"description": "",
|
||||
"meta": {
|
||||
"external_id": "A019",
|
||||
"kill_chain": [
|
||||
"sectors:Government"
|
||||
],
|
||||
"refs": [
|
||||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/actortypes/A019.md"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "877c29b5-38ae-570a-93b3-9e4e70ec27ef",
|
||||
"type": "affects"
|
||||
}
|
||||
],
|
||||
"uuid": "091f8344-0956-5d15-83c4-e967579c4391",
|
||||
"value": "military"
|
||||
},
|
||||
{
|
||||
"description": "",
|
||||
"meta": {
|
||||
"external_id": "A020",
|
||||
"kill_chain": [
|
||||
"sectors:Government"
|
||||
],
|
||||
"refs": [
|
||||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/actortypes/A020.md"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "57f70a3c-63a7-5873-a0ce-49a05d5f4eb7",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "27acb21d-afef-52b5-be75-886d2af18067",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "5682293b-d9d8-5db0-90df-4bb4cedc6882",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "14dad601-4ddd-5cfd-a48d-9b53212769ce",
|
||||
"type": "affects"
|
||||
}
|
||||
],
|
||||
"uuid": "53f1e7bd-7aa8-5e02-a0a8-3fd34ee638e1",
|
||||
"value": "policy maker"
|
||||
},
|
||||
{
|
||||
"description": "",
|
||||
"meta": {
|
||||
"external_id": "A021",
|
||||
"kill_chain": [
|
||||
"sectors:Media"
|
||||
],
|
||||
"refs": [
|
||||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/actortypes/A021.md"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "f5764785-ced5-5faa-8e11-e442d2d3f79d",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "c52274ce-09fe-5b50-b2f2-741be794da6e",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "686ccd43-c358-5d5d-bd42-3e2279151670",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "8cfe6ea3-7271-5578-b4f7-8eb3edbe43f5",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "a1441814-0d69-5b19-9dae-64c61d7dfdbd",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "b666fbe1-04de-547c-abc5-27786c948e50",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "5c8fc207-b237-58cc-bedd-024fea386a7a",
|
||||
"type": "affects"
|
||||
}
|
||||
],
|
||||
"uuid": "bdcbbd5d-e282-5c55-a39e-212b10f75200",
|
||||
"value": "media organisation"
|
||||
},
|
||||
{
|
||||
"description": "",
|
||||
"meta": {
|
||||
"external_id": "A022",
|
||||
"kill_chain": [
|
||||
"sectors:Other Company"
|
||||
],
|
||||
"refs": [
|
||||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/actortypes/A022.md"
|
||||
]
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "de0bdbac-82a8-547a-9117-fa660b55b3ea",
|
||||
"value": "company"
|
||||
},
|
||||
{
|
||||
"description": "",
|
||||
"meta": {
|
||||
"external_id": "A023",
|
||||
"kill_chain": [
|
||||
"sectors:Other Tech Company"
|
||||
],
|
||||
"refs": [
|
||||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/actortypes/A023.md"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "4880efa6-1123-5703-9c44-9f0600670dd9",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "bbb8b174-44b6-5f59-bcf0-eab169bc7be1",
|
||||
"type": "affects"
|
||||
}
|
||||
],
|
||||
"uuid": "6edba8b4-fe7a-5be0-84d0-6dee21d2a48e",
|
||||
"value": "adtech provider"
|
||||
},
|
||||
{
|
||||
"description": "",
|
||||
"meta": {
|
||||
"external_id": "A024",
|
||||
"kill_chain": [
|
||||
"sectors:Other Tech Company"
|
||||
],
|
||||
"refs": [
|
||||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/actortypes/A024.md"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "523a0f1c-bb9e-5784-8838-ca7bc389688b",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "e21e17e9-3834-59de-bc31-9e43b73c8973",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "1dc819ef-5eb6-51df-9614-bc9bf8218279",
|
||||
"type": "detects"
|
||||
}
|
||||
],
|
||||
"uuid": "2057de14-930a-5199-8e8e-9969173d36bb",
|
||||
"value": "developer"
|
||||
},
|
||||
{
|
||||
"description": "Funding site admin",
|
||||
"meta": {
|
||||
"external_id": "A025",
|
||||
"kill_chain": [
|
||||
"sectors:Other Tech Company"
|
||||
],
|
||||
"refs": [
|
||||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/actortypes/A025.md"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "5b5c3e04-acf2-50dd-9861-c44bcc8f2cc3",
|
||||
"type": "affects"
|
||||
}
|
||||
],
|
||||
"uuid": "a97e25d4-62cf-5040-8274-1a71104104b2",
|
||||
"value": "funding_site_admin"
|
||||
},
|
||||
{
|
||||
"description": "",
|
||||
"meta": {
|
||||
"external_id": "A026",
|
||||
"kill_chain": [
|
||||
"sectors:Other Tech Company"
|
||||
],
|
||||
"refs": [
|
||||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/actortypes/A026.md"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "523a0f1c-bb9e-5784-8838-ca7bc389688b",
|
||||
"type": "affects"
|
||||
}
|
||||
],
|
||||
"uuid": "6ff00416-5f81-5cc5-a07e-dff63a8a09a5",
|
||||
"value": "games designer"
|
||||
},
|
||||
{
|
||||
"description": "",
|
||||
"meta": {
|
||||
"external_id": "A027",
|
||||
"kill_chain": [
|
||||
"sectors:Other Tech Company"
|
||||
],
|
||||
"refs": [
|
||||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/actortypes/A027.md"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "22e5b817-e45b-5f41-8806-8e0c66f181cc",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "14b886aa-c023-5a84-9605-e4a9cb22e4f4",
|
||||
"type": "affects"
|
||||
}
|
||||
],
|
||||
"uuid": "a0c301a5-5675-5d79-bd8c-2afde063697e",
|
||||
"value": "information security"
|
||||
},
|
||||
{
|
||||
"description": "",
|
||||
"meta": {
|
||||
"external_id": "A028",
|
||||
"kill_chain": [
|
||||
"sectors:Other Tech Company"
|
||||
],
|
||||
"refs": [
|
||||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/actortypes/A028.md"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "5481cc36-5af8-5ddf-bcb7-638d3be3f583",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "dae93cbd-eb65-5fb0-9d4e-4571ff54b6ff",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "e18bd403-00d9-5767-9e5c-b597f623821a",
|
||||
"type": "detects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "f2adbe9e-7c80-504d-adc5-624e04eab4f1",
|
||||
"type": "detects"
|
||||
}
|
||||
],
|
||||
"uuid": "f4dc44c5-e021-524b-9909-678f11a9f10d",
|
||||
"value": "platform administrator"
|
||||
},
|
||||
{
|
||||
"description": "",
|
||||
"meta": {
|
||||
"external_id": "A029",
|
||||
"kill_chain": [
|
||||
"sectors:Other Tech Company"
|
||||
],
|
||||
"refs": [
|
||||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/actortypes/A029.md"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "ae4b53ba-9dd6-53af-a624-d5929944117c",
|
||||
"type": "affects"
|
||||
}
|
||||
],
|
||||
"uuid": "b7db36e3-3dbb-5f91-be61-076996a4c57b",
|
||||
"value": "server admininistrator"
|
||||
},
|
||||
{
|
||||
"description": "",
|
||||
"meta": {
|
||||
"external_id": "A030",
|
||||
"kill_chain": [
|
||||
"sectors:Social Media Company"
|
||||
],
|
||||
"refs": [
|
||||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/actortypes/A030.md"
|
||||
]
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "2a1f51c4-ded0-530d-a54c-5834898d4c47",
|
||||
"value": "platforms"
|
||||
},
|
||||
{
|
||||
"description": "Person with the authority to make changes to algorithms, take down content etc.",
|
||||
"meta": {
|
||||
"external_id": "A031",
|
||||
"kill_chain": [
|
||||
"sectors:Social Media Company"
|
||||
],
|
||||
"refs": [
|
||||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/actortypes/A031.md"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "bb1f5f27-16da-59da-9972-32bb25568d02",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "e23dbc10-0eca-5100-bf14-cf2db9db31b8",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "5481cc36-5af8-5ddf-bcb7-638d3be3f583",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "dae93cbd-eb65-5fb0-9d4e-4571ff54b6ff",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "01b3516b-b8b1-5a56-ae24-5300cceb70f8",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "eaef2d36-c5a8-59b9-9075-c6cdaa060e5d",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "33d7f540-0adb-5ab5-ae09-1c7a20e125b1",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "a64a6568-d047-55b9-a3ab-f77fb3c9ada3",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "e9cf452f-3ebc-5de8-9f21-dde3133c92c0",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "0b0f003a-4bb7-5f1e-8bc6-987c680cba39",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "027421d5-7c11-5c13-aa91-5cf6a01b72ef",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "f3edf130-0096-5a49-a3f1-d97974a70494",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "0acbac2f-7bd4-51d1-aaac-e12cebcddb31",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "49f92a32-bac9-56af-ac97-3b09f23b8fa6",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "dcb94d22-45a2-5433-bc4c-634add96088b",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "b20e5c17-f2dd-5057-9af2-a9586e72de9e",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "2fe43d88-db8f-5156-98fb-4b9db0e5fff3",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "187285bb-a282-5a6a-833e-01d9744165c4",
|
||||
"type": "detects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "94d622e2-5909-5f88-aaaf-846907cbda1f",
|
||||
"type": "detects"
|
||||
}
|
||||
],
|
||||
"uuid": "667967b8-b3f1-55ad-8f8a-8c43c1290e6e",
|
||||
"value": "social media platform adminstrator"
|
||||
},
|
||||
{
|
||||
"description": "",
|
||||
"meta": {
|
||||
"external_id": "A032",
|
||||
"kill_chain": [
|
||||
"sectors:Social Media Company"
|
||||
],
|
||||
"refs": [
|
||||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/actortypes/A032.md"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "c52274ce-09fe-5b50-b2f2-741be794da6e",
|
||||
"type": "affects"
|
||||
}
|
||||
],
|
||||
"uuid": "75f1924e-e711-5d07-8336-865b277c30d0",
|
||||
"value": "social media platform outreach"
|
||||
},
|
||||
{
|
||||
"description": "Person with authority to make changes to a social media company’s business model",
|
||||
"meta": {
|
||||
"external_id": "A033",
|
||||
"kill_chain": [
|
||||
"sectors:Social Media Company"
|
||||
],
|
||||
"refs": [
|
||||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/actortypes/A033.md"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "0aa00b22-361f-5e5b-ac46-901cf6d2dfcc",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "27acb21d-afef-52b5-be75-886d2af18067",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "9133c9a6-500e-537d-aaa8-be8c5da12a93",
|
||||
"type": "affects"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "e81b12d2-491b-534a-88bb-221ab2cbf828",
|
||||
"type": "affects"
|
||||
}
|
||||
],
|
||||
"uuid": "15428e72-df7e-5483-a59c-bf84bb46928f",
|
||||
"value": "social media platform owner"
|
||||
}
|
||||
],
|
||||
"version": 1
|
||||
}
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,34 @@
|
|||
{
|
||||
"authors": [
|
||||
"Various"
|
||||
],
|
||||
"category": "actor",
|
||||
"description": "Description of entities that can be involved in events.",
|
||||
"name": "Entity",
|
||||
"source": "MISP Project",
|
||||
"type": "entity",
|
||||
"uuid": "cd80fe0d-b905-449c-89f5-9a6b0ea09fc3",
|
||||
"values": [
|
||||
{
|
||||
"description": "An individual involved in an event.",
|
||||
"uuid": "e3983732-c670-4ea1-a28e-1f60bb3d74b7",
|
||||
"value": "Individual"
|
||||
},
|
||||
{
|
||||
"description": "A group involved in an event.",
|
||||
"uuid": "d32a81f3-ed96-4bb0-a6b2-37efbeaa8cc0",
|
||||
"value": "Group"
|
||||
},
|
||||
{
|
||||
"description": "A employee involved in an event.",
|
||||
"uuid": "35afacc1-8b9d-41b2-b90e-d2e2b2602aa9",
|
||||
"value": "Employee"
|
||||
},
|
||||
{
|
||||
"description": "A structure involved in an event.",
|
||||
"uuid": "019a12dc-5325-4672-82b2-56558b661fe8",
|
||||
"value": "Structure"
|
||||
}
|
||||
],
|
||||
"version": 1
|
||||
}
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,228 @@
|
|||
{
|
||||
"authors": [
|
||||
"FIRST.org",
|
||||
"Andrey Meshkov (AdGuard)",
|
||||
"Ángel González (INCIBE-CERT)",
|
||||
"Angela Matlapeng (bwCSIRT)",
|
||||
"Benedict Addis (Shadowserver)",
|
||||
"Brett Carr (Nominet)",
|
||||
"Carlos Alvarez (ICANN; founding member)",
|
||||
"David Ruefenacht (Infoguard)",
|
||||
"Gabriel Andrews (FBI)",
|
||||
"John Todd (Quad9; current co-chair of DNS Abuse SIG)",
|
||||
"Jonathan Matkowsky (RiskIQ / Microsoft; former co-chair)",
|
||||
"Jonathan Spring (CISA; current co-chair of DNS Abuse SIG)",
|
||||
"Mark Henderson (IRS)",
|
||||
"Mark Svancarek (Microsoft)",
|
||||
"Merike Kaeo (Double Shot Security)",
|
||||
"Michael Hausding (SWITCH-CERT; former co-chair, current FIRST board member)",
|
||||
"Peter Lowe (DNSFilter; current co-chair of DNS Abuse SIG)",
|
||||
"Shoko Nakai (JPCERT/CC)",
|
||||
"Swapneel Patnekar (Shreshta IT)",
|
||||
"Trey Darley (FIRST board; founding member)"
|
||||
],
|
||||
"category": "first-dns",
|
||||
"description": "The Domain Name System (DNS) is a critical part of the Internet, including mapping domain names to IP addresses. Malicious threat actors use domain names, their corresponding technical resources, and other parts of the DNS infrastructure, including its protocols, for their malicious cyber operations. CERTs are confronted with reported DNS abuse on a continuous basis, and rely heavily on DNS analysis and infrastructure to protect their constituencies. Understanding the international customary norms applicable for detecting and mitigating DNS abuse from the perspective of the global incident response community is critical for the open Internet’s stability, security and resiliency. See also https://www.first.org/global/sigs/dns/ for more information.",
|
||||
"name": "FIRST DNS Abuse Techniques Matrix",
|
||||
"source": "https://www.first.org/global/sigs/dns/",
|
||||
"type": "first-dns",
|
||||
"uuid": "67d44607-ae1d-4b01-a419-c311e68fb28a",
|
||||
"values": [
|
||||
{
|
||||
"description": "DGAs - Domain Generation Algorithm",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://attack.mitre.org/techniques/T1568/002/"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "7bd9c723-2f78-4309-82c5-47cad406572b",
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "bbb63c10-548a-5ddc-8c6d-c5d8712df26d",
|
||||
"value": "DGAs"
|
||||
},
|
||||
{
|
||||
"description": "The wrongfully taking control of a domain name from the rightful name holder. Compromised domains can be used for different kinds of malicious activity like sending spam or phishing, for distributing malware or as botnet command and control.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.icann.org/groups/ssac/documents/sac-007-en"
|
||||
]
|
||||
},
|
||||
"uuid": "1c46402d-ca07-5cd7-a49c-477a4e868d12",
|
||||
"value": "Domain name compromise"
|
||||
},
|
||||
{
|
||||
"description": "Lame delegations occur as a result of expired nameserver domains allowing attackers to take control of the domain resolution by re-registering this expired nameserver domain.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://blog.apnic.net/2021/03/16/the-prevalence-persistence-perils-of-lame-nameservers/"
|
||||
]
|
||||
},
|
||||
"uuid": "8f013ccd-6697-566d-8b83-9cbfdc802342",
|
||||
"value": "Lame delegations"
|
||||
},
|
||||
{
|
||||
"description": "DNS cache poisoning - also known as DNS spoofing, is a type of cyber attack in which an attacker corrupts a DNS resolver's cache by injecting false DNS records, causing the resolver to records controlled by the attacker.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://capec.mitre.org/data/definitions/142.html"
|
||||
]
|
||||
},
|
||||
"uuid": "3b236fe5-83c2-563b-8744-bf11e414a6ad",
|
||||
"value": "DNS cache poisoning"
|
||||
},
|
||||
{
|
||||
"description": "DNS rebinding - a type of attack where a malicious website directs a client to a local network address, allowing the attacker to bypass the same-origin policy and gain access to the victim's local resources.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://capec.mitre.org/data/definitions/275.html"
|
||||
]
|
||||
},
|
||||
"uuid": "8c30074b-e718-5262-86fe-b7a6493cf731",
|
||||
"value": "DNS rebinding"
|
||||
},
|
||||
{
|
||||
"description": "Attacker gains administrative privileges on an open recursive DNS server, authoritative DNS server, organizational recursive DNS server, or ISP-operated recursive DNS server.",
|
||||
"uuid": "094f218e-51fe-5f3b-a202-1cc9b016dedc",
|
||||
"value": "DNS server compromise"
|
||||
},
|
||||
{
|
||||
"description": "The attacker compromises the Operating System of a computer or a phone with malicious code that intercepts and responds to DNS queries with rogue or malicious responses.",
|
||||
"uuid": "9bbd1e65-d11b-5e29-adf2-f0a997c51547",
|
||||
"value": "Stub resolver hijacking"
|
||||
},
|
||||
{
|
||||
"description": "Consumer Premise Equipment (CPE), such as home routers, often provide DNS recursion on the local network. If the CPE device is compromised, the attacker can change the recursive resolver behavior; for example, by changing responses.",
|
||||
"uuid": "ec27edc4-7908-5100-9fc7-4159c283691d",
|
||||
"value": "Local recursive resolver hijacking"
|
||||
},
|
||||
{
|
||||
"description": "Attackers intercept communication between a user and a DNS server and provide different destination IP addresses pointing to malicious sites.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.imperva.com/learn/application-security/dns-hijacking-redirection/"
|
||||
]
|
||||
},
|
||||
"uuid": "dea01e07-c348-56ef-b22f-312a64717431",
|
||||
"value": "On-path DNS attack"
|
||||
},
|
||||
{
|
||||
"description": "Multiple systems sending malicious traffic to a target at the same time.",
|
||||
"uuid": "7cbb69c3-1cf1-5219-97e8-c908cdbedde6",
|
||||
"value": "DoS against the DNS"
|
||||
},
|
||||
{
|
||||
"description": "Adversaries may attempt to cause a denial of service by reflecting a high-volume of network traffic to a target. This type of Network DoS takes advantage of a third-party server intermediary that hosts and will respond to a given spoofed source IP address. This third-party server is commonly termed a reflector. An adversary accomplishes a reflection attack by sending packets to reflectors with the spoofed address of the victim. Two prominent protocols that have enabled Reflection Amplification Floods are DNS and NTP through the use of several others in the wild have been documented. These Reflection and Amplification Floods can be directed against components of the DNS, like authoritative nameservers, rendering them unresponsive.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://attack.mitre.org/techniques/T1498/002/"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "d74c4a7e-ffbf-432f-9365-7ebf1f787cab",
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "735b95e1-bd17-5375-a318-f5bf5ee014e6",
|
||||
"value": "DNS as a vector for DoS"
|
||||
},
|
||||
{
|
||||
"description": "Dynamic DNS resolution (as obfuscation technique) - Adversaries may dynamically establish connections to command and control infrastructure to evade common detections and remediations. This may be achieved by using malware that shares a common algorithm with the infrastructure the adversary uses to receive the malware's communications. These calculations can be used to dynamically adjust parameters such as the domain name IP address or port number the malware uses for command and control.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://attack.mitre.org/techniques/T1568/"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "7bd9c723-2f78-4309-82c5-47cad406572b",
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "3664fb70-5179-5004-828a-1d090b78fa7a",
|
||||
"value": "Dynamic DNS resolution"
|
||||
},
|
||||
{
|
||||
"description": "Dynamic DNS resolution: Fast flux (as obfuscation technique) - Adversaries may use Fast Flux DNS to hide a command and control channel behind an array of rapidly changing IP addresses linked to a single domain resolution. This technique uses a fully qualified domain name with multiple IP addresses assigned to it which are swapped with high frequency using a combination of round robin IP addressing and short Time-To-Live (TTL) for a DNS resource record.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://attack.mitre.org/techniques/T1568/001/"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "29ba5a15-3b7b-4732-b817-65ea8f6468e6",
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "5a99f82a-48c8-5f89-836f-78901e764677",
|
||||
"value": "Dynamic DNS resolution: Fast flux"
|
||||
},
|
||||
{
|
||||
"description": "Exfiltration via the DNS requires a delegated domain or, if the domain does not exist in the public DNS, the operation of a resolver preloaded with that domain's zone file information and configured to receive and respond to the queries sent by the compromised devices.",
|
||||
"uuid": "9e98500e-4a22-578a-9839-69c169079a68",
|
||||
"value": "Infiltration and exfiltration via the DNS"
|
||||
},
|
||||
{
|
||||
"description": "For example, before attacking a victim, adversaries purchase or register domains from an ICANN-accredited registrar that can be used during targeting. See also CAPEC-630.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://capec.mitre.org/data/definitions/630.html"
|
||||
]
|
||||
},
|
||||
"uuid": "a53e05a5-0931-5975-b16a-2434a0f2356a",
|
||||
"value": "Malicious registration of (effective) second level domains"
|
||||
},
|
||||
{
|
||||
"description": "Before attacking a victim, adversaries purchase or create domains from an entity other than a registrar or registry that provides subdomains under domains they own and control. S",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://en.wikipedia.org/wiki/Dynamic_DNS"
|
||||
]
|
||||
},
|
||||
"uuid": "ed6477e2-426f-5c55-a740-0b6ba4547b77",
|
||||
"value": "Creation of malicious subdomains under dynamic DNS providers"
|
||||
},
|
||||
{
|
||||
"description": " - Internet attack infrastructure is a broad category, and this covers any non-DNS server. Many compromised servers, such as web servers or mail servers, interact with the DNS or may be instrumental in conducting DNS abuse. For example, compromised mail servers are one technique that may be used to send phishing emails.",
|
||||
"uuid": "e4115a11-6975-57f9-aa27-89351e18a402",
|
||||
"value": "Compromise of a non-DNS server to conduct abuse"
|
||||
},
|
||||
{
|
||||
"description": "In a context where a domain name is expected (such as the From header in mail or a URL in a web page or message body), supplying a domain name not controlled by the attacker and that is not controlled by or registered to a legitimate registrant.",
|
||||
"uuid": "bc197790-2b89-56e7-b019-871bdc36323a",
|
||||
"value": "Spoofing or otherwise using unregistered domain names"
|
||||
},
|
||||
{
|
||||
"description": "In a context where a domain name is expected (such as the From header in mail or a URL in a web page or message body), supplying a domain name not controlled by the attacker and that is in fact controlled by or registered to a legitimate registrant.",
|
||||
"uuid": "88d804bc-f3e0-5b33-9c07-d05dfb1806df",
|
||||
"value": "Spoofing of a registered domain"
|
||||
},
|
||||
{
|
||||
"description": "DNS tunneling - tunneling another protocol over DNS - The DNS protocol serves an administrative function in computer networking and thus may be very common in environments. DNS traffic may also be allowed even before network authentication is completed. DNS packets contain many fields and headers in which data can be concealed. Often known as DNS tunneling, adversaries may abuse DNS to communicate with systems under their control within a victim network while also mimicking normal expected traffic.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://attack.mitre.org/techniques/T1071/004/"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72",
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "b1b60f03-a603-506f-870b-7ea4da0cbeaa",
|
||||
"value": "DNS tunneling"
|
||||
},
|
||||
{
|
||||
"description": "DNS beacons - C2 communication - Successive or periodic DNS queries to a command & control server, either to exfiltrate data or await further commands from the C2.",
|
||||
"uuid": "23f785fa-902f-563a-959f-67d2053cb25a",
|
||||
"value": "DNS beacons - C2 communication"
|
||||
}
|
||||
],
|
||||
"version": 2
|
||||
}
|
|
@ -0,0 +1,276 @@
|
|||
{
|
||||
"authors": [
|
||||
"Agathe MANGEOT",
|
||||
"Cyril BURTIN "
|
||||
],
|
||||
"category": "med-bdm-it",
|
||||
"description": "Liste des maladies invalidantes reconnues comme handicap",
|
||||
"name": "Handicap",
|
||||
"source": "MDPH /caf",
|
||||
"type": "handicap",
|
||||
"uuid": "84310ba3-fa6a-44aa-b378-b9e3271c7777",
|
||||
"values": [
|
||||
{
|
||||
"meta": {
|
||||
"Aménagement(prothèse, orthèse, pompe à insuline,...)": "possible",
|
||||
"Nom": "Accident vasculaire cérébral invalidant",
|
||||
"Type d'affection": "affection de longue durée"
|
||||
},
|
||||
"uuid": "edbfa998-9ec8-418c-b1c1-3007fd244e16",
|
||||
"value": "Accident vasculaire cérébral invalidant"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"Aménagement(prothèse, orthèse, pompe à insuline,...)": "possible",
|
||||
"Nom": "Insuffisances médullaires et autres cytopénies chroniques",
|
||||
"Type d'affection": "affection de longue durée"
|
||||
},
|
||||
"uuid": "f666a569-c2a9-42d5-beaa-b8787be0acb5",
|
||||
"value": "Insuffisances médullaire"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"Aménagement(prothèse, orthèse, pompe à insuline,...)": "possible",
|
||||
"Nom": "Artériopathies chroniques avec manisfestations ischémiques",
|
||||
"Type d'affection": "affection de longue durée"
|
||||
},
|
||||
"uuid": "d2e8b63b-df68-4006-98bf-9953cdf276b1",
|
||||
"value": "Artériopathies chroniques"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"Aménagement(prothèse, orthèse, pompe à insuline,...)": "non",
|
||||
"Nom": " Bilharziose compliquée",
|
||||
"Type d'affection": "affection de longue durée"
|
||||
},
|
||||
"uuid": "1910135a-a28f-4c21-a07a-83ca25ce40e1",
|
||||
"value": "Bilharziose compliquée"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"Aménagement(prothèse, orthèse, pompe à insuline,...)": "oui",
|
||||
"Nom": "Insuffisances cardiaque grave, troubles du rythme graves, cardiopathies valvulaires graves, cardiopathies congénitales graves",
|
||||
"Type d'affection": "affection de longue durée"
|
||||
},
|
||||
"uuid": "f5f29cfd-a890-417a-b0ab-b256524db0ae",
|
||||
"value": "Insuffisances cardiaque"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"Aménagement(prothèse, orthèse, pompe à insuline,...)": "possible",
|
||||
"Nom": "Maladies chroniques actives du foie (hépatite B ou C) et cirrhoses",
|
||||
"Type d'affection": "affection de longue durée"
|
||||
},
|
||||
"uuid": "14bfd714-804a-414a-badb-9ea326de62d2",
|
||||
"value": "Hépatite B ou C"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"Aménagement(prothèse, orthèse, pompe à insuline,...)": "possible",
|
||||
"Nom": "Déficit immunitaire primitif grave nécessitant un traitement prolongé, infection par le virus de l'immuno-déficience humaine (VIH)",
|
||||
"Type d'affection": "affection de longue durée"
|
||||
},
|
||||
"uuid": "a988a347-c1db-4d17-a221-ce997dbaf67b",
|
||||
"value": "Déficit immunitaire primitif grave"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"Aménagement(prothèse, orthèse, pompe à insuline,...)": "oui",
|
||||
"Nom": "Diabète de type 1 et diabète de type 2 et d l'adulte ou de l'enfant",
|
||||
"Type d'affection": "affection de longue durée"
|
||||
},
|
||||
"uuid": "34ace033-af1e-4d3d-9cd9-5f12b555a32e",
|
||||
"value": "Diabète"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"Aménagement(prothèse, orthèse, pompe à insuline,...)": "oui",
|
||||
"Nom": "Formes graves des affections neurologiques et musculaires(dont myopathie), epilepsie grave",
|
||||
"Type d'affection": "affection de longue durée "
|
||||
},
|
||||
"uuid": "ce6ebe05-893a-4d0a-a366-4bee63fc6ca5",
|
||||
"value": "Affections neurologiques et musculaire"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"Aménagement(prothèse, orthèse, pompe à insuline,...)": "oui",
|
||||
"Nom": "Hemoglopathies, hémolyses, chroniques constitutionelles et acquises sévères",
|
||||
"Type d'affection": "affection de longue durée"
|
||||
},
|
||||
"uuid": "0cd69cd5-3d56-475d-b188-22acc887249e",
|
||||
"value": "Hemoglopathies, hémolyses"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"Aménagement(prothèse, orthèse, pompe à insuline,...)": "possible",
|
||||
"Nom": "Hémophilies et affections constitutionnelles de l'hémostase graves",
|
||||
"Type d'affection": "affection de ongue durée"
|
||||
},
|
||||
"uuid": "4ee033ec-26cb-4315-a80a-f98f3de478b8",
|
||||
"value": "Hémophilies"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"Aménagement(prothèse, orthèse, pompe à insuline,...)": "non",
|
||||
"Nom": "Maladie coronaire : infarctus du myocarde",
|
||||
"Type d'affection": "affection de longue durée"
|
||||
},
|
||||
"uuid": "9db8ea00-37ce-4c0d-a902-f36124087231",
|
||||
"value": "Infarctus du myocarde"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"Aménagement(prothèse, orthèse, pompe à insuline,...)": "oui",
|
||||
"Nom": "Insuffisance respiratoire chronique grave(exemple: asthme grave)",
|
||||
"Type d'affection": "Affection de longue durée"
|
||||
},
|
||||
"uuid": "8de7bdba-cf58-494e-b596-b66fda2b22ae",
|
||||
"value": "Insuffisance respiratoire"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"Aménagement(prothèse, orthèse, pompe à insuline,...)": "non",
|
||||
"Nom": "Maladie d'Alzheimer et autres démences",
|
||||
"Type d'affection": "affection de longue durée"
|
||||
},
|
||||
"uuid": "80ce126d-692c-45f0-ba06-fded443b93fb",
|
||||
"value": "Maladie d'Alzheimer et autres démences"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"Aménagement(prothèse, orthèse, pompe à insuline,...)": "non",
|
||||
"Nom": "Maladies de Parkinson",
|
||||
"Type d'affection": "Maladie dégénérative"
|
||||
},
|
||||
"uuid": "5a2783cb-53e4-451a-9487-e558894bcd13",
|
||||
"value": "Parkinson"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"Aménagement(prothèse, orthèse, pompe à insuline,...)": "possible",
|
||||
"Nom": "Maladie métabolique héréditaire nécessitant un traitement prolongé spécialisé",
|
||||
"Type d'affection": "affection de longue durée"
|
||||
},
|
||||
"uuid": "d1a3b820-0d25-4e5a-9f3a-1471b06856c3",
|
||||
"value": "Maladies métabolque héréditaire"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"Aménagement(prothèse, orthèse, pompe à insuline,...)": "possible",
|
||||
"Nom": "Mucovicidose",
|
||||
"Type d'affection": "Maladie dégénérative"
|
||||
},
|
||||
"uuid": "54c9d607-f434-416b-acfa-07609fefe8db",
|
||||
"value": "Mucovisidose"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"Aménagement(prothèse, orthèse, pompe à insuline,...)": "possible",
|
||||
"Nom": "Néphropatie chronique grave et syndrome néphrotique primitif(insufficance rénale) ",
|
||||
"Type d'affection": "Affection de longue durée"
|
||||
},
|
||||
"uuid": "c5070703-8c73-49b7-a8b7-a8b0e8ee53a6",
|
||||
"value": "Néphropatie"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"Aménagement(prothèse, orthèse, pompe à insuline,...)": "oui",
|
||||
"Nom": "Paraplégie",
|
||||
"Type d'affection": "Affection de longue durée"
|
||||
},
|
||||
"uuid": "9851ce51-b95f-41bf-8e22-2c83751c78ad",
|
||||
"value": "Paraplégie"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"Aménagement(prothèse, orthèse, pompe à insuline,...)": "possible",
|
||||
"Nom": "Vascularites, lupus érythémateux systémique, sclérodermie systémique",
|
||||
"Type d'affection": "Affection de longue durée"
|
||||
},
|
||||
"uuid": "6ff9e37c-04dd-4d9c-ac23-fe23ad9ef581",
|
||||
"value": "Vascularites"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"Aménagement(prothèse, orthèse, pompe à insuline,...)": "possible",
|
||||
"Nom": "Polyarthrite rhumathoïde évolutive",
|
||||
"Type d'affection": "Affection évolutive "
|
||||
},
|
||||
"uuid": "6bacef11-be44-42d2-a653-ac5df3aa46ac",
|
||||
"value": "Polyarthrite"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"Aménagement(prothèse, orthèse, pompe à insuline,...)": "possible",
|
||||
"Nom": "Affections psychiatrique de longue durée (exemple: dépression récurrente, troubles bipolaires)",
|
||||
"Type d'affection": "Affection de longue durée"
|
||||
},
|
||||
"uuid": "fbe1be61-bf2b-4547-9c3e-24f9e113537a",
|
||||
"value": "Affection Psychiatrique"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"Aménagement(prothèse, orthèse, pompe à insuline,...)": "possible",
|
||||
"Nom": "Rectolite hémorragique et maladie de Crohn évolutives",
|
||||
"Type d'affection": "Maladie évolutive"
|
||||
},
|
||||
"uuid": "fbb79ba0-08f2-40f4-b562-863edd5b3137",
|
||||
"value": "Rectolite"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"Aménagement(prothèse, orthèse, pompe à insuline,...)": "possible",
|
||||
"Nom": "Sclérose en plaques",
|
||||
"Type d'affection": "Maladie dégénérative"
|
||||
},
|
||||
"uuid": "fbb79ba0-08f2-40f4-b562-861edd5b3135",
|
||||
"value": "Sclérose en plaque"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"Aménagement(prothèse, orthèse, pompe à insuline,...)": "possible",
|
||||
"Nom": "Scoliose idiopathique structurale évolutive",
|
||||
"Type d'affection": "Maladie évolutive "
|
||||
},
|
||||
"uuid": "0a97945d-4fc7-4a09-bb73-760891adea52",
|
||||
"value": "Scoliose idiopathique"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"Aménagement(prothèse, orthèse, pompe à insuline,...)": "possible",
|
||||
"Nom": "Spondylarthrite grave",
|
||||
"Type d'affection": "Maladie évolutive"
|
||||
},
|
||||
"uuid": "7958ba36-084f-4c60-9b5c-1ece7c839734",
|
||||
"value": "Spondylarthrite"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"Aménagement(prothèse, orthèse, pompe à insuline,...)": "possible",
|
||||
"Nom": "Suite de transplantation d'organe",
|
||||
"Type d'affection": "Affection de longue durée"
|
||||
},
|
||||
"uuid": "29fd13a3-4d8b-4e9f-8253-374f8ac07b9c",
|
||||
"value": "Transplantation d'organe"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"Aménagement(prothèse, orthèse, pompe à insuline,...)": "possible",
|
||||
"Nom": "Tuberculose active, lèpre",
|
||||
"Type d'affection": "Affection de longue durée"
|
||||
},
|
||||
"uuid": "211a6aab-415f-4e9d-ad9b-199aca6bd33d",
|
||||
"value": "Tuberculose/lèpre"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"Aménagement(prothèse, orthèse, pompe à insuline,...)": "possible",
|
||||
"Nom": "Tumeur maligne(cancer), affection maligne du tissu lymphatique ou hématopoïétique(exemple: lymphome)",
|
||||
"Type d'affection": "Affection de longue durée"
|
||||
},
|
||||
"uuid": "9eb1eacc-3996-4c8b-ad4e-8a4e168c415e",
|
||||
"value": "Tumeur maligne"
|
||||
}
|
||||
],
|
||||
"version": 2
|
||||
}
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
34264
clusters/malpedia.json
34264
clusters/malpedia.json
File diff suppressed because one or more lines are too long
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,771 @@
|
|||
{
|
||||
"authors": [
|
||||
"MITRE"
|
||||
],
|
||||
"category": "course-of-action",
|
||||
"description": "MITRE ATLAS Mitigation - Adversarial Threat Landscape for Artificial-Intelligence Systems",
|
||||
"name": "MITRE ATLAS Course of Action",
|
||||
"source": "https://github.com/mitre-atlas/atlas-navigator-data",
|
||||
"type": "mitre-atlas-course-of-action",
|
||||
"uuid": "951d5a45-43c2-422b-90af-059014f15714",
|
||||
"values": [
|
||||
{
|
||||
"description": "Limit the public release of technical information about the machine learning stack used in an organization's products or services. Technical knowledge of how machine learning is used can be leveraged by adversaries to perform targeting and tailor attacks to the target system. Additionally, consider limiting the release of organizational information - including physical locations, researcher names, and department structures - from which technical details such as machine learning techniques, model architectures, or datasets may be inferred.\n",
|
||||
"meta": {
|
||||
"external_id": "AML.M0000",
|
||||
"refs": [
|
||||
"https://atlas.mitre.org/mitigations/AML.M0000"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "65d21e6b-7abe-4623-8f5c-88011cb362cb",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "8c26f51a-c403-4c4d-852a-a1c56fe9e7cd",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "aa17fe8d-62f8-4c4c-b7a2-6858c82dd84b",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "b23cda85-3457-406d-b043-24d2cf9e6fcf",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "40076545-e797-4508-a294-943096a12111",
|
||||
"value": "Limit Release of Public Information"
|
||||
},
|
||||
{
|
||||
"description": "Limit public release of technical project details including data, algorithms, model architectures, and model checkpoints that are used in production, or that are representative of those used in production.\n",
|
||||
"meta": {
|
||||
"external_id": "AML.M0001",
|
||||
"refs": [
|
||||
"https://atlas.mitre.org/mitigations/AML.M0001"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "0ec538ca-589b-4e42-bcaa-06097a0d679f",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "a3baff3d-7228-4ab7-ae00-ffe150e7ef8a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "c086784e-1494-4f75-a4a0-d3ad054b9428",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "79c75215-ada9-4c22-bfed-7d13fb6e966e",
|
||||
"value": "Limit Model Artifact Release"
|
||||
},
|
||||
{
|
||||
"description": "Decreasing the fidelity of model outputs provided to the end user can reduce an adversaries ability to extract information about the model and optimize attacks for the model.\n",
|
||||
"meta": {
|
||||
"external_id": "AML.M0002",
|
||||
"refs": [
|
||||
"https://atlas.mitre.org/mitigations/AML.M0002"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "86b5f486-afb8-4aa9-991f-0e24d5737f0c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "943303ef-846b-49d6-b53f-b0b9341ac1ca",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "c4e52005-7416-45c4-9feb-8cd5fd34f70a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "c552f0b5-2e2c-4f8f-badc-0876ecca7255",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "e19c6f8a-f1e2-46cc-9387-03a3092f01ed",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "f78e0ac3-6d72-42ed-b20a-e10d8c752cf6",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "9f92e876-e2c0-4def-afee-626a4a79c524",
|
||||
"value": "Passive ML Output Obfuscation"
|
||||
},
|
||||
{
|
||||
"description": "Use techniques to make machine learning models robust to adversarial inputs such as adversarial training or network distillation.\n",
|
||||
"meta": {
|
||||
"external_id": "AML.M0003",
|
||||
"refs": [
|
||||
"https://atlas.mitre.org/mitigations/AML.M0003"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "071df654-813a-4708-85dc-f715f785d37f",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "8735735d-c09d-4298-8e64-9a2b6168a74c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "216f862c-7f34-4676-a913-c4ec6cc4c2cd",
|
||||
"value": "Model Hardening"
|
||||
},
|
||||
{
|
||||
"description": "Limit the total number and rate of queries a user can perform.\n",
|
||||
"meta": {
|
||||
"external_id": "AML.M0004",
|
||||
"refs": [
|
||||
"https://atlas.mitre.org/mitigations/AML.M0004"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "6c1fca80-3ba9-41c9-8f7b-9824310a94f1",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "86b5f486-afb8-4aa9-991f-0e24d5737f0c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "8f644f37-e2e6-468e-b720-f395b8c27fbc",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "943303ef-846b-49d6-b53f-b0b9341ac1ca",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "ae71ca3a-8ca4-40d2-bdba-4276b29ac8f9",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "b07d147f-51c8-4eb6-9a05-09c86762a9c1",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "c4e52005-7416-45c4-9feb-8cd5fd34f70a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "c552f0b5-2e2c-4f8f-badc-0876ecca7255",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "e19c6f8a-f1e2-46cc-9387-03a3092f01ed",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "f78e0ac3-6d72-42ed-b20a-e10d8c752cf6",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "46b3e92d-600b-47c9-80f5-ed62a5db0377",
|
||||
"value": "Restrict Number of ML Model Queries"
|
||||
},
|
||||
{
|
||||
"description": "Establish access controls on internal model registries and limit internal access to production models. Limit access to training data only to approved users.\n",
|
||||
"meta": {
|
||||
"external_id": "AML.M0005",
|
||||
"refs": [
|
||||
"https://atlas.mitre.org/mitigations/AML.M0005"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "0ec538ca-589b-4e42-bcaa-06097a0d679f",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "2680aa95-5620-4677-9c62-b0c3d15d9450",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "452b8fdf-8679-4013-bb38-4d16f65430bc",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "8d644240-ad99-4410-a7f8-3ef8f53a463e",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "a50f02df-1130-4945-94bb-7857952da585",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d1f013a8-11f3-4560-831c-8ed5e39247c9",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "e0eb2b64-aebd-4412-80f3-b71d7805a65f",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "0025dadf-7900-497f-aa03-39f0e319f20e",
|
||||
"value": "Control Access to ML Models and Data at Rest"
|
||||
},
|
||||
{
|
||||
"description": "Use an ensemble of models for inference to increase robustness to adversarial inputs. Some attacks may effectively evade one model or model family but be ineffective against others.\n",
|
||||
"meta": {
|
||||
"external_id": "AML.M0006",
|
||||
"refs": [
|
||||
"https://atlas.mitre.org/mitigations/AML.M0006"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "071df654-813a-4708-85dc-f715f785d37f",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "452b8fdf-8679-4013-bb38-4d16f65430bc",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "8735735d-c09d-4298-8e64-9a2b6168a74c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "c552f0b5-2e2c-4f8f-badc-0876ecca7255",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d8292a1c-21e7-4b45-b110-0e05feb30a9a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "dcb586a2-1135-4e2a-97bd-d4adbc79758b",
|
||||
"value": "Use Ensemble Methods"
|
||||
},
|
||||
{
|
||||
"description": "Detect and remove or remediate poisoned training data. Training data should be sanitized prior to model training and recurrently for an active learning model.\n\nImplement a filter to limit ingested training data. Establish a content policy that would remove unwanted content such as certain explicit or offensive language from being used.\n",
|
||||
"meta": {
|
||||
"external_id": "AML.M0007",
|
||||
"refs": [
|
||||
"https://atlas.mitre.org/mitigations/AML.M0007"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "0ec538ca-589b-4e42-bcaa-06097a0d679f",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "8d644240-ad99-4410-a7f8-3ef8f53a463e",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "e0eb2b64-aebd-4412-80f3-b71d7805a65f",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "9395d240-cc32-452a-911b-04feea01bcfb",
|
||||
"value": "Sanitize Training Data"
|
||||
},
|
||||
{
|
||||
"description": "Validate that machine learning models perform as intended by testing for backdoor triggers or adversarial bias.\nMonitor model for concept drift and training data drift, which may indicate data tampering and poisoning.\n",
|
||||
"meta": {
|
||||
"external_id": "AML.M0008",
|
||||
"refs": [
|
||||
"https://atlas.mitre.org/mitigations/AML.M0008"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "452b8fdf-8679-4013-bb38-4d16f65430bc",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "a50f02df-1130-4945-94bb-7857952da585",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "e0eb2b64-aebd-4412-80f3-b71d7805a65f",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "01c2ec0a-e257-4a75-9e59-f71aa6362b6e",
|
||||
"value": "Validate ML Model"
|
||||
},
|
||||
{
|
||||
"description": "Incorporate multiple sensors to integrate varying perspectives and modalities to avoid a single point of failure susceptible to physical attacks.\n",
|
||||
"meta": {
|
||||
"external_id": "AML.M0009",
|
||||
"refs": [
|
||||
"https://atlas.mitre.org/mitigations/AML.M0009"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "071df654-813a-4708-85dc-f715f785d37f",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "4d5c6974-0307-4535-bf37-7bb4c6a2ef47",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "1bb9d9a7-c05a-470f-a709-64bd240e2eb0",
|
||||
"value": "Use Multi-Modal Sensors"
|
||||
},
|
||||
{
|
||||
"description": "Preprocess all inference data to nullify or reverse potential adversarial perturbations.\n",
|
||||
"meta": {
|
||||
"external_id": "AML.M0010",
|
||||
"refs": [
|
||||
"https://atlas.mitre.org/mitigations/AML.M0010"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "071df654-813a-4708-85dc-f715f785d37f",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "8735735d-c09d-4298-8e64-9a2b6168a74c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "c4e52005-7416-45c4-9feb-8cd5fd34f70a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "73a34f24-1ad1-4421-b9c8-c2cbd13e6f47",
|
||||
"value": "Input Restoration"
|
||||
},
|
||||
{
|
||||
"description": "Prevent abuse of library loading mechanisms in the operating system and software to load untrusted code by configuring appropriate library loading mechanisms and investigating potential vulnerable software.\n\nFile formats such as pickle files that are commonly used to store machine learning models can contain exploits that allow for loading of malicious libraries.\n",
|
||||
"meta": {
|
||||
"external_id": "AML.M0011",
|
||||
"refs": [
|
||||
"https://atlas.mitre.org/mitigations/AML.M0011"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "be6ef5c5-1ecb-486d-9743-42085bd2c256",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "179e00cb-0948-4282-9132-f8a1f0ff6bd7",
|
||||
"value": "Restrict Library Loading"
|
||||
},
|
||||
{
|
||||
"description": "Encrypt sensitive data such as ML models to protect against adversaries attempting to access sensitive data.\n",
|
||||
"meta": {
|
||||
"external_id": "AML.M0012",
|
||||
"refs": [
|
||||
"https://atlas.mitre.org/mitigations/AML.M0012"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "6a88dccb-fb37-4f11-a5ad-42908aaee1d0",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d1f013a8-11f3-4560-831c-8ed5e39247c9",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "e2ebc190-9ff6-496e-afeb-ac868df2361e",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "aad92d43-774b-4612-8437-8d6c7ee7e4af",
|
||||
"value": "Encrypt Sensitive Information"
|
||||
},
|
||||
{
|
||||
"description": "Enforce binary and application integrity with digital signature verification to prevent untrusted code from executing. Adversaries can embed malicious code in ML software or models. Enforcement of code signing can prevent the compromise of the machine learning supply chain and prevent execution of malicious code.\n",
|
||||
"meta": {
|
||||
"external_id": "AML.M0013",
|
||||
"refs": [
|
||||
"https://atlas.mitre.org/mitigations/AML.M0013"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "452b8fdf-8679-4013-bb38-4d16f65430bc",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "be6ef5c5-1ecb-486d-9743-42085bd2c256",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d8292a1c-21e7-4b45-b110-0e05feb30a9a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "88073b07-2fe9-41cb-8e76-6e244fbabc74",
|
||||
"value": "Code Signing"
|
||||
},
|
||||
{
|
||||
"description": "Verify the cryptographic checksum of all machine learning artifacts to verify that the file was not modified by an attacker.\n",
|
||||
"meta": {
|
||||
"external_id": "AML.M0014",
|
||||
"refs": [
|
||||
"https://atlas.mitre.org/mitigations/AML.M0014"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "be6ef5c5-1ecb-486d-9743-42085bd2c256",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d2cf31e0-a550-4fe0-8fdb-8941b3ac00d9",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "f4fc2abd-71a4-401a-a742-18fc5aeb4bc3",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "cdccb3ab-2dde-41a9-a988-783a25b7bd00",
|
||||
"value": "Verify ML Artifacts"
|
||||
},
|
||||
{
|
||||
"description": "Detect and block adversarial inputs or atypical queries that deviate from known benign behavior, exhibit behavior patterns observed in previous attacks or that come from potentially malicious IPs.\nIncorporate adversarial detection algorithms into the ML system prior to the ML model.\n",
|
||||
"meta": {
|
||||
"external_id": "AML.M0015",
|
||||
"refs": [
|
||||
"https://atlas.mitre.org/mitigations/AML.M0015"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "071df654-813a-4708-85dc-f715f785d37f",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "8735735d-c09d-4298-8e64-9a2b6168a74c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "8f644f37-e2e6-468e-b720-f395b8c27fbc",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "c4e52005-7416-45c4-9feb-8cd5fd34f70a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "0ed2ef71-cdc9-4eef-8432-1c3dadbdda20",
|
||||
"value": "Adversarial Input Detection"
|
||||
},
|
||||
{
|
||||
"description": "Vulnerability scanning is used to find potentially exploitable software vulnerabilities to remediate them.\n\nFile formats such as pickle files that are commonly used to store machine learning models can contain exploits that allow for arbitrary code execution.\nBoth model artifacts and downstream products produced by models should be scanned for known vulnerabilities.\n",
|
||||
"meta": {
|
||||
"external_id": "AML.M0016",
|
||||
"refs": [
|
||||
"https://atlas.mitre.org/mitigations/AML.M0016"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "be6ef5c5-1ecb-486d-9743-42085bd2c256",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "c704a49c-abf0-4258-9919-a862b1865469",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "79752061-aac1-4ed9-b7f3-3b4dc5e81280",
|
||||
"value": "Vulnerability Scanning"
|
||||
},
|
||||
{
|
||||
"description": "Deploying ML models to edge devices can increase the attack surface of the system.\nConsider serving models in the cloud to reduce the level of access the adversary has to the model.\nAlso consider computing features in the cloud to prevent gray-box attacks, where an adversary has access to the model preprocessing methods.\n",
|
||||
"meta": {
|
||||
"external_id": "AML.M0017",
|
||||
"refs": [
|
||||
"https://atlas.mitre.org/mitigations/AML.M0017"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "3de90963-bc9f-4ae1-b780-7d05e46eacdd",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "452b8fdf-8679-4013-bb38-4d16f65430bc",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "ab01ba21-1438-4cd9-a588-92eb271086bc",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "432c3a44-3974-4b73-9eb9-fa5dd5298e47",
|
||||
"value": "Model Distribution Methods"
|
||||
},
|
||||
{
|
||||
"description": "Educate ML model developers on secure coding practices and ML vulnerabilities.\n",
|
||||
"meta": {
|
||||
"external_id": "AML.M0018",
|
||||
"refs": [
|
||||
"https://atlas.mitre.org/mitigations/AML.M0018"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "8c849dd4-5d15-45aa-b5b2-59c96a3ab939",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "be6ef5c5-1ecb-486d-9743-42085bd2c256",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "cce983e7-13a2-4545-8c39-ec6c8dff148d",
|
||||
"value": "User Training"
|
||||
},
|
||||
{
|
||||
"description": "Require users to verify their identities before accessing a production model.\nRequire authentication for API endpoints and monitor production model queries to ensure compliance with usage policies and to prevent model misuse.\n",
|
||||
"meta": {
|
||||
"external_id": "AML.M0019",
|
||||
"refs": [
|
||||
"https://atlas.mitre.org/mitigations/AML.M0019"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "90a420d4-3f03-4800-86c0-223c4376804a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "b07d147f-51c8-4eb6-9a05-09c86762a9c1",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "7b00dd51-f719-433d-afd6-3d386f64386d",
|
||||
"value": "Control Access to ML Models and Data in Production"
|
||||
}
|
||||
],
|
||||
"version": 12
|
||||
}
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
@ -1215,13 +1215,6 @@
|
|||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "f26144c5-8593-4e78-831a-11f6452d809b",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "f047ee18-7985-4946-8bfb-4ed754d3a0dd",
|
||||
"tags": [
|
||||
|
@ -1414,13 +1407,6 @@
|
|||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "f26144c5-8593-4e78-831a-11f6452d809b",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "fb261c56-b80e-43a9-8351-c84081e7213d",
|
||||
"tags": [
|
||||
|
|
|
@ -108,7 +108,7 @@
|
|||
"User Execution https://collaborate.mitre.org/attackics/index.php/Technique/T863",
|
||||
"Valid Accounts https://collaborate.mitre.org/attackics/index.php/Technique/T859"
|
||||
],
|
||||
"refss": [
|
||||
"refs": [
|
||||
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r2.pdf"
|
||||
]
|
||||
},
|
||||
|
@ -167,7 +167,7 @@
|
|||
"Utilize/Change Operating Mode https://collaborate.mitre.org/attackics/index.php/Technique/T858",
|
||||
"Valid Accounts https://collaborate.mitre.org/attackics/index.php/Technique/T859"
|
||||
],
|
||||
"refss": [
|
||||
"refs": [
|
||||
"https://ics-cert.us-cert.gov/Secure-Architecture-Design-Definitions",
|
||||
"http://isa99.isa.org/ISA99%20Wiki/WP-2-1.aspx",
|
||||
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r2.pdf"
|
||||
|
@ -216,7 +216,7 @@
|
|||
"User Execution https://collaborate.mitre.org/attackics/index.php/Technique/T863",
|
||||
"Valid Accounts https://collaborate.mitre.org/attackics/index.php/Technique/T859"
|
||||
],
|
||||
"refss": [
|
||||
"refs": [
|
||||
"https://ics-cert.us-cert.gov/Secure-Architecture-Design-Definitions",
|
||||
"http://isa99.isa.org/ISA99%20Wiki/WP-2-1.aspx"
|
||||
]
|
||||
|
@ -238,7 +238,7 @@
|
|||
"System Firmware https://collaborate.mitre.org/attackics/index.php/Technique/T857",
|
||||
"Valid Accounts https://collaborate.mitre.org/attackics/index.php/Technique/T859"
|
||||
],
|
||||
"refss": [
|
||||
"refs": [
|
||||
"https://ics-cert.us-cert.gov/Secure-Architecture-Design-Definitions"
|
||||
]
|
||||
},
|
||||
|
@ -274,7 +274,7 @@
|
|||
"Utilize/Change Operating Mode https://collaborate.mitre.org/attackics/index.php/Technique/T858",
|
||||
"Valid Accounts https://collaborate.mitre.org/attackics/index.php/Technique/T859 "
|
||||
],
|
||||
"refss": [
|
||||
"refs": [
|
||||
"http://sache.org/beacon/files/2009/07/en/read/2009-07-Beacon-s.pdf",
|
||||
"http://www.gegridsolutions.com/multilin/notes/artsci/artsci.pdf"
|
||||
]
|
||||
|
|
|
@ -29,6 +29,15 @@
|
|||
"https://www.eisac.com/public-news-detail?id=115909"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "a9000eaf-2b75-4ec7-8dcf-fe1bb5c77470",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "fd28d200-2f1f-464a-af1f-fcadac7640a1",
|
||||
"value": "ALLANITE"
|
||||
},
|
||||
|
@ -54,6 +63,15 @@
|
|||
"https://www.symantec.com/security-center/writeup/2017-030708-4403-99"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "4f69ec6d-cb6b-42af-b8e2-920a2aa4be10",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "8f6f8a49-8a22-4494-a4c0-5a341444339a",
|
||||
"value": "APT33"
|
||||
},
|
||||
|
@ -162,6 +180,15 @@
|
|||
"https://www.symantec.com/connect/blogs/wannacry-ransomware-attacks-show-strong-links-lazarus-group"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "68391641-859f-4a9a-9a1e-3e5cf71ec376",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "3bbf3f0f-346d-49ad-9300-3bb0f23c83ef",
|
||||
"value": "Lazarus group"
|
||||
},
|
||||
|
@ -205,6 +232,15 @@
|
|||
"https://www.cyberviser.com/2018/05/group-linked-to-shamoon-attacks-targeting-ics-networks-in-middle-east-and-uk/"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "42be2a84-5a5c-4c6d-9864-3f09d75bb0ba",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "4945c0e7-9f4b-404d-83b2-e5cd3f26c32f",
|
||||
"value": "OilRig"
|
||||
},
|
||||
|
@ -235,6 +271,15 @@
|
|||
"https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "f512de42-f76b-40d2-9923-59e7dbdfec35",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "b4fbf3b0-1a5e-4bdc-8977-74fff1db19ff",
|
||||
"value": "Sandworm"
|
||||
},
|
||||
|
@ -266,5 +311,5 @@
|
|||
"value": "XENOTIME"
|
||||
}
|
||||
],
|
||||
"version": 1
|
||||
"version": 2
|
||||
}
|
||||
|
|
|
@ -1589,7 +1589,7 @@
|
|||
{
|
||||
"description": "Adversaries may deploy rootkits to hide the presence of programs, files, network connections, services, drivers, and other system components. Rootkits are programs that hide the existence of malware by intercepting and modifying operating-system API calls that supply system information. Rootkits or rootkit-enabling functionality may reside at the user or kernel level in the operating system, or lower. Firmware rootkits that affect the operating system yield nearly full control of the system. While firmware rootkits are normally developed for the main processing board, they can also be developed for I/O that can be attached to the asset. Compromise of this firmware allows the modification of all of the process variables and functions the module engages in. This may result in commands being disregarded and false information being fed to the main device. By tampering with device processes, an adversary may inhibit its expected response functions and possibly enable Impact. ",
|
||||
"meta": {
|
||||
"Mitigation": [
|
||||
"Mitigations": [
|
||||
"Restrict access to control room(s), portable devices, and removable media, which should be locked down and physically secured. Unauthorized and suspicious media should be avoided and kept away from systems and the network.",
|
||||
"Ensure ICS and IT network cables are kept separate and that devices are locked up when possible, to reduce the likelihood they can be tampered with.",
|
||||
"Hold new acquisitions to strict security requirements; be sure they are properly secured and haven’t been tampered with",
|
||||
|
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
@ -1,12 +1,14 @@
|
|||
{
|
||||
"authors": [
|
||||
"John Lambert",
|
||||
"Alexandre Dulaunoy"
|
||||
"Alexandre Dulaunoy",
|
||||
"Lina Lau",
|
||||
"Thomas Patzke"
|
||||
],
|
||||
"category": "guidelines",
|
||||
"description": "o365-exchange-techniques - Office365/Exchange related techniques by @johnLaT",
|
||||
"description": "o365-exchange-techniques - Office365/Exchange related techniques by @johnLaTwC and @inversecos",
|
||||
"name": "o365-exchange-techniques",
|
||||
"source": "Open Sources",
|
||||
"source": "Open Sources, https://www.inversecos.com/2021/09/office365-attacks-bypassing-mfa.html",
|
||||
"type": "cloud-security",
|
||||
"uuid": "44574c7e-b732-4466-a7be-ef363374013a",
|
||||
"values": [
|
||||
|
@ -20,6 +22,36 @@
|
|||
"uuid": "fab70361-329a-410a-9dc4-831ecd8df39f",
|
||||
"value": "AAD - Dump users and groups with Azure AD"
|
||||
},
|
||||
{
|
||||
"description": "AAD - PowerShell",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"tactics:Recon"
|
||||
]
|
||||
},
|
||||
"uuid": "dad1c272-e761-45e8-993d-70433417a45e",
|
||||
"value": "AAD - PowerShell"
|
||||
},
|
||||
{
|
||||
"description": "AAD - Enumerate Domains",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"tactics:Recon"
|
||||
]
|
||||
},
|
||||
"uuid": "926ef557-581d-4117-a095-2571f655a7b4",
|
||||
"value": "AAD - Enumerate Domains"
|
||||
},
|
||||
{
|
||||
"description": "AAD - Enumerate Users",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"tactics:Recon"
|
||||
]
|
||||
},
|
||||
"uuid": "4f885396-3f4e-451b-ae26-995efd403cf5",
|
||||
"value": "AAD - Enumerate Users"
|
||||
},
|
||||
{
|
||||
"description": "O365 - Get Global Address List: MailSniper",
|
||||
"meta": {
|
||||
|
@ -110,11 +142,61 @@
|
|||
"uuid": "f227caf6-9399-4ac3-bab4-010f66853abb",
|
||||
"value": "On-Prem Exchange - OWA version discovery"
|
||||
},
|
||||
{
|
||||
"description": "Bruteforce via OWA",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"tactics:Initial Access"
|
||||
]
|
||||
},
|
||||
"uuid": "9bb7b28f-2957-46b4-8814-4126298f4860",
|
||||
"value": "Bruteforce via OWA"
|
||||
},
|
||||
{
|
||||
"description": "Bruteforce EWS",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"tactics:Initial Access"
|
||||
]
|
||||
},
|
||||
"uuid": "4d0099c5-06e7-40ed-a9a6-2d9f6d8df195",
|
||||
"value": "Bruteforce EWS"
|
||||
},
|
||||
{
|
||||
"description": "Bruteforce OAuth",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"tactics:Initial Access"
|
||||
]
|
||||
},
|
||||
"uuid": "bb7871fe-abc7-4935-b0fd-3cbf66a4ef0c",
|
||||
"value": "Bruteforce OAuth"
|
||||
},
|
||||
{
|
||||
"description": "Bruteforce via AAD Sign in Form",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"tactics:Initial Access"
|
||||
]
|
||||
},
|
||||
"uuid": "0889bb82-ddd8-411d-9288-be8d56a05247",
|
||||
"value": "Bruteforce via AAD Sign in Form"
|
||||
},
|
||||
{
|
||||
"description": "Bruteforce through Autologon API",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"tactics:Initial Access"
|
||||
]
|
||||
},
|
||||
"uuid": "63727b2f-64d6-4d1b-b017-38a3ede510e1",
|
||||
"value": "Bruteforce through Autologon API"
|
||||
},
|
||||
{
|
||||
"description": "AAD - Password Spray: MailSniper",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"tactics:Compromise"
|
||||
"tactics:Initial Access"
|
||||
]
|
||||
},
|
||||
"uuid": "933ec08d-a6d4-4ced-b732-4cb0331e7799",
|
||||
|
@ -124,7 +206,7 @@
|
|||
"description": "AAD - Password Spray: CredKing",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"tactics:Compromise"
|
||||
"tactics:Initial Access"
|
||||
]
|
||||
},
|
||||
"uuid": "5670ca90-38cd-4825-bd83-1bdb31fd5ea3",
|
||||
|
@ -134,7 +216,7 @@
|
|||
"description": "O365 - Bruteforce of Autodiscover: SensePost Ruler",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"tactics:Compromise"
|
||||
"tactics:Initial Access"
|
||||
]
|
||||
},
|
||||
"uuid": "d66c1ead-4dd3-4968-b6fe-faf41b7fb88d",
|
||||
|
@ -144,7 +226,7 @@
|
|||
"description": "O365 - Phishing for credentials",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"tactics:Compromise"
|
||||
"tactics:Initial Access"
|
||||
]
|
||||
},
|
||||
"uuid": "eda57f15-029c-4465-9401-f9dafc6d366c",
|
||||
|
@ -154,7 +236,7 @@
|
|||
"description": "O365 - Phishing using OAuth app",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"tactics:Compromise"
|
||||
"tactics:Initial Access"
|
||||
]
|
||||
},
|
||||
"uuid": "61589df6-6848-4866-8613-8a4a7478abef",
|
||||
|
@ -164,17 +246,68 @@
|
|||
"description": "O365 - 2FA MITM Phishing: evilginx2",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"tactics:Compromise"
|
||||
"tactics:Initial Access"
|
||||
]
|
||||
},
|
||||
"uuid": "fa1087c8-012d-4ef6-9eb3-5b5a6fb94c02",
|
||||
"value": "O365 - 2FA MITM Phishing: evilginx2"
|
||||
},
|
||||
{
|
||||
"description": "O365 - MFA Bypass via IMAP/POP",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"tactics:Initial Access"
|
||||
]
|
||||
},
|
||||
"uuid": "9043a195-2ac8-4732-a049-f8dee3b98d10",
|
||||
"value": "O365 - MFA Bypass via IMAP/POP"
|
||||
},
|
||||
{
|
||||
"description": "Compromising Pass-Through Authentication",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"tactics:Initial Access"
|
||||
]
|
||||
},
|
||||
"uuid": "00f0bd50-61f2-401a-96e5-81453a86ec33",
|
||||
"value": "Compromising Pass-Through Authentication"
|
||||
},
|
||||
{
|
||||
"description": "Enumerate Users, Admins, Roles and Permissions",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"tactics:Recon"
|
||||
]
|
||||
},
|
||||
"uuid": "25e47935-abd5-49b9-8366-b6fe8021cb38",
|
||||
"value": "Enumerate Users, Admins, Roles and Permissions"
|
||||
},
|
||||
{
|
||||
"description": "Enumerate MFA Settings",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"tactics:Recon"
|
||||
]
|
||||
},
|
||||
"uuid": "fe8ad955-f794-4aa2-b5fb-2e5f241c45e8",
|
||||
"value": "Enumerate MFA Settings"
|
||||
},
|
||||
{
|
||||
"description": "Golden SAML",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"tactics:Initial Access",
|
||||
"tactics:Persistence"
|
||||
]
|
||||
},
|
||||
"uuid": "4f14c96d-3ffe-42df-9e4c-1e2801e1f1e9",
|
||||
"value": "Golden SAML"
|
||||
},
|
||||
{
|
||||
"description": "On-Prem Exchange - Password Spray using Invoke-PasswordSprayOWA, EWS",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"tactics:Compromise"
|
||||
"tactics:Initial Access"
|
||||
]
|
||||
},
|
||||
"uuid": "8ffe80b9-0213-40c6-aeca-8877bdca8741",
|
||||
|
@ -184,12 +317,74 @@
|
|||
"description": "On-Prem Exchange - Bruteforce of Autodiscover: SensePost Ruler",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"tactics:Compromise"
|
||||
"tactics:Initial Access"
|
||||
]
|
||||
},
|
||||
"uuid": "cf8df948-0332-4ec7-94f3-3f6d54bbcbb9",
|
||||
"value": "On-Prem Exchange - Bruteforce of Autodiscover: SensePost Ruler"
|
||||
},
|
||||
{
|
||||
"description": "Change MFA Settings",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"tactics:Persistence",
|
||||
"tactics:Actions on Intent"
|
||||
]
|
||||
},
|
||||
"uuid": "985d69e2-b5bd-41ca-b966-c0fed94e8863",
|
||||
"value": "Change MFA Settings"
|
||||
},
|
||||
{
|
||||
"description": "Change Conditional Access Settings",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"tactics:Persistence"
|
||||
]
|
||||
},
|
||||
"uuid": "b2719765-02d1-4d60-862a-7cb12498b0bd",
|
||||
"value": "Change Conditional Access Settings"
|
||||
},
|
||||
{
|
||||
"description": "Malicious App Registrations",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"tactics:Initial Access",
|
||||
"tactics:Persistence"
|
||||
]
|
||||
},
|
||||
"uuid": "3aff26be-f22e-4169-a508-ef2877d67c03",
|
||||
"value": "Malicious App Registrations"
|
||||
},
|
||||
{
|
||||
"description": "Add Service Principal or App Credentials",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"tactics:Persistence"
|
||||
]
|
||||
},
|
||||
"uuid": "fd6b47aa-2bd2-4a17-bfd7-104188ff4adc",
|
||||
"value": "Add Service Principal or App Credentials"
|
||||
},
|
||||
{
|
||||
"description": "Add Service Principal",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"tactics:Persistence"
|
||||
]
|
||||
},
|
||||
"uuid": "5148933b-7c65-4229-a545-0cc8d23c0587",
|
||||
"value": "Add Service Principal"
|
||||
},
|
||||
{
|
||||
"description": "Add Federation Trust",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"tactics:Persistence"
|
||||
]
|
||||
},
|
||||
"uuid": "26af635c-5441-4465-bc98-8d764762bfd5",
|
||||
"value": "Add Federation Trust"
|
||||
},
|
||||
{
|
||||
"description": "O365 - Add Mail forwarding rule",
|
||||
"meta": {
|
||||
|
@ -201,14 +396,24 @@
|
|||
"value": "O365 - Add Mail forwarding rule"
|
||||
},
|
||||
{
|
||||
"description": "O365 - Add Global admin account",
|
||||
"description": "Add Global admin account",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"tactics:Persistence"
|
||||
]
|
||||
},
|
||||
"uuid": "a9c1f718-b9bf-4efc-9fa1-852b6c93f725",
|
||||
"value": "O365 - Add Global admin account"
|
||||
"value": "Add Global admin account"
|
||||
},
|
||||
{
|
||||
"description": "Add user account",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"tactics:Persistence"
|
||||
]
|
||||
},
|
||||
"uuid": "cef7c750-18fb-47b4-8471-b5a8ce4f83d0",
|
||||
"value": "Add user account"
|
||||
},
|
||||
{
|
||||
"description": "O365 - Delegate Tenant Admin",
|
||||
|
@ -241,14 +446,34 @@
|
|||
"value": "End Point - Persistence throught custom Outlook form"
|
||||
},
|
||||
{
|
||||
"description": "End Point - Create Hidden Mailbox Rule",
|
||||
"description": "Mailbox Rule Creation",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"tactics:Persistence"
|
||||
]
|
||||
},
|
||||
"uuid": "d023f254-466b-436b-acfd-beea54c323b1",
|
||||
"value": "End Point - Create Hidden Mailbox Rule"
|
||||
"value": "Mailbox Rule Creation"
|
||||
},
|
||||
{
|
||||
"description": "Mailbox Folder Permissions",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"tactics:Persistence"
|
||||
]
|
||||
},
|
||||
"uuid": "2f11c018-cf49-4361-b17c-573dbab1005f",
|
||||
"value": "Mailbox Folder Permissions"
|
||||
},
|
||||
{
|
||||
"description": "Mail Flow (Transport Rules)",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"tactics:Persistence"
|
||||
]
|
||||
},
|
||||
"uuid": "fe3dbf72-3bfe-4387-b9e0-f0a135a8f21b",
|
||||
"value": "Mail Flow (Transport Rules)"
|
||||
},
|
||||
{
|
||||
"description": "O365 - MailSniper: Search Mailbox for credentials",
|
||||
|
@ -352,14 +577,65 @@
|
|||
"value": "O365 - Exfiltration email using EWS APIs with PowerShell"
|
||||
},
|
||||
{
|
||||
"description": "O365 - Download documents and email",
|
||||
"description": "Downgrade License",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"tactics:Actions on Intent"
|
||||
]
|
||||
},
|
||||
"uuid": "6407e2b8-2266-496f-b8bd-5757d99d20e9",
|
||||
"value": "Downgrade License"
|
||||
},
|
||||
{
|
||||
"description": "Impersonate Users",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"tactics:Actions on Intent"
|
||||
]
|
||||
},
|
||||
"uuid": "d4cec16a-ef8e-4c97-aa6a-1d95cd03e10e",
|
||||
"value": "Impersonate Users"
|
||||
},
|
||||
{
|
||||
"description": "Assign Administrative Role to Service Principal",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"tactics:Persistence",
|
||||
"tactics:Actions on Intent"
|
||||
]
|
||||
},
|
||||
"uuid": "1b302149-dccc-4d63-8d4d-47217ba7fc90",
|
||||
"value": "Assign Administrative Role to Service Principal"
|
||||
},
|
||||
{
|
||||
"description": "Elevate to User Access Administrator Role",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"tactics:Actions on Intent"
|
||||
]
|
||||
},
|
||||
"uuid": "8d2b6b21-5d20-4ecd-9be0-c71c826cf8a4",
|
||||
"value": "Elevate to User Access Administrator Role"
|
||||
},
|
||||
{
|
||||
"description": "eDiscovery Abuse",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"tactics:Actions on Intent"
|
||||
]
|
||||
},
|
||||
"uuid": "48592f6a-76cc-4986-b434-1d3342fb30bc",
|
||||
"value": "eDiscovery Abuse"
|
||||
},
|
||||
{
|
||||
"description": "O365 - Download documents, messages and email",
|
||||
"meta": {
|
||||
"kill_chain": [
|
||||
"tactics:Actions on Intent"
|
||||
]
|
||||
},
|
||||
"uuid": "1ccc00f8-d4b5-4c72-a7c0-a53127497a7c",
|
||||
"value": "O365 - Download documents and email"
|
||||
"value": "O365 - Download documents, messages and email"
|
||||
}
|
||||
],
|
||||
"version": 2
|
||||
|
|
|
@ -0,0 +1,33 @@
|
|||
{
|
||||
"authors": [
|
||||
"MISP Project"
|
||||
],
|
||||
"category": "tool",
|
||||
"description": "Known public online services.",
|
||||
"name": "online-service",
|
||||
"source": "Open Sources",
|
||||
"type": "online-service",
|
||||
"uuid": "c0a960b6-bba4-4914-8d54-87011aaf447e",
|
||||
"values": [
|
||||
{
|
||||
"description": "Your wiki, docs, & projects. Together. Notion is the connected workspace where better, faster work happens.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.notion.so/product"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "0125ef58-2675-426f-90eb-0b189961199a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "used-by"
|
||||
}
|
||||
],
|
||||
"uuid": "5c807e49-dc90-4f80-b044-49bb990acb61",
|
||||
"value": "Notion"
|
||||
}
|
||||
],
|
||||
"version": 2
|
||||
}
|
|
@ -0,0 +1,467 @@
|
|||
{
|
||||
"authors": [
|
||||
"Various"
|
||||
],
|
||||
"category": "actor",
|
||||
"description": "List of threat intelligence producer from security vendors to CERTs including any producer of intelligence at large.",
|
||||
"name": "Producer",
|
||||
"source": "MISP Project",
|
||||
"type": "producer",
|
||||
"uuid": "faab7b69-c850-491a-b36c-ba48c1c03279",
|
||||
"values": [
|
||||
{
|
||||
"description": "Intel 471 provides adversary and malware intelligence for leading security teams. Our adversary intelligence is focused on infiltrating access to closed sources where threat actors collaborate, communicate and plan cyber attacks. Our malware intelligence leverages our adversary intelligence and underground capabilities to provide timely data and context on malicious infrastructure.",
|
||||
"meta": {
|
||||
"company-type": [
|
||||
"Cyber Security Vendor"
|
||||
],
|
||||
"country": "US",
|
||||
"official-refs": [
|
||||
"https://intel471.com/"
|
||||
],
|
||||
"product-type": [
|
||||
"intelligence-feed-provider"
|
||||
],
|
||||
"products": [
|
||||
"Malware Intelligence",
|
||||
"Vulnerability Intelligence"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.applytosupply.digitalmarketplace.service.gov.uk/g-cloud/services/448869643798857"
|
||||
],
|
||||
"synonyms": [
|
||||
"Intel 471 Inc.",
|
||||
"Intel 471"
|
||||
]
|
||||
},
|
||||
"uuid": "306bc923-3200-47e3-ade9-50ffc41f668c",
|
||||
"value": "Intel471"
|
||||
},
|
||||
{
|
||||
"description": "Sophos Ltd. is a British-based security software and hardware company. It was listed on the London Stock Exchange until it was acquired by Thoma Bravo in February 2020",
|
||||
"meta": {
|
||||
"company-type": [
|
||||
"Cyber Security Vendor"
|
||||
],
|
||||
"country": "UK",
|
||||
"official-refs": [
|
||||
"https://www.sophos.com/"
|
||||
],
|
||||
"product-type": [
|
||||
"antivirus-vendor"
|
||||
],
|
||||
"products": [
|
||||
"Endpoint"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.sophos.com/en-us/legal"
|
||||
],
|
||||
"synonyms": [
|
||||
"Sophos LTD"
|
||||
]
|
||||
},
|
||||
"uuid": "455b9e40-e8dd-443b-87b3-c70bd09b4231",
|
||||
"value": "Sophos"
|
||||
},
|
||||
{
|
||||
"description": "Group-IB is a creator of cybersecurity technologies to investigate, prevent and fight digital crime",
|
||||
"meta": {
|
||||
"company-type": [
|
||||
"Cyber Security Vendor"
|
||||
],
|
||||
"official-refs": [
|
||||
"https://www.group-ib.com/"
|
||||
],
|
||||
"product-type": [
|
||||
"Threat Intelligence",
|
||||
"Attack Surface Management",
|
||||
"Fraud Protection",
|
||||
"Digital Risk Protection",
|
||||
"Managed XDR",
|
||||
"Business Email Protection"
|
||||
],
|
||||
"products": [
|
||||
"Unified Risk Platform"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.group-ib.com/about-us/"
|
||||
]
|
||||
},
|
||||
"uuid": "21afba9e-cd2a-45c9-b421-b1f14fd181e9",
|
||||
"value": "Group-IB"
|
||||
},
|
||||
{
|
||||
"description": "Mandiant is an American cybersecurity firm and a subsidiary of Google.",
|
||||
"meta": {
|
||||
"company-type": [
|
||||
"Information security"
|
||||
],
|
||||
"country": "US",
|
||||
"official-refs": [
|
||||
"https://www.mandiant.com/"
|
||||
],
|
||||
"product-type": [
|
||||
"Proactive Exposure Management",
|
||||
"Government",
|
||||
"Digital Risk Protection",
|
||||
" Ransomware Protection"
|
||||
],
|
||||
"products": [
|
||||
"OpenIOC"
|
||||
],
|
||||
"refs": [
|
||||
"https://en.wikipedia.org/wiki/Mandiant"
|
||||
]
|
||||
},
|
||||
"uuid": "da5cdcd1-7b15-4371-b7eb-ca32916d2052",
|
||||
"value": "Mandiant"
|
||||
},
|
||||
{
|
||||
"description": "Thread intelligence provider focusing on data leaks",
|
||||
"meta": {
|
||||
"country": "US",
|
||||
"official-refs": [
|
||||
"https://spycloud.com"
|
||||
],
|
||||
"product-type": [
|
||||
"Post-Infection Remediation",
|
||||
"Ransomware Prevention",
|
||||
"Automated ATO Prevention",
|
||||
"Session Hijacking Prevention",
|
||||
"Threat Actor Attribution",
|
||||
"Fraud Prevention"
|
||||
]
|
||||
},
|
||||
"uuid": "ad99da77-986b-45bc-a7b0-c1887dd55b59",
|
||||
"value": "Spycloud"
|
||||
},
|
||||
{
|
||||
"description": "DomainTools is a leading provider of Whois and other DNS profile data for threat intelligence enrichment.",
|
||||
"meta": {
|
||||
"company-type": [
|
||||
"Threat Intelligence"
|
||||
],
|
||||
"country": "US",
|
||||
"official-refs": [
|
||||
"https://www.domaintools.com/"
|
||||
],
|
||||
"products": [
|
||||
"Iris Intelligence Platform",
|
||||
"Farsight DNSDB",
|
||||
"Threat Intelligence Feeds"
|
||||
],
|
||||
"refs": [
|
||||
"https://icannwiki.org/DomainTools"
|
||||
]
|
||||
},
|
||||
"uuid": "993c6a36-b625-4a1f-8737-72ba5a197744",
|
||||
"value": "Domaintools"
|
||||
},
|
||||
{
|
||||
"description": "Feedly is an AI-powered news aggregator application for various web browsers and mobile devices running iOS and Android. It is also available as a cloud-based service.",
|
||||
"meta": {
|
||||
"official-refs": [
|
||||
"https://feedly.com/homepage"
|
||||
],
|
||||
"product-type": [
|
||||
"Threat Intelligence"
|
||||
],
|
||||
"refs": [
|
||||
"https://en.wikipedia.org/wiki/Feedly"
|
||||
]
|
||||
},
|
||||
"uuid": "4e7c737a-4912-488a-8571-1f9226ebad05",
|
||||
"value": "Feedly"
|
||||
},
|
||||
{
|
||||
"description": "Database of public networks, IP addresses and domain names owned by companies and organisations worldwide.",
|
||||
"meta": {
|
||||
"official-refs": [
|
||||
"https://networksdb.io/"
|
||||
],
|
||||
"refs": [
|
||||
"https://twitter.com/networksdbio"
|
||||
]
|
||||
},
|
||||
"uuid": "17fec4c4-3822-4198-9735-cee04aa51305",
|
||||
"value": "Networksdb.io"
|
||||
},
|
||||
{
|
||||
"description": "Compagny providing comprehensive dataset of internet intelligence",
|
||||
"meta": {
|
||||
"country": "US",
|
||||
"official-refs": [
|
||||
"https://censys.com/",
|
||||
"https://censys.io/"
|
||||
],
|
||||
"products": [
|
||||
"Censys Search",
|
||||
"Exposure Management",
|
||||
"The Censys Internet Map",
|
||||
"Integrations"
|
||||
]
|
||||
},
|
||||
"uuid": "101ca178-12c8-4488-b234-93f263e30b1a",
|
||||
"value": "Censys"
|
||||
},
|
||||
{
|
||||
"description": "DomainIQ is an internet research tool providing information about a domain name, its owner, the server it's hosted on, its ownership history, similar domains and more.",
|
||||
"meta": {
|
||||
"country": "US",
|
||||
"official-refs": [
|
||||
"https://www.domainiq.com"
|
||||
]
|
||||
},
|
||||
"uuid": "3f79697b-63d8-4c86-aabf-84df1f03c43d",
|
||||
"value": "DomainIQ"
|
||||
},
|
||||
{
|
||||
"description": "Computer and Network Security",
|
||||
"meta": {
|
||||
"company-type": [
|
||||
"Computer and Network Security"
|
||||
],
|
||||
"country": "FI",
|
||||
"official-refs": [
|
||||
"https://www.arcticsecurity.com/"
|
||||
],
|
||||
"synonyms": [
|
||||
"Arctic Security"
|
||||
]
|
||||
},
|
||||
"uuid": "542f8890-128b-42ca-97f9-8fe2af7ab783",
|
||||
"value": "Arctic"
|
||||
},
|
||||
{
|
||||
"description": "BitSight is a cybersecurity ratings company that analyzes companies, government agencies, and educational institutions.",
|
||||
"meta": {
|
||||
"country": "US",
|
||||
"official-refs": [
|
||||
"https://www.bitsight.com"
|
||||
]
|
||||
},
|
||||
"uuid": "1e98d9ac-0ef1-4046-bf9f-7c905a56ba90",
|
||||
"value": "Bitsight"
|
||||
},
|
||||
{
|
||||
"description": "RiskIQ, Inc. is a cyber security company that was based in San Francisco, California. It provided cloud-based software as a service (SaaS) for organizations to detect phishing, fraud, malware, and other online security threats. RiskIQ was acquired by Microsoft in July 2021.",
|
||||
"meta": {
|
||||
"company-type": [
|
||||
"Cyber Security company"
|
||||
],
|
||||
"country": "US",
|
||||
"official-refs": [
|
||||
"https://community.riskiq.com/"
|
||||
],
|
||||
"product-type": [
|
||||
"Threat detection"
|
||||
],
|
||||
"refs": [
|
||||
"https://en.wikipedia.org/wiki/RiskIQ"
|
||||
]
|
||||
},
|
||||
"uuid": "9f279581-5514-42cd-8011-05af9787ee37",
|
||||
"value": "RiskIQ"
|
||||
},
|
||||
{
|
||||
"description": "Sweepatic is a cybersecurity company",
|
||||
"meta": {
|
||||
"company-type": [
|
||||
"Cyber Security vendor"
|
||||
],
|
||||
"country": "BE",
|
||||
"official-refs": [
|
||||
"https://www.sweepatic.com"
|
||||
],
|
||||
"product-type": [
|
||||
"EASM platform"
|
||||
]
|
||||
},
|
||||
"uuid": "c9bd796a-8b73-42ab-8abe-0016292f5528",
|
||||
"value": "Sweepatic"
|
||||
},
|
||||
{
|
||||
"description": "Team Cymru is an internet security firm that offers research services making the internet a more secure place.",
|
||||
"meta": {
|
||||
"company-type": [
|
||||
"Cyber Security vendor"
|
||||
],
|
||||
"country": "US",
|
||||
"official-refs": [
|
||||
"https://www.team-cymru.com/"
|
||||
],
|
||||
"product-type": [
|
||||
"Threat Intelligence Solutions",
|
||||
"Attack Surface Management Solution",
|
||||
"Threat Feeds"
|
||||
],
|
||||
"products": [
|
||||
"Pure Signal™ Recon",
|
||||
"Pure Signal™ Scout",
|
||||
"Pure Signal™ Orbit",
|
||||
"IP Reputation Feed",
|
||||
"Controller Feed",
|
||||
"Botnet Analysis & Reporting"
|
||||
]
|
||||
},
|
||||
"uuid": "8a22c0b2-d05f-4142-ab74-ffdf38fe4758",
|
||||
"value": "Team Cymru"
|
||||
},
|
||||
{
|
||||
"description": "G Data CyberDefense AG (until September 2019 G Data Software AG) is a German software company that focuses on computer security.",
|
||||
"meta": {
|
||||
"company-type": [
|
||||
"Computer software"
|
||||
],
|
||||
"country": "DE",
|
||||
"official-refs": [
|
||||
"https://www.gdata-software.com",
|
||||
"https://www.gdatasoftware.co.uk"
|
||||
],
|
||||
"product-type": [
|
||||
"Antivirus software",
|
||||
"Mobile Device Management"
|
||||
],
|
||||
"products": [
|
||||
"AntiVirus",
|
||||
"InternetSecurity",
|
||||
"TotalSecurity",
|
||||
"AntiVirus for Mac",
|
||||
"AntiVirus Business",
|
||||
"AntiVirus Enterprise",
|
||||
"ClientSecurity Business",
|
||||
"ClientSecurity Enterprise",
|
||||
"EndpointProtection Business",
|
||||
"EndpointProtection Enterprise",
|
||||
"MailSecurity",
|
||||
"PatchManagement",
|
||||
"Mobile Security",
|
||||
"VPN"
|
||||
],
|
||||
"refs": [
|
||||
"https://en.wikipedia.org/wiki/G_Data_CyberDefense"
|
||||
],
|
||||
"synonyms": [
|
||||
"GDATA",
|
||||
"G Data CyberDefense AG",
|
||||
"G Data Software AG"
|
||||
]
|
||||
},
|
||||
"uuid": "2b69f676-c875-4000-8350-5f162e69d908",
|
||||
"value": "G DATA"
|
||||
},
|
||||
{
|
||||
"description": "Sekoia.io is a European cybersecurity SAAS company, whose mission is to develop the best protection capabilities against cyber attacks.",
|
||||
"meta": {
|
||||
"company-type": [
|
||||
"Cyber Security Vendor"
|
||||
],
|
||||
"country": "FR",
|
||||
"official-refs": [
|
||||
"https://www.sekoia.io"
|
||||
],
|
||||
"product-type": [
|
||||
"eXtended Detection and Response SaaS platform"
|
||||
],
|
||||
"products": [
|
||||
"SIEM RELOADED | Sekoia Defend",
|
||||
"CTI RELOADED"
|
||||
]
|
||||
},
|
||||
"uuid": "6c9ef130-7cf6-4eeb-9e65-46228fc5e30c",
|
||||
"value": "Sekoia"
|
||||
},
|
||||
{
|
||||
"description": "Excellium Services Group is a cyber-security consulting and technology Integration Company established since 2012 in Luxemburg and Belgium, with activities and in France and Africa.",
|
||||
"meta": {
|
||||
"company-type": [
|
||||
"Cyber-security consulting and technology Integration Company",
|
||||
"CSIRT"
|
||||
],
|
||||
"country": "LU",
|
||||
"official-refs": [
|
||||
"https://excellium-services.com"
|
||||
],
|
||||
"product-type": [
|
||||
"CERT-XLM",
|
||||
"SOC",
|
||||
"GDPR Services",
|
||||
"Information Security Governance",
|
||||
"Intrusion Tests – Red Team (Application Security Team)",
|
||||
"Network & Security Infrastructure",
|
||||
"Training"
|
||||
],
|
||||
"products": [
|
||||
"EyeGuard",
|
||||
"EyeTools",
|
||||
"EyeDeep",
|
||||
"EyeTLD",
|
||||
"EyeNotify"
|
||||
]
|
||||
},
|
||||
"uuid": "73ae2776-3700-4120-84ae-7e9785e6071b",
|
||||
"value": "Excellium"
|
||||
},
|
||||
{
|
||||
"description": "Telindus is a brand of Proximus Luxembourg SA. Founded in 1979, Telindus Luxembourg accompanies all organizations in their digital transformation, by providing holistic ICT & Telecommunication solutions, as well as tailored support services. Our areas of expertise include Telecommunication Services, ICT Infrastructure, Multi-Cloud, Digital Trust Solutions, Cybersecurity, Business Applications, Managed Services and Training.",
|
||||
"meta": {
|
||||
"company-type": [
|
||||
"Service Provider"
|
||||
],
|
||||
"country": "LU",
|
||||
"official-refs": [
|
||||
"https://www.telindus.lu/en"
|
||||
],
|
||||
"product-type": [
|
||||
"Ethical Hacking",
|
||||
"Infrastructure Security",
|
||||
"Managed Security Services",
|
||||
"Protection, Detection and Orchestration",
|
||||
"Security Operations Center",
|
||||
"Strategy, risk, management and advice",
|
||||
"ICT solutions",
|
||||
"Telecoms",
|
||||
"Cloud"
|
||||
]
|
||||
},
|
||||
"uuid": "4155eec3-fae2-4e80-a9a6-89b0f976851a",
|
||||
"value": "Telindus"
|
||||
},
|
||||
{
|
||||
"description": "Bleeping Computer is a website covering technology news and offering free computer help via its forums that was created by Lawrence Abrams in 2004. It publishes news focusing heavily on cybersecurity, but also covers other topics including computer software, computer hardware, operating system and general technology.",
|
||||
"meta": {
|
||||
"company-type": [
|
||||
"Technology news and computer help"
|
||||
],
|
||||
"country": "US",
|
||||
"official-refs": [
|
||||
"https://www.bleepingcomputer.com/"
|
||||
],
|
||||
"product-type": [
|
||||
"Security and Technology Blog Posts"
|
||||
],
|
||||
"refs": [
|
||||
"https://en.wikipedia.org/wiki/Bleeping_Computer"
|
||||
]
|
||||
},
|
||||
"uuid": "ec3fb9b0-4f24-4099-ad48-3e8f68e88275",
|
||||
"value": "BleepingComputer"
|
||||
},
|
||||
{
|
||||
"description": "",
|
||||
"meta": {
|
||||
"country": "US",
|
||||
"refs": [
|
||||
"https://talosintelligence.com/",
|
||||
"https://blog.talosintelligence.com/"
|
||||
],
|
||||
"synonyms": [
|
||||
"Cisco Talos"
|
||||
]
|
||||
},
|
||||
"uuid": "0adf6f0f-3795-4de1-9763-1bdd1c31a5d7",
|
||||
"value": "Cisco Talos Intelligence Group"
|
||||
}
|
||||
],
|
||||
"version": 6
|
||||
}
|
File diff suppressed because it is too large
Load Diff
|
@ -760,6 +760,27 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "used-by"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "4d58ad7d-b5ee-4efb-b6af-6c70aadb326a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "da04ac30-27da-4959-a67d-450ce47d9470",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "6efa425c-3731-44fd-9224-2a62df061a2d",
|
||||
|
@ -1064,6 +1085,36 @@
|
|||
"https://github.com/c4bbage/xRAT"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "used-by"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "c76e2ee8-52d1-4a55-81df-5542d232ca32",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d650da35-7ad7-417a-902a-16ea55bd1126",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "a8f167a8-30b9-4953-8eb6-247f0d046d32",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "509aff15-ba17-4582-b1a0-b0ed89df01d8",
|
||||
"value": "xRAT"
|
||||
},
|
||||
|
@ -1496,6 +1547,15 @@
|
|||
"https://chrome.google.com/webstore/detail/chrome-remote-desktop/gbchcmhmhahfdphkhkmpfmihenigjmpp?hl=en"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "used-by"
|
||||
}
|
||||
],
|
||||
"uuid": "6583d982-a5cb-47e0-a3b0-bc18cadaeb53",
|
||||
"value": "Chrome Remote Desktop"
|
||||
},
|
||||
|
@ -1941,7 +2001,8 @@
|
|||
"date": "2005 or 2008",
|
||||
"refs": [
|
||||
"https://www.lastline.com/labsblog/an-analysis-of-plugx-malware/",
|
||||
"https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/PLUGX"
|
||||
"https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/PLUGX",
|
||||
"https://secjoes-reports.s3.eu-central-1.amazonaws.com/Dissecting+PlugX+to+Extract+Its+Crown+Jewels.pdf"
|
||||
],
|
||||
"synonyms": [
|
||||
"Korplug",
|
||||
|
@ -2692,10 +2753,17 @@
|
|||
"value": "Revenge-RAT"
|
||||
},
|
||||
{
|
||||
"description": "“Vengeance Justice Worm” was first discovered in 2016 and is a highly multifunctional, modular, publicly available “commodity malware”, i.e., it can be purchased by those interested through various cybercrime and hacking related forums and channels.\n\nVJwOrm is a JavaScript-based malware and combines characteristics of Worm, Information Stealer, Remote-Access Trojan (RAT), Denial-of-Service (DOS) malware, and spam-bot.\n\nVJw0rm is propagated primarily by malicious email attachments and by infecting removeable storage devices.\n\nOnce executed by the victim, the very heavily obfuscated VJw0rm will enumerate installed drives and, if a removeable drive is found, VJwOrm will infect it if configured to do so.\n\nIt will continue to gather victim information such as operating system details, user’s details, installed anti-virus product details, stored browser cookies, the presence of vbc.exe on the system (Microsoft’s .NET Visual Basic Compiler, this indicates that .NET is installed on the system and can affect the actor’s choice of additional malware delivery), and whether the system has been previously infected.\n\nVJw0rm will then report this information back to its command-and-control server and await further commands, such as downloading and executing additional malware or employing any of its other numerous capabilities.\n\nFinally, VJw0rm establishes persistency in the form of registry auto-runs, system startup folders, a scheduled-task, or any combination of these methods.",
|
||||
"meta": {
|
||||
"date": "2016",
|
||||
"refs": [
|
||||
"https://twitter.com/malwrhunterteam/status/816993165119016960?lang=en"
|
||||
"https://twitter.com/malwrhunterteam/status/816993165119016960?lang=en",
|
||||
"https://www.deepinstinct.com/blog/understanding-the-windows-javascript-threat-landscape"
|
||||
],
|
||||
"synonyms": [
|
||||
"Vengeance Justice Worm",
|
||||
"VJw0rm",
|
||||
"VJwOrm"
|
||||
]
|
||||
},
|
||||
"uuid": "bf86d7a6-80af-4d22-a092-f822bf7201d2",
|
||||
|
@ -3215,6 +3283,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "ad6d0074-476e-4c05-b0d9-79404f71bbba",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "3c1003a2-8364-467a-b9b8-fcc19724a9b5",
|
||||
|
@ -3349,9 +3424,24 @@
|
|||
"description": "H-worm is a VBS (Visual Basic Script) based RAT written by an individual going by the name Houdini. We believe the author is based in Algeria and has connections to njq8, the author of njw0rm [1] and njRAT/LV [2] through means of a shared or common code base. We have seen the H-worm RAT being employed in targeted attacks against the international energy industry; however, we also see it being employed in a wider context as run of the mill attacks through spammed email attachments and malicious links.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.fireeye.com/blog/threat-research/2013/09/now-you-see-me-h-worm-by-houdini.html"
|
||||
"https://www.fireeye.com/blog/threat-research/2013/09/now-you-see-me-h-worm-by-houdini.html",
|
||||
"https://www.deepinstinct.com/blog/understanding-the-windows-javascript-threat-landscape"
|
||||
],
|
||||
"synonyms": [
|
||||
"WSHRat",
|
||||
"Houdini",
|
||||
"Dunihi"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "e5f7bb36-c982-4f5a-9b29-ab73d2c5f70e",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "1b6a067b-50b9-4aa7-a49b-823e94e210fe",
|
||||
"value": "H-worm"
|
||||
},
|
||||
|
@ -3480,13 +3570,83 @@
|
|||
"description": "The campaign spreads via phishing emails posing as invoices, tax reports, invitations and similar types of messages containing a ZIP archive attachment with a malicious LNK file. When a user opens the malicious LNK file, it abuses the Windows Management Instrumentation Command-line tool and silently downloads a malicious XSL file. The XSL file downloads all of Guildma’s modules and executes a first stage loader, which loads the rest of the modules. The malware is then active and waits for commands from the C&C server and/or specific user interactions, such as opening a webpage of one of the targeted banks.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.securityweek.com/guildma-malware-expands-targets-beyond-brazil"
|
||||
"https://www.securityweek.com/guildma-malware-expands-targets-beyond-brazil",
|
||||
"https://www.securityweek.com/extensive-living-land-hides-stealthy-malware-campaign",
|
||||
"https://isc.sans.edu/diary/rss/28962",
|
||||
"https://otx.alienvault.com/pulse/6303804723bccc7e3caad737?utm_userid=alexandre.dulaunoy@circl.lu&utm_medium=InProduct&utm_source=OTX&utm_content=Email&utm_campaign=new_pulse_from_subscribed"
|
||||
],
|
||||
"synonyms": []
|
||||
"synonyms": [
|
||||
"Astaroth"
|
||||
]
|
||||
},
|
||||
"uuid": "833ed94d-97c1-4b57-9634-c27bf42eb867",
|
||||
"value": "Guildma"
|
||||
},
|
||||
{
|
||||
"description": "Milan is a 32-bit RAT written in Visual C++ and .NET. Milan is loaded and persists using tasks. An encoded routine waits for three to four seconds between executing the first task, deleting this task, and setting a second scheduled task for persistence.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.prevailion.com/latest-targets-of-cyber-group-lyceum/"
|
||||
],
|
||||
"synonyms": [
|
||||
"James"
|
||||
]
|
||||
},
|
||||
"uuid": "a5e5a48a-5ce7-45f0-97d7-517d7f37b4ce",
|
||||
"value": "Milan"
|
||||
},
|
||||
{
|
||||
"description": "In late November, Prevailion’s Adversarial Counterintelligence Team (PACT) identified what appeared to be a malicious javascript-based Remote Access Trojan (RAT) that uses a robust Domain Generation Algorithm (DGA) to identify its Command and Control (C2) infrastructure and that utilizes novel methods for fileless persistence, on-system activity, and dynamic run-time capabilities like self-updating and recompilation. This RAT, which PACT refers to by its internal codename “DarkWatchman”, has been observed being distributed by email and represents an evolution in fileless malware techniques, as it uses the registry for nearly all temporary and permanent storage and therefore never writes anything to disk, allowing it to operate beneath or around the detection threshold of most security tools. PACT has reverse engineered the DGA, dynamically analyzed the malware, investigated the Threat Actor’s (TA) web-based infrastructure, and consolidated the results of our analysis into the following report.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.prevailion.com/darkwatchman-new-fileness-techniques/"
|
||||
],
|
||||
"synonyms": []
|
||||
},
|
||||
"uuid": "35198ca6-6f8d-49cd-be1b-65f21b2e7e00",
|
||||
"value": "DarkWatchman"
|
||||
},
|
||||
{
|
||||
"description": "Malwarebytes Lab identified a new variant of the BADNEWS RAT called Ragnatela. It is being distributed via spear phishing emails to targets of interest in Pakistan. Ragnatela, which means spider web in Italian, is also the project name and panel used by Patchwork APT. Ironically, the threat actor infected themselves with their own RAT.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://blog.malwarebytes.com/threat-intelligence/2022/01/patchwork-apt-caught-in-its-own-web/"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "e9595678-d269-469e-ae6b-75e49259de63",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "e79cb167-6639-46a3-9646-b12535aa21b6",
|
||||
"value": "Ragnatela"
|
||||
},
|
||||
{
|
||||
"description": "STRRAT is a Java-based RAT with a JavaScript wrapper/dropper that was discovered in 2020. Its core payload (a .JAR file) is contained under several layers of obfuscation and encoding inside the JavaScript wrapper/dropper.\n\nSTRRAT is propagated by malicious email attachments. Its capabilities include standard RAT functionalities (remote access, remote command execution), browser and email-client credential harvesting, and a unique ransomware-like functionality – if instructed, it will add a “.crimson” extension to files on the device, rendering them inoperable (though they can be easily recovered because their content is not modified).\n\nUnlike many Java-based malware, STRRAT does not require Java to be installed on the infected system in order to operate. When the JavaScript wrapper/dropper is executed, if a suitable Java runtime installation is not found, one will be downloaded and installed in order to assure the contained Java payload can execute.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.deepinstinct.com/blog/understanding-the-windows-javascript-threat-landscape"
|
||||
]
|
||||
},
|
||||
"uuid": "b30cb6f4-1e0a-4a97-8d88-ca38f83b4422",
|
||||
"value": "STRRAT"
|
||||
},
|
||||
{
|
||||
"description": "Chinese FortiGate RAT. The COATHANGER malware is a remote access trojan (RAT) designed specifically for Fortigate appliances. It is used as second-stage malware, and does not exploit a new vulnerability. Intelligence services MIVD & AIVD refer to the malware as COATHANGER based on a string present in the code./nThe COATHANGER malware is stealthy and persistent. It hides itself by hooking system calls that could reveal its presence. It survives reboots and firmware upgrades./nMIVD & AIVD assess with high confidence that the malicious activity was conducted by a state-sponsored actor from the People’s Republic of China. This is part of a wider trend of Chinese political espionage against the Netherlands and its allies./nMIVD & AIVD assess that use of COATHANGER may be relatively targeted. The Chinese threat actor(s) scan for vulnerable edge devices at scale and gain access opportunistically, and likely introduce COATHANGER as a communication channel for select victims.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://github.com/JSCU-NL/COATHANGER",
|
||||
"https://www.ncsc.nl/documenten/publicaties/2024/februari/6/mivd-aivd-advisory-coathanger-tlp-clear",
|
||||
"https://twitter.com/sehof/status/1754883344574103670"
|
||||
]
|
||||
},
|
||||
"uuid": "c04e9738-de62-43e4-b645-2e308c1f77f7",
|
||||
"value": "COATHANGER"
|
||||
}
|
||||
],
|
||||
"version": 36
|
||||
"version": 45
|
||||
}
|
||||
|
|
|
@ -11,13 +11,13 @@
|
|||
"values": [
|
||||
{
|
||||
"meta": {
|
||||
"subregion": [
|
||||
"subregions": [
|
||||
"002 - Africa",
|
||||
"009 - Oceania",
|
||||
"010 - Antarctica",
|
||||
"019 - Americas",
|
||||
"142 - Asia",
|
||||
"150 - Europe",
|
||||
"009 - Oceania",
|
||||
"010 - Antarctica"
|
||||
"150 - Europe"
|
||||
]
|
||||
},
|
||||
"uuid": "8d87018b-e8bb-472e-841b-4429fb6b9bc0",
|
||||
|
@ -25,7 +25,7 @@
|
|||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregion": [
|
||||
"subregions": [
|
||||
"015 - Northern Africa",
|
||||
"202 - Sub-Saharan Africa"
|
||||
]
|
||||
|
@ -35,42 +35,31 @@
|
|||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregion": [
|
||||
"419 - Latin America and the Caribbean",
|
||||
"021 - Northern America"
|
||||
"subregions": [
|
||||
"032 - Argentina",
|
||||
"068 - Bolivia (Plurinational State of)",
|
||||
"074 - Bouvet Island",
|
||||
"076 - Brazil",
|
||||
"152 - Chile",
|
||||
"170 - Colombia",
|
||||
"218 - Ecuador",
|
||||
"238 - Falkland Islands (Malvinas)",
|
||||
"239 - South Georgia and the South Sandwich Islands",
|
||||
"254 - French Guiana",
|
||||
"328 - Guyana",
|
||||
"600 - Paraguay",
|
||||
"604 - Peru",
|
||||
"740 - Suriname",
|
||||
"858 - Uruguay",
|
||||
"862 - Venezuela (Bolivarian Republic of)"
|
||||
]
|
||||
},
|
||||
"uuid": "a6427c40-6fba-46dc-9995-72e16a4c57a7",
|
||||
"value": "019 - Americas"
|
||||
"uuid": "e9ee6728-d325-4726-be7d-08b5ccf3f3d6",
|
||||
"value": "005 - South America"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregion": [
|
||||
"143 - Central Asia",
|
||||
"030 - Eastern Asia",
|
||||
"035 - South-eastern Asia",
|
||||
"034 - Southern Asia",
|
||||
"145 - Western Asia"
|
||||
]
|
||||
},
|
||||
"uuid": "4b09b683-5650-4a6c-a383-d8f3b686ebc2",
|
||||
"value": "142 - Asia"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregion": [
|
||||
"151 - Eastern Europe",
|
||||
"154 - Northern Europe",
|
||||
"039 - Southern Europe",
|
||||
"155 - Western Europe"
|
||||
]
|
||||
},
|
||||
"uuid": "739c285c-fe59-4540-b323-bf713af30347",
|
||||
"value": "150 - Europe"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregion": [
|
||||
"subregions": [
|
||||
"053 - Australia and New Zealand",
|
||||
"054 - Melanesia",
|
||||
"057 - Micronesia",
|
||||
|
@ -81,314 +70,75 @@
|
|||
"value": "009 - Oceania"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregion": [
|
||||
"012 - Algeria",
|
||||
"818 - Egypt",
|
||||
"434 - Libya",
|
||||
"504 - Morocco",
|
||||
"729 - Sudan",
|
||||
"788 - Tunisia",
|
||||
"732 - Western Sahara"
|
||||
]
|
||||
},
|
||||
"uuid": "4a65b439-849b-4fdd-b34d-e80f738a4309",
|
||||
"value": "015 - Northern Africa"
|
||||
"uuid": "6d4ae555-f559-48ac-9777-926a406b7969",
|
||||
"value": "010 - Antarctica"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregion": [
|
||||
"014 - Eastern Africa",
|
||||
"017 - Middle Africa",
|
||||
"018 - Southern Africa",
|
||||
"011 - Western Africa"
|
||||
"subregions": [
|
||||
"132 - Cabo Verde",
|
||||
"204 - Benin",
|
||||
"270 - Gambia",
|
||||
"288 - Ghana",
|
||||
"324 - Guinea",
|
||||
"384 - Côte d’Ivoire",
|
||||
"430 - Liberia",
|
||||
"466 - Mali",
|
||||
"478 - Mauritania",
|
||||
"562 - Niger",
|
||||
"566 - Nigeria",
|
||||
"624 - Guinea-Bissau",
|
||||
"654 - Saint Helena",
|
||||
"686 - Senegal",
|
||||
"694 - Sierra Leone",
|
||||
"768 - Togo",
|
||||
"854 - Burkina Faso"
|
||||
]
|
||||
},
|
||||
"uuid": "130997e8-c900-4457-829a-447eec3fbb89",
|
||||
"value": "202 - Sub-Saharan Africa"
|
||||
"uuid": "d44cf4b4-8025-4827-960c-b666dfdc5243",
|
||||
"value": "011 - Western Africa"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregion": [
|
||||
"029 - Caribbean",
|
||||
"013 - Central America",
|
||||
"005 - South America"
|
||||
"subregions": [
|
||||
"084 - Belize",
|
||||
"188 - Costa Rica",
|
||||
"222 - El Salvador",
|
||||
"320 - Guatemala",
|
||||
"340 - Honduras",
|
||||
"484 - Mexico",
|
||||
"558 - Nicaragua",
|
||||
"591 - Panama"
|
||||
]
|
||||
},
|
||||
"uuid": "aef21eb1-eccd-46e1-a4c8-9e9b8452d912",
|
||||
"value": "419 - Latin America and the Caribbean"
|
||||
"uuid": "105247d9-e619-4231-b88e-17dd9aed1580",
|
||||
"value": "013 - Central America"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregion": [
|
||||
"060 - Bermuda",
|
||||
"124 - Canada",
|
||||
"304 - Greenland",
|
||||
"666 - Saint Pierre and Miquelon",
|
||||
"840 - United States of America"
|
||||
]
|
||||
},
|
||||
"uuid": "64974dea-c6c9-462d-9fcf-4456a397d591",
|
||||
"value": "021 - Northern America"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregion": [
|
||||
"398 - Kazakhstan",
|
||||
"417 - Kyrgyzstan",
|
||||
"762 - Tajikistan",
|
||||
"795 - Turkmenistan",
|
||||
"860 - Uzbekistan"
|
||||
]
|
||||
},
|
||||
"uuid": "a5515b7c-594b-4e37-a60f-3bab8808c54c",
|
||||
"value": "143 - Central Asia"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregion": [
|
||||
"156 - China",
|
||||
"344 - China, Hong Kong Special Administrative Region",
|
||||
"446 - China, Macao Special Administrative Region",
|
||||
"408 - Democratic People's Republic of Korea",
|
||||
"392 - Japan",
|
||||
"496 - Mongolia",
|
||||
"410 - Republic of Korea"
|
||||
]
|
||||
},
|
||||
"uuid": "aa46fbd1-54df-4e1e-a5d6-7bced5c59803",
|
||||
"value": "030 - Eastern Asia"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregion": [
|
||||
"096 - Brunei Darussalam",
|
||||
"116 - Cambodia",
|
||||
"360 - Indonesia",
|
||||
"418 - Lao People's Democratic Republic",
|
||||
"458 - Malaysia",
|
||||
"104 - Myanmar",
|
||||
"608 - Philippines",
|
||||
"702 - Singapore",
|
||||
"764 - Thailand",
|
||||
"626 - Timor-Leste",
|
||||
"704 - Viet Nam"
|
||||
]
|
||||
},
|
||||
"uuid": "990d0e8e-dfd0-45d1-ab8b-758b9139c0fe",
|
||||
"value": "035 - South-eastern Asia"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregion": [
|
||||
"004 - Afghanistan",
|
||||
"050 - Bangladesh",
|
||||
"064 - Bhutan",
|
||||
"356 - India",
|
||||
"364 - Iran (Islamic Republic of)",
|
||||
"462 - Maldives",
|
||||
"524 - Nepal",
|
||||
"586 - Pakistan",
|
||||
"144 - Sri Lanka"
|
||||
]
|
||||
},
|
||||
"uuid": "f86776cd-274f-438a-8beb-9349aebda0bb",
|
||||
"value": "034 - Southern Asia"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregion": [
|
||||
"051 - Armenia",
|
||||
"031 - Azerbaijan",
|
||||
"048 - Bahrain",
|
||||
"196 - Cyprus",
|
||||
"268 - Georgia",
|
||||
"368 - Iraq",
|
||||
"376 - Israel",
|
||||
"400 - Jordan",
|
||||
"414 - Kuwait",
|
||||
"422 - Lebanon",
|
||||
"512 - Oman",
|
||||
"634 - Qatar",
|
||||
"682 - Saudi Arabia",
|
||||
"275 - State of Palestine",
|
||||
"760 - Syrian Arab Republic",
|
||||
"792 - Turkey",
|
||||
"784 - United Arab Emirates",
|
||||
"887 - Yemen"
|
||||
]
|
||||
},
|
||||
"uuid": "d66b2e98-39fb-4710-b075-5bee2fa00cd4",
|
||||
"value": "145 - Western Asia"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregion": [
|
||||
"112 - Belarus",
|
||||
"100 - Bulgaria",
|
||||
"203 - Czechia",
|
||||
"348 - Hungary",
|
||||
"616 - Poland",
|
||||
"498 - Republic of Moldova",
|
||||
"642 - Romania",
|
||||
"643 - Russian Federation",
|
||||
"703 - Slovakia",
|
||||
"804 - Ukraine"
|
||||
]
|
||||
},
|
||||
"uuid": "c7cb0859-5680-4bdb-9c78-46cab3504a62",
|
||||
"value": "151 - Eastern Europe"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregion": [
|
||||
"830 - Channel Islands",
|
||||
"248 - Åland Islands",
|
||||
"208 - Denmark",
|
||||
"233 - Estonia",
|
||||
"234 - Faroe Islands",
|
||||
"246 - Finland",
|
||||
"352 - Iceland",
|
||||
"372 - Ireland",
|
||||
"833 - Isle of Man",
|
||||
"428 - Latvia",
|
||||
"440 - Lithuania",
|
||||
"578 - Norway",
|
||||
"744 - Svalbard and Jan Mayen Islands",
|
||||
"752 - Sweden",
|
||||
"826 - United Kingdom of Great Britain and Northern Ireland"
|
||||
]
|
||||
},
|
||||
"uuid": "f93cb275-0366-4ecc-abf0-a17928d1e177",
|
||||
"value": "154 - Northern Europe"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregion": [
|
||||
"008 - Albania",
|
||||
"020 - Andorra",
|
||||
"070 - Bosnia and Herzegovina",
|
||||
"191 - Croatia",
|
||||
"292 - Gibraltar",
|
||||
"300 - Greece",
|
||||
"336 - Holy See",
|
||||
"380 - Italy",
|
||||
"470 - Malta",
|
||||
"499 - Montenegro",
|
||||
"807 - North Macedonia",
|
||||
"620 - Portugal",
|
||||
"674 - San Marino",
|
||||
"688 - Serbia",
|
||||
"705 - Slovenia",
|
||||
"724 - Spain"
|
||||
]
|
||||
},
|
||||
"uuid": "63880bb3-f959-4200-b8ae-e25d9fa84c22",
|
||||
"value": "039 - Southern Europe"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregion": [
|
||||
"040 - Austria",
|
||||
"056 - Belgium",
|
||||
"250 - France",
|
||||
"276 - Germany",
|
||||
"438 - Liechtenstein",
|
||||
"442 - Luxembourg",
|
||||
"492 - Monaco",
|
||||
"528 - Netherlands",
|
||||
"756 - Switzerland"
|
||||
]
|
||||
},
|
||||
"uuid": "7048c324-c9c2-4c53-a42a-912e78f3aeec",
|
||||
"value": "155 - Western Europe"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregion": [
|
||||
"036 - Australia",
|
||||
"162 - Christmas Island",
|
||||
"166 - Cocos (Keeling) Islands",
|
||||
"334 - Heard Island and McDonald Islands",
|
||||
"554 - New Zealand",
|
||||
"574 - Norfolk Island"
|
||||
]
|
||||
},
|
||||
"uuid": "93dd8987-1466-493f-b5dc-c2b7fe762d75",
|
||||
"value": "053 - Australia and New Zealand"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregion": [
|
||||
"242 - Fiji",
|
||||
"540 - New Caledonia",
|
||||
"598 - Papua New Guinea",
|
||||
"090 - Solomon Islands",
|
||||
"548 - Vanuatu"
|
||||
]
|
||||
},
|
||||
"uuid": "4cb4b767-2db4-4858-bb28-656816350fef",
|
||||
"value": "054 - Melanesia"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregion": [
|
||||
"316 - Guam",
|
||||
"296 - Kiribati",
|
||||
"584 - Marshall Islands",
|
||||
"583 - Micronesia (Federated States of)",
|
||||
"520 - Nauru",
|
||||
"580 - Northern Mariana Islands",
|
||||
"585 - Palau",
|
||||
"581 - United States Minor Outlying Islands"
|
||||
]
|
||||
},
|
||||
"uuid": "fbe052e0-a4ab-4d74-8765-5a9786e7bdbc",
|
||||
"value": "057 - Micronesia"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregion": [
|
||||
"016 - American Samoa",
|
||||
"184 - Cook Islands",
|
||||
"258 - French Polynesia",
|
||||
"570 - Niue",
|
||||
"612 - Pitcairn",
|
||||
"882 - Samoa",
|
||||
"772 - Tokelau",
|
||||
"776 - Tonga",
|
||||
"798 - Tuvalu",
|
||||
"876 - Wallis and Futuna Islands"
|
||||
]
|
||||
},
|
||||
"uuid": "a387db42-cdb4-4f75-98c4-5b51a03d0c68",
|
||||
"value": "061 - Polynesia"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregion": [
|
||||
"subregions": [
|
||||
"086 - British Indian Ocean Territory",
|
||||
"108 - Burundi",
|
||||
"174 - Comoros",
|
||||
"262 - Djibouti",
|
||||
"232 - Eritrea",
|
||||
"175 - Mayotte",
|
||||
"231 - Ethiopia",
|
||||
"232 - Eritrea",
|
||||
"260 - French Southern Territories",
|
||||
"262 - Djibouti",
|
||||
"404 - Kenya",
|
||||
"450 - Madagascar",
|
||||
"454 - Malawi",
|
||||
"480 - Mauritius",
|
||||
"175 - Mayotte",
|
||||
"508 - Mozambique",
|
||||
"638 - Réunion",
|
||||
"646 - Rwanda",
|
||||
"690 - Seychelles",
|
||||
"706 - Somalia",
|
||||
"716 - Zimbabwe",
|
||||
"728 - South Sudan",
|
||||
"800 - Uganda",
|
||||
"834 - United Republic of Tanzania",
|
||||
"894 - Zambia",
|
||||
"716 - Zimbabwe"
|
||||
"894 - Zambia"
|
||||
]
|
||||
},
|
||||
"uuid": "9b15e8e9-2adb-4aa8-baea-d63ccc434428",
|
||||
|
@ -396,7 +146,22 @@
|
|||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregion": [
|
||||
"subregions": [
|
||||
"012 - Algeria",
|
||||
"434 - Libya",
|
||||
"504 - Morocco",
|
||||
"729 - Sudan",
|
||||
"732 - Western Sahara",
|
||||
"788 - Tunisia",
|
||||
"818 - Egypt"
|
||||
]
|
||||
},
|
||||
"uuid": "4a65b439-849b-4fdd-b34d-e80f738a4309",
|
||||
"value": "015 - Northern Africa"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregions": [
|
||||
"024 - Angola",
|
||||
"120 - Cameroon",
|
||||
"140 - Central African Republic",
|
||||
|
@ -413,12 +178,12 @@
|
|||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregion": [
|
||||
"subregions": [
|
||||
"072 - Botswana",
|
||||
"748 - Eswatini",
|
||||
"426 - Lesotho",
|
||||
"516 - Namibia",
|
||||
"710 - South Africa"
|
||||
"710 - South Africa",
|
||||
"748 - Eswatini"
|
||||
]
|
||||
},
|
||||
"uuid": "b95340de-8f29-4dbf-ad0f-a4c0be367e59",
|
||||
|
@ -426,42 +191,36 @@
|
|||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregion": [
|
||||
"204 - Benin",
|
||||
"854 - Burkina Faso",
|
||||
"132 - Cabo Verde",
|
||||
"384 - Côte d’Ivoire",
|
||||
"270 - Gambia",
|
||||
"288 - Ghana",
|
||||
"324 - Guinea",
|
||||
"624 - Guinea-Bissau",
|
||||
"430 - Liberia",
|
||||
"466 - Mali",
|
||||
"478 - Mauritania",
|
||||
"562 - Niger",
|
||||
"566 - Nigeria",
|
||||
"654 - Saint Helena",
|
||||
"686 - Senegal",
|
||||
"694 - Sierra Leone",
|
||||
"768 - Togo"
|
||||
"subregions": [
|
||||
"021 - Northern America",
|
||||
"419 - Latin America and the Caribbean"
|
||||
]
|
||||
},
|
||||
"uuid": "d44cf4b4-8025-4827-960c-b666dfdc5243",
|
||||
"value": "011 - Western Africa"
|
||||
"uuid": "a6427c40-6fba-46dc-9995-72e16a4c57a7",
|
||||
"value": "019 - Americas"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregion": [
|
||||
"660 - Anguilla",
|
||||
"subregions": [
|
||||
"060 - Bermuda",
|
||||
"124 - Canada",
|
||||
"304 - Greenland",
|
||||
"666 - Saint Pierre and Miquelon",
|
||||
"840 - United States of America"
|
||||
]
|
||||
},
|
||||
"uuid": "64974dea-c6c9-462d-9fcf-4456a397d591",
|
||||
"value": "021 - Northern America"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregions": [
|
||||
"028 - Antigua and Barbuda",
|
||||
"533 - Aruba",
|
||||
"044 - Bahamas",
|
||||
"052 - Barbados",
|
||||
"535 - Bonaire, Sint Eustatius and Saba",
|
||||
"092 - British Virgin Islands",
|
||||
"136 - Cayman Islands",
|
||||
"192 - Cuba",
|
||||
"531 - Curaçao",
|
||||
"212 - Dominica",
|
||||
"214 - Dominican Republic",
|
||||
"308 - Grenada",
|
||||
|
@ -470,13 +229,17 @@
|
|||
"388 - Jamaica",
|
||||
"474 - Martinique",
|
||||
"500 - Montserrat",
|
||||
"531 - Curaçao",
|
||||
"533 - Aruba",
|
||||
"534 - Sint Maarten (Dutch part)",
|
||||
"535 - Bonaire, Sint Eustatius and Saba",
|
||||
"630 - Puerto Rico",
|
||||
"652 - Saint Barthélemy",
|
||||
"659 - Saint Kitts and Nevis",
|
||||
"660 - Anguilla",
|
||||
"662 - Saint Lucia",
|
||||
"663 - Saint Martin (French Part)",
|
||||
"670 - Saint Vincent and the Grenadines",
|
||||
"534 - Sint Maarten (Dutch part)",
|
||||
"780 - Trinidad and Tobago",
|
||||
"796 - Turks and Caicos Islands",
|
||||
"850 - United States Virgin Islands"
|
||||
|
@ -487,50 +250,291 @@
|
|||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregion": [
|
||||
"084 - Belize",
|
||||
"188 - Costa Rica",
|
||||
"222 - El Salvador",
|
||||
"320 - Guatemala",
|
||||
"340 - Honduras",
|
||||
"484 - Mexico",
|
||||
"558 - Nicaragua",
|
||||
"591 - Panama"
|
||||
"subregions": [
|
||||
"156 - China",
|
||||
"344 - China, Hong Kong Special Administrative Region",
|
||||
"392 - Japan",
|
||||
"408 - Democratic People's Republic of Korea",
|
||||
"410 - Republic of Korea",
|
||||
"446 - China, Macao Special Administrative Region",
|
||||
"496 - Mongolia"
|
||||
]
|
||||
},
|
||||
"uuid": "105247d9-e619-4231-b88e-17dd9aed1580",
|
||||
"value": "013 - Central America"
|
||||
"uuid": "aa46fbd1-54df-4e1e-a5d6-7bced5c59803",
|
||||
"value": "030 - Eastern Asia"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregion": [
|
||||
"032 - Argentina",
|
||||
"068 - Bolivia (Plurinational State of)",
|
||||
"074 - Bouvet Island",
|
||||
"076 - Brazil",
|
||||
"152 - Chile",
|
||||
"170 - Colombia",
|
||||
"218 - Ecuador",
|
||||
"238 - Falkland Islands (Malvinas)",
|
||||
"254 - French Guiana",
|
||||
"328 - Guyana",
|
||||
"600 - Paraguay",
|
||||
"604 - Peru",
|
||||
"239 - South Georgia and the South Sandwich Islands",
|
||||
"740 - Suriname",
|
||||
"858 - Uruguay",
|
||||
"862 - Venezuela (Bolivarian Republic of)"
|
||||
"subregions": [
|
||||
"004 - Afghanistan",
|
||||
"050 - Bangladesh",
|
||||
"064 - Bhutan",
|
||||
"144 - Sri Lanka",
|
||||
"356 - India",
|
||||
"364 - Iran (Islamic Republic of)",
|
||||
"462 - Maldives",
|
||||
"524 - Nepal",
|
||||
"586 - Pakistan"
|
||||
]
|
||||
},
|
||||
"uuid": "e9ee6728-d325-4726-be7d-08b5ccf3f3d6",
|
||||
"value": "005 - South America"
|
||||
"uuid": "f86776cd-274f-438a-8beb-9349aebda0bb",
|
||||
"value": "034 - Southern Asia"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregion": [
|
||||
"subregions": [
|
||||
"096 - Brunei Darussalam",
|
||||
"104 - Myanmar",
|
||||
"116 - Cambodia",
|
||||
"360 - Indonesia",
|
||||
"418 - Lao People's Democratic Republic",
|
||||
"458 - Malaysia",
|
||||
"608 - Philippines",
|
||||
"626 - Timor-Leste",
|
||||
"702 - Singapore",
|
||||
"704 - Viet Nam",
|
||||
"764 - Thailand"
|
||||
]
|
||||
},
|
||||
"uuid": "990d0e8e-dfd0-45d1-ab8b-758b9139c0fe",
|
||||
"value": "035 - South-eastern Asia"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregions": [
|
||||
"008 - Albania",
|
||||
"020 - Andorra",
|
||||
"070 - Bosnia and Herzegovina",
|
||||
"191 - Croatia",
|
||||
"292 - Gibraltar",
|
||||
"300 - Greece",
|
||||
"336 - Holy See",
|
||||
"380 - Italy",
|
||||
"470 - Malta",
|
||||
"499 - Montenegro",
|
||||
"620 - Portugal",
|
||||
"674 - San Marino",
|
||||
"688 - Serbia",
|
||||
"705 - Slovenia",
|
||||
"724 - Spain",
|
||||
"807 - North Macedonia"
|
||||
]
|
||||
},
|
||||
"uuid": "63880bb3-f959-4200-b8ae-e25d9fa84c22",
|
||||
"value": "039 - Southern Europe"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregions": [
|
||||
"036 - Australia",
|
||||
"162 - Christmas Island",
|
||||
"166 - Cocos (Keeling) Islands",
|
||||
"334 - Heard Island and McDonald Islands",
|
||||
"554 - New Zealand",
|
||||
"574 - Norfolk Island"
|
||||
]
|
||||
},
|
||||
"uuid": "93dd8987-1466-493f-b5dc-c2b7fe762d75",
|
||||
"value": "053 - Australia and New Zealand"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregions": [
|
||||
"090 - Solomon Islands",
|
||||
"242 - Fiji",
|
||||
"540 - New Caledonia",
|
||||
"548 - Vanuatu",
|
||||
"598 - Papua New Guinea"
|
||||
]
|
||||
},
|
||||
"uuid": "4cb4b767-2db4-4858-bb28-656816350fef",
|
||||
"value": "054 - Melanesia"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregions": [
|
||||
"296 - Kiribati",
|
||||
"316 - Guam",
|
||||
"520 - Nauru",
|
||||
"580 - Northern Mariana Islands",
|
||||
"581 - United States Minor Outlying Islands",
|
||||
"583 - Micronesia (Federated States of)",
|
||||
"584 - Marshall Islands",
|
||||
"585 - Palau"
|
||||
]
|
||||
},
|
||||
"uuid": "fbe052e0-a4ab-4d74-8765-5a9786e7bdbc",
|
||||
"value": "057 - Micronesia"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregions": [
|
||||
"016 - American Samoa",
|
||||
"184 - Cook Islands",
|
||||
"258 - French Polynesia",
|
||||
"570 - Niue",
|
||||
"612 - Pitcairn",
|
||||
"772 - Tokelau",
|
||||
"776 - Tonga",
|
||||
"798 - Tuvalu",
|
||||
"876 - Wallis and Futuna Islands",
|
||||
"882 - Samoa"
|
||||
]
|
||||
},
|
||||
"uuid": "a387db42-cdb4-4f75-98c4-5b51a03d0c68",
|
||||
"value": "061 - Polynesia"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregions": [
|
||||
"030 - Eastern Asia",
|
||||
"034 - Southern Asia",
|
||||
"035 - South-eastern Asia",
|
||||
"143 - Central Asia",
|
||||
"145 - Western Asia"
|
||||
]
|
||||
},
|
||||
"uuid": "4b09b683-5650-4a6c-a383-d8f3b686ebc2",
|
||||
"value": "142 - Asia"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregions": [
|
||||
"398 - Kazakhstan",
|
||||
"417 - Kyrgyzstan",
|
||||
"762 - Tajikistan",
|
||||
"795 - Turkmenistan",
|
||||
"860 - Uzbekistan"
|
||||
]
|
||||
},
|
||||
"uuid": "a5515b7c-594b-4e37-a60f-3bab8808c54c",
|
||||
"value": "143 - Central Asia"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregions": [
|
||||
"031 - Azerbaijan",
|
||||
"048 - Bahrain",
|
||||
"051 - Armenia",
|
||||
"196 - Cyprus",
|
||||
"268 - Georgia",
|
||||
"275 - State of Palestine",
|
||||
"368 - Iraq",
|
||||
"376 - Israel",
|
||||
"400 - Jordan",
|
||||
"414 - Kuwait",
|
||||
"422 - Lebanon",
|
||||
"512 - Oman",
|
||||
"634 - Qatar",
|
||||
"682 - Saudi Arabia",
|
||||
"760 - Syrian Arab Republic",
|
||||
"784 - United Arab Emirates",
|
||||
"792 - Turkey",
|
||||
"887 - Yemen"
|
||||
]
|
||||
},
|
||||
"uuid": "d66b2e98-39fb-4710-b075-5bee2fa00cd4",
|
||||
"value": "145 - Western Asia"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregions": [
|
||||
"039 - Southern Europe",
|
||||
"151 - Eastern Europe",
|
||||
"154 - Northern Europe",
|
||||
"155 - Western Europe"
|
||||
]
|
||||
},
|
||||
"uuid": "739c285c-fe59-4540-b323-bf713af30347",
|
||||
"value": "150 - Europe"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregions": [
|
||||
"100 - Bulgaria",
|
||||
"112 - Belarus",
|
||||
"203 - Czechia",
|
||||
"348 - Hungary",
|
||||
"498 - Republic of Moldova",
|
||||
"616 - Poland",
|
||||
"642 - Romania",
|
||||
"643 - Russian Federation",
|
||||
"703 - Slovakia",
|
||||
"804 - Ukraine"
|
||||
]
|
||||
},
|
||||
"uuid": "c7cb0859-5680-4bdb-9c78-46cab3504a62",
|
||||
"value": "151 - Eastern Europe"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregions": [
|
||||
"208 - Denmark",
|
||||
"233 - Estonia",
|
||||
"234 - Faroe Islands",
|
||||
"246 - Finland",
|
||||
"248 - Åland Islands",
|
||||
"352 - Iceland",
|
||||
"372 - Ireland",
|
||||
"428 - Latvia",
|
||||
"440 - Lithuania",
|
||||
"578 - Norway",
|
||||
"744 - Svalbard and Jan Mayen Islands",
|
||||
"752 - Sweden",
|
||||
"826 - United Kingdom of Great Britain and Northern Ireland",
|
||||
"830 - Channel Islands",
|
||||
"833 - Isle of Man"
|
||||
]
|
||||
},
|
||||
"uuid": "f93cb275-0366-4ecc-abf0-a17928d1e177",
|
||||
"value": "154 - Northern Europe"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregions": [
|
||||
"040 - Austria",
|
||||
"056 - Belgium",
|
||||
"250 - France",
|
||||
"276 - Germany",
|
||||
"438 - Liechtenstein",
|
||||
"442 - Luxembourg",
|
||||
"492 - Monaco",
|
||||
"528 - Netherlands",
|
||||
"756 - Switzerland"
|
||||
]
|
||||
},
|
||||
"uuid": "7048c324-c9c2-4c53-a42a-912e78f3aeec",
|
||||
"value": "155 - Western Europe"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregions": [
|
||||
"011 - Western Africa",
|
||||
"014 - Eastern Africa",
|
||||
"017 - Middle Africa",
|
||||
"018 - Southern Africa"
|
||||
]
|
||||
},
|
||||
"uuid": "130997e8-c900-4457-829a-447eec3fbb89",
|
||||
"value": "202 - Sub-Saharan Africa"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregions": [
|
||||
"005 - South America",
|
||||
"013 - Central America",
|
||||
"029 - Caribbean"
|
||||
]
|
||||
},
|
||||
"uuid": "aef21eb1-eccd-46e1-a4c8-9e9b8452d912",
|
||||
"value": "419 - Latin America and the Caribbean"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"subregions": [
|
||||
"680 - Sark",
|
||||
"831 - Guernsey",
|
||||
"832 - Jersey",
|
||||
"680 - Sark"
|
||||
"832 - Jersey"
|
||||
]
|
||||
},
|
||||
"uuid": "76adc9e0-215a-4496-8642-b98ac7715d0f",
|
||||
|
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
@ -88,7 +88,212 @@
|
|||
},
|
||||
"uuid": "ebc1c15d-3e27-456e-9473-61d92d91bda8",
|
||||
"value": "HackBoss"
|
||||
},
|
||||
{
|
||||
"description": "Prynt Stealer is an information stealer that has the ability to capture credentials that are stored on a compromised system including web browsers, VPN/FTP clients, as well as messaging and gaming applications. Its developer based the malware code on open source projects including AsyncRAT and StormKitty. Prynt Stealer uses Telegram to exfiltrate data that is stolen from victims. Its author added a backdoor Telegram channel to collect the information stolen by other criminals.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.zscaler.com/blogs/security-research/no-honor-among-thieves-prynt-stealers-backdoor-exposed"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "46bff4ad-09fe-4ac5-803e-daa3b73e3aaf",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"very-likely\""
|
||||
],
|
||||
"type": "variant-of"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d410b534-07a4-4190-b253-f6616934bea6",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"very-likely\""
|
||||
],
|
||||
"type": "variant-of"
|
||||
}
|
||||
],
|
||||
"uuid": "8f5a452a-4056-4004-bc9a-4c11cb8cf2b4",
|
||||
"value": "Prynt Stealer"
|
||||
},
|
||||
{
|
||||
"description": "Nearly identical to Prynt Stealer with a few differences. DarkEye is not sold or mentioned publicly, however, it is bundled as a backdoor with a “free” Prynt Stealer builder.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.zscaler.com/blogs/security-research/no-honor-among-thieves-prynt-stealers-backdoor-exposed"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "8f5a452a-4056-4004-bc9a-4c11cb8cf2b4",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"very-likely\""
|
||||
],
|
||||
"type": "variant-of"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d410b534-07a4-4190-b253-f6616934bea6",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"very-likely\""
|
||||
],
|
||||
"type": "variant-of"
|
||||
}
|
||||
],
|
||||
"uuid": "46bff4ad-09fe-4ac5-803e-daa3b73e3aaf",
|
||||
"value": "DarkEye"
|
||||
},
|
||||
{
|
||||
"description": "Prynt Stealer variant that appear to be written by the same author. It is nearly identical to Prynt Stealer with a few minor differences. While Prynt Stealer is the most popular brand name for selling the malware, WorldWind payloads are the most commonly observed in-the-wild. ",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.zscaler.com/blogs/security-research/no-honor-among-thieves-prynt-stealers-backdoor-exposed"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "8f5a452a-4056-4004-bc9a-4c11cb8cf2b4",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"very-likely\""
|
||||
],
|
||||
"type": "variant-of"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "46bff4ad-09fe-4ac5-803e-daa3b73e3aaf",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"very-likely\""
|
||||
],
|
||||
"type": "variant-of"
|
||||
}
|
||||
],
|
||||
"uuid": "d410b534-07a4-4190-b253-f6616934bea6",
|
||||
"value": "WorldWind"
|
||||
},
|
||||
{
|
||||
"description": "Stealer is written in Visual Basic.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://malpedia.caad.fkie.fraunhofer.de/details/win.darkcloud",
|
||||
"https://c3rb3ru5d3d53c.github.io/malware-blog/darkcloud-stealer/"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "cb4bfed3-3042-4a29-a72d-c8b5c510faea",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"very-likely\""
|
||||
],
|
||||
"type": "variant-of"
|
||||
}
|
||||
],
|
||||
"uuid": "e550f534-dc8b-4f94-a276-ce3d5d9c8115",
|
||||
"value": "DarkCloud Stealer"
|
||||
},
|
||||
{
|
||||
"description": "The Zscaler ThreatLabz research team has spotted a new information stealer named Album. Album Stealer is disguised as a photo album that drops decoy adult images while performing malicious activity in the background. The threat group launching these attacks may be located in Vietnam.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.zscaler.com/blogs/security-research/album-stealer-targets-facebook-adult-only-content-seekers"
|
||||
]
|
||||
},
|
||||
"uuid": "7f95ebda-2c7b-49a4-ad57-bd5766a1f651",
|
||||
"value": "Album Stealer"
|
||||
},
|
||||
{
|
||||
"description": "According to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://elis531989.medium.com/dancing-with-shellcodes-analyzing-rhadamanthys-stealer-3c4986966a88",
|
||||
"https://blog.cyble.com/2023/01/12/rhadamanthys-new-stealer-spreading-through-google-ads/",
|
||||
"https://www.malware-traffic-analysis.net/2023/01/03/index.html",
|
||||
"https://threatmon.io/rhadamanthys-stealer-analysis-threatmon/"
|
||||
]
|
||||
},
|
||||
"uuid": "9eb2a417-2bb6-496c-816b-bccb3f3074f6",
|
||||
"value": "Rhadamanthys"
|
||||
},
|
||||
{
|
||||
"description": "Python-based Stealer including Discord, Steam...",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://github.com/SOrdeal/Sordeal-Stealer"
|
||||
],
|
||||
"synonyms": [
|
||||
"Sordeal",
|
||||
"Sordeal Stealer"
|
||||
]
|
||||
},
|
||||
"uuid": "0266302b-52d3-44da-ab63-a8a6f16de737",
|
||||
"value": "Sordeal-Stealer"
|
||||
},
|
||||
{
|
||||
"description": "Mars stealer is an improved successor of Oski Stealer, supporting stealing from current browsers and targeting crypto currencies and 2FA plugins. Mars Stealer written in ASM/C using WinApi, weight is 95 kb. Uses special techniques to hide WinApi calls, encrypts strings, collects information in the memory, supports secure SSL-connection with C&C, doesn’t use CRT, STD.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://malpedia.caad.fkie.fraunhofer.de/details/win.mars_stealer",
|
||||
"https://3xp0rt.com/posts/mars-stealer/",
|
||||
"https://cyberint.com/blog/research/mars-stealer/",
|
||||
"https://isc.sans.edu/diary/rss/28468",
|
||||
"https://isc.sans.edu/diary/Arkei+Variants%3A+From+Vidar+to+Mars+Stealer/28468",
|
||||
"https://blog.morphisec.com/threat-research-mars-stealer",
|
||||
"https://cert.gov.ua/article/38606",
|
||||
"https://www.malwarebytes.com/blog/threat-intelligence/2022/04/colibri-loader-combines-task-scheduler-and-powershell-in-clever-persistence-technique",
|
||||
"https://blog.sekoia.io/mars-a-red-hot-information-stealer/",
|
||||
"https://www.bleepingcomputer.com/news/security/new-meta-information-stealer-distributed-in-malspam-campaign/",
|
||||
"https://www.esentire.com/blog/fake-chrome-setup-leads-to-netsupportmanager-rat-and-mars-stealer",
|
||||
"https://resources.infosecinstitute.com/topics/malware-analysis/mars-stealer-malware-analysis/",
|
||||
"https://www.microsoft.com/en-us/security/blog/2022/05/17/in-hot-pursuit-of-cryware-defending-hot-wallets-from-attacks/",
|
||||
"https://www.esentire.com/blog/esentire-threat-intelligence-malware-analysis-mars-stealer",
|
||||
"https://x-junior.github.io/malware%20analysis/2022/05/19/MarsStealer.html",
|
||||
"https://www.kelacyber.com/information-stealers-a-new-landscape/",
|
||||
"https://cyble.com/blog/fake-atomic-wallet-website-distributing-mars-stealer/",
|
||||
"https://go.recordedfuture.com/hubfs/reports/cta-2022-0802.pdf",
|
||||
"https://drive.google.com/file/d/14cmYxzowVLyuiS5qDGOKzgI2_vak2Fve/view",
|
||||
"https://threatmon.io/mars-stealer-malware-analysis-2022/",
|
||||
"https://threatmon.io/storage/mars-stealer-malware-analysis-2022.pdf",
|
||||
"https://3xp0rt.com/posts/mars-stealer/forum.png"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "54b61c7e-8ced-4b90-a295-62102bfd4f32",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"very-likely\""
|
||||
],
|
||||
"type": "successor-of"
|
||||
}
|
||||
],
|
||||
"uuid": "64e51712-89d6-4c91-98ac-8907eafe98c6",
|
||||
"value": "Mars Stealer"
|
||||
},
|
||||
{
|
||||
"description": "The Oski stealer is a malicious information stealer, which was first introduced in November 2019. As the name implies, the Oski stealer steals personal and sensitive information from its target. “Oski” is derived from an old Nordic word meaning Viking warrior, which is quite fitting considering this popular info-stealer is extremely effective at pillaging privileged information from its victims.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://malpedia.caad.fkie.fraunhofer.de/details/win.oski",
|
||||
"https://twitter.com/albertzsigovits/status/1160874557454131200",
|
||||
"https://www.bitdefender.com/blog/labs/",
|
||||
"https://www.cyberark.com/resources/threat-research-blog/meet-oski-stealer-an-in-depth-analysis-of-the-popular-credential-stealer",
|
||||
"https://medium.com/shallvhack/oski-stealer-a-credential-theft-malware-b9bba5164601",
|
||||
"https://yoroi.company/en/research/the-wayback-campaign-a-large-scale-operation-hiding-in-plain-sight/",
|
||||
"https://drive.google.com/file/d/1c72YIF6JYcEvbFZCrkZO26D9hC3gnyMP/view",
|
||||
"https://www.rapid7.com/solutions/unified-mdr-xdr-vm/",
|
||||
"https://3xp0rt.com/posts/mars-stealer/",
|
||||
"https://cyberint.com/blog/research/mars-stealer/",
|
||||
"https://isc.sans.edu/diary/Arkei+Variants%3A+From+Vidar+to+Mars+Stealer/28468"
|
||||
]
|
||||
},
|
||||
"uuid": "54b61c7e-8ced-4b90-a295-62102bfd4f32",
|
||||
"value": "Oski Stealer"
|
||||
},
|
||||
{
|
||||
"description": "WARPWIRE is a JavaScript-based credential stealer",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.mandiant.com/resources/blog/investigating-ivanti-zero-day-exploitation"
|
||||
]
|
||||
},
|
||||
"uuid": "b581b182-505a-4243-9569-c175513c4441",
|
||||
"value": "WARPWIRE"
|
||||
}
|
||||
],
|
||||
"version": 8
|
||||
"version": 16
|
||||
}
|
||||
|
|
|
@ -33,8 +33,15 @@
|
|||
"official-refs": [
|
||||
"https://www.nsogroup.com/"
|
||||
],
|
||||
"products": [
|
||||
"PEGASUS"
|
||||
],
|
||||
"refs": [
|
||||
"https://en.wikipedia.org/wiki/NSO_Group"
|
||||
],
|
||||
"synonyms": [
|
||||
"Q-Cyber",
|
||||
"Circles"
|
||||
]
|
||||
},
|
||||
"uuid": "49d8e89f-401d-4d3d-9155-5758a346a4a1",
|
||||
|
@ -180,7 +187,601 @@
|
|||
},
|
||||
"uuid": "f49bf1b6-e257-4ffc-b5ac-f0e26ef36965",
|
||||
"value": "SpyBubble"
|
||||
},
|
||||
{
|
||||
"description": "Cytrox’s Israeli companies were founded in 2017 as Cytrox EMEA Ltd. and Cytrox Software Ltd. Perhaps taking a page from Candiru’s corporate obfuscation playbook, both of those companies were renamed in 2019 to Balinese Ltd. and Peterbald Ltd., respectively. We also observed one entity in Hungary, Cytrox Holdings Zrt, which was also formed in 2017.",
|
||||
"meta": {
|
||||
"products": [
|
||||
"DevilsTongue"
|
||||
],
|
||||
"refs": [
|
||||
"https://citizenlab.ca/2021/12/pegasus-vs-predator-dissidents-doubly-infected-iphone-reveals-cytrox-mercenary-spyware/"
|
||||
],
|
||||
"synonyms": [
|
||||
"Cytrox EMEA Ltd.",
|
||||
"Cytrox Software Ltd.",
|
||||
"Balinese Ltd.",
|
||||
"Peterbald Ltd.",
|
||||
"Cytrox Holdings Zrt"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "ab53ed38-82ea-11ee-8613-325096b39f47",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "is-acquired-by"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d3e48fbb-9be5-4387-bf2b-bc9a72cdbd8a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "is-allied-with"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "ab53ed38-82ea-11ee-8613-325096b39f47",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "is-allied-with"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "eb6af48e-82ea-11ee-a4dc-325096b39f47",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "is-allied-with"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "1c909820-82eb-11ee-80c7-325096b39f47",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "part-of"
|
||||
}
|
||||
],
|
||||
"uuid": "4dbfa61e-0cf5-4142-babf-3cdce348568d",
|
||||
"value": "Cytrox"
|
||||
},
|
||||
{
|
||||
"description": "RCS Lab S.p.A., Italian vendor likely using Tykelab Srl as a front company.",
|
||||
"meta": {
|
||||
"products": [
|
||||
"Hermit"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.rcslab.it/en/index.html",
|
||||
"https://www.lookout.com/blog/hermit-spyware-discovery",
|
||||
"https://www.vice.com/en/article/nz75wd/european-surveillance-companies-agt-rcs-sell-syria-tools-of-oppression"
|
||||
],
|
||||
"synonyms": [
|
||||
"RCS Lab"
|
||||
]
|
||||
},
|
||||
"uuid": "28ed79b6-a11d-4e41-af80-ece8f0e0c2d3",
|
||||
"value": "RCSLab"
|
||||
},
|
||||
{
|
||||
"description": "Aglaya, a contractor based in Delhi, India, emerged into the public eye in 2014 following its attempt to secure a substantial annual contract worth $5 billion. This surge in prominence was largely driven by the actions of Ankur Srivastava, Aglaya's CEO and founder, who purportedly proposed the outsourcing of surveillance and hacking services to various governments.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.atlanticcouncil.org/wp-content/uploads/2021/11/Surveillance-Technology-at-the-Fair.pdf",
|
||||
"https://www.vice.com/en/article/59weqb/a-spyware-company-audaciously-offers-cyber-nukes"
|
||||
]
|
||||
},
|
||||
"uuid": "4045c51a-82eb-11ee-a366-325096b39f47",
|
||||
"value": "Aglaya"
|
||||
},
|
||||
{
|
||||
"description": "Interionet Systems Ltd., headquartered in Herzliya, Israel, is a privately-held company recognized for its approach in the cyber intelligence domain, particularly catering to law enforcement and intelligence agencies. The firm, founded by ex-NSO team members, is dedicated to the development of sophisticated cyber-intrusion and mobile interception tools.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.atlanticcouncil.org/wp-content/uploads/2021/11/Surveillance-Technology-at-the-Fair.pdf",
|
||||
"https://www.intelligenceonline.com/surveillance--interception/2019/05/14/interionet-former-nso-team-s-new-offensive-cyber-firm,108357090-art",
|
||||
"https://www.interionet.com/"
|
||||
]
|
||||
},
|
||||
"uuid": "44d59236-82eb-11ee-923e-325096b39f47",
|
||||
"value": "Interionet"
|
||||
},
|
||||
{
|
||||
"description": "The Intellexa alliance is an evolving group of companies and brands that have been involved in developing and marketing a wide range of surveillance products including advanced spyware, mass surveillance platforms, and tactical systems for targeting and intercepting nearby devices. The corporate entities of the alliance span various jurisdictions, both within and outside the EU. The exact nature of links between these companies is shrouded in secrecy as corporate entities, and the structures between them, are constantly morphing, renaming, rebranding, and evolving.",
|
||||
"meta": {
|
||||
"products": [
|
||||
"Nova",
|
||||
"Triton",
|
||||
"Helios",
|
||||
"ALIEN",
|
||||
"PREDATOR"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.atlanticcouncil.org/wp-content/uploads/2021/11/Surveillance-Technology-at-the-Fair.pdf",
|
||||
"https://securitylab.amnesty.org/latest/2023/10/technical-deep-dive-into-intellexa-alliance-surveillance-products/",
|
||||
"https://www.spiegel.de/international/business/the-predator-files-european-spyware-consortium-supplied-despots-and-dictators-a-2fd8043f-c5c1-4b05-b5a6-e8f8b9949978",
|
||||
"https://blog.google/threat-analysis-group/0-days-exploited-by-commercial-surveillance-vendor-in-egypt/"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "4dbfa61e-0cf5-4142-babf-3cdce348568d",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "known-as"
|
||||
}
|
||||
],
|
||||
"uuid": "1c909820-82eb-11ee-80c7-325096b39f47",
|
||||
"value": "Intellexa"
|
||||
},
|
||||
{
|
||||
"description": "Merlinx / Equus Technologies, Israeli firm, a privately held company specializing in the development of tailor made innovative solutions for law enforcement, intelligence agencies, and national security organizations. Linked to the Android malware, also sells iOS capabilities.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.atlanticcouncil.org/wp-content/uploads/2021/11/Surveillance-Technology-at-the-Fair.pdf",
|
||||
"https://www.vice.com/en/article/evdebz/google-revealed-an-israeli-spyware-company-that-has-quietly-sold-its-wares-for-years"
|
||||
]
|
||||
},
|
||||
"uuid": "18128362-82eb-11ee-8723-325096b39f47",
|
||||
"value": "Merlinx / Equus Technologies"
|
||||
},
|
||||
{
|
||||
"description": "AQSACOM, French company - lawful interception for IP networks. All Aqsacom's security products can be combined in a powerful solution so that Telecommunications and ISP operators can provide the Authorities with a reliable and professional service.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.atlanticcouncil.org/wp-content/uploads/2021/11/Surveillance-Technology-at-the-Fair.pdf",
|
||||
"https://aqsacom.com/"
|
||||
]
|
||||
},
|
||||
"uuid": "131a6b7c-82eb-11ee-bcb3-325096b39f47",
|
||||
"value": "AQSACOM"
|
||||
},
|
||||
{
|
||||
"description": "Area Spa is a firm based near Milan that sells monitoring systems capable of capturing internet traffic, tapping conversations, and tracking targets through GPS.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.atlanticcouncil.org/wp-content/uploads/2021/11/Surveillance-Technology-at-the-Fair.pdf",
|
||||
"https://www.vice.com/en/article/gv5knx/italian-cops-raid-surveillance-tech-company-area-spa-selling-spy-gear-to-syria",
|
||||
"https://www.area.it/en/"
|
||||
]
|
||||
},
|
||||
"uuid": "0e2c2b64-82eb-11ee-b34f-325096b39f47",
|
||||
"value": "Area"
|
||||
},
|
||||
{
|
||||
"description": "ClearTrail Technologies, India based company, known for developing or selling systems for monitoring computers, mobile phones and emails of unsuspecting masses.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.atlanticcouncil.org/wp-content/uploads/2021/11/Surveillance-Technology-at-the-Fair.pdf",
|
||||
"https://www.clear-trail.com/about-us/",
|
||||
"https://www.business-standard.com/article/companies/the-two-men-behind-india-s-secret-surveillance-industry-111120300053_1.html"
|
||||
]
|
||||
},
|
||||
"uuid": "0977bd04-82eb-11ee-915c-325096b39f47",
|
||||
"value": "ClearTrail"
|
||||
},
|
||||
{
|
||||
"description": "Elaman is a German company that sell a wide array of surveillance technologies. From vast monitoring centres capable of monitoring thousands of conversations simultaneously to trojans that target individual's devices specifically. They don't create these products, they resell from other surveillance companies. They have sold products from VASTech, Gamma, Utimaco and Nokia Siemens Networks. This catalogue gives an insight into one of the surveillance industries biggest middle man.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.atlanticcouncil.org/wp-content/uploads/2021/11/Surveillance-Technology-at-the-Fair.pdf",
|
||||
"https://www.elaman.de/",
|
||||
"https://privacyinternational.org/blog/1540/elaman-and-gamma-whats-selling-and-whos-buying-indonesia"
|
||||
]
|
||||
},
|
||||
"uuid": "04d776c2-82eb-11ee-9d14-325096b39f47",
|
||||
"value": "Elaman"
|
||||
},
|
||||
{
|
||||
"description": "Gita Technologies, Israeli based company with a mission to be a worldwide leader in research and development of high-end security systems and SIGINT.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.atlanticcouncil.org/wp-content/uploads/2021/11/Surveillance-Technology-at-the-Fair.pdf",
|
||||
"https://gitatechnologies.com/"
|
||||
]
|
||||
},
|
||||
"uuid": "01f21098-82eb-11ee-9475-325096b39f47",
|
||||
"value": "Gita Technologies"
|
||||
},
|
||||
{
|
||||
"description": "Innova, based in Trieste, Italy, and a frequent supplier of Italian prosecutor’s offices. It was the only Italian firm at the International Exhibition for National Security and Resilience (ISNR), which was held in Abu Dhabi in October 2022. The exhibition connects regional government agencies with manufacturers from around the world, and was organised in cooperation with the Ministry of the Interior and in strategic partnership with Abu Dhabi Police GHQ. The United Arab Emirates, however, is known for human rights violations, some of which facilitated by the use of digital surveillance technology, as in the case of an iPhone spyware that was used against hundreds of activists, foreign leaders and suspected terrorists, according to Reuters. Innova’s foreign presence did not stop at ISNR. The company was also at ISS World Latin America, which took place in Panama in October 2022, and was among the sponsors of the September event of ISS World Asia Pacific 2022 in Singapore. These trade shows are not mere opportunities for display, but allow direct contact with members of intelligence agencies from various countries, law enforcement officials and government leaders or ministers.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.atlanticcouncil.org/wp-content/uploads/2021/11/Surveillance-Technology-at-the-Fair.pdf",
|
||||
"https://irpimedia.irpi.eu/en-italian-spyware-on-the-international-market/"
|
||||
]
|
||||
},
|
||||
"uuid": "fda75d0e-82ea-11ee-9668-325096b39f47",
|
||||
"value": "Innova"
|
||||
},
|
||||
{
|
||||
"description": "Jenovice, an Israeli firm that flies under the radar has invented a remotely-operated WiFi interception device that can facilitate spy missions. Jenovice Cyber Labs' Piranha exploits vulnerabilities in WiFi networks to connect an attacker to as many as 50 targeted devices at once.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.atlanticcouncil.org/wp-content/uploads/2021/11/Surveillance-Technology-at-the-Fair.pdf",
|
||||
"https://cyberscoop.com/jenovice-cyber-labs-metropolink-city-wide-surveillance/",
|
||||
"https://www.jenovice.com/"
|
||||
]
|
||||
},
|
||||
"uuid": "f88c61fc-82ea-11ee-9ba8-325096b39f47",
|
||||
"value": "Jenovice"
|
||||
},
|
||||
{
|
||||
"description": "Lumacron, a British startup which is developing interception tools to capture the massive data flows that transit through the principal international communications networks.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.atlanticcouncil.org/wp-content/uploads/2021/11/Surveillance-Technology-at-the-Fair.pdf",
|
||||
"https://www.intelligenceonline.com/surveillance--interception/2018/06/19/lumacron-extends-interception-to-undersea-cables,108314081-art"
|
||||
]
|
||||
},
|
||||
"uuid": "f4f39ee8-82ea-11ee-babc-325096b39f47",
|
||||
"value": "Lumacron"
|
||||
},
|
||||
{
|
||||
"description": "NeoSoft AG, Switzerland manufacturer of Passive, Active (Semi-Active), Hybrid GSM Monitoring systems with A5.2/A5.1 deciphering, CDMA Passive Monitoring systems, IMSI/IMEI Catchers 2G/3G, InPoint SMS System (sends SMS to everybody). All NeoSoft systems support the following bands: GSM, PCS, EGSM, 2100, 850. NeoSoft has world-wide experience.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.atlanticcouncil.org/wp-content/uploads/2021/11/Surveillance-Technology-at-the-Fair.pdf",
|
||||
"https://www.burojansen.nl/pdf/ISSWorldEuropejune2011sponsorsfromwebsite.pdf",
|
||||
"https://riskybiznews.substack.com/p/risky-biz-news-australia-passes-new",
|
||||
"https://www.neosoft.ch/"
|
||||
]
|
||||
},
|
||||
"uuid": "f10f551a-82ea-11ee-a915-325096b39f47",
|
||||
"value": "NeoSoft"
|
||||
},
|
||||
{
|
||||
"description": "Nexa Technologies was indicted for complicity in acts of torture, the French firm is accused of having sold surveillance equipment to the Egypt.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.atlanticcouncil.org/wp-content/uploads/2021/11/Surveillance-Technology-at-the-Fair.pdf",
|
||||
"https://securityaffairs.com/125083/intelligence/nexa-technologies-indicted.html",
|
||||
"https://wearenexa.com/aboutus/"
|
||||
],
|
||||
"synonyms": [
|
||||
"Nexa Technologies"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "d3e48fbb-9be5-4387-bf2b-bc9a72cdbd8a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "is-allied-with"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "4dbfa61e-0cf5-4142-babf-3cdce348568d",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "is-allied-with"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "ab53ed38-82ea-11ee-8613-325096b39f47",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "is-allied-with"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "1c909820-82eb-11ee-80c7-325096b39f47",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "part-of"
|
||||
}
|
||||
],
|
||||
"uuid": "eb6af48e-82ea-11ee-a4dc-325096b39f47",
|
||||
"value": "Nexa"
|
||||
},
|
||||
{
|
||||
"description": "Norsi-Trans produces SIGINT and lawful interception equipment and software for the Russian government and also sells an OSINT platform called Vitok-ROI (or Vitok-OSINT).",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.atlanticcouncil.org/wp-content/uploads/2021/11/Surveillance-Technology-at-the-Fair.pdf",
|
||||
"https://keyfindings.blog/2020/03/23/be-careful-what-you-osint-with/",
|
||||
"https://norsi-trans.com/"
|
||||
]
|
||||
},
|
||||
"uuid": "e63a05d6-82ea-11ee-99d2-325096b39f47",
|
||||
"value": "Norsi-Trans"
|
||||
},
|
||||
{
|
||||
"description": "Polaris Wireless, US based company that specializes in the development of wireless surveillance products.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.atlanticcouncil.org/wp-content/uploads/2021/11/Surveillance-Technology-at-the-Fair.pdf",
|
||||
"https://www.zdnet.com/google-amp/article/polaris-wireless-secures-contract-in-surveillance-tracking-software/"
|
||||
]
|
||||
},
|
||||
"uuid": "e1d96f90-82ea-11ee-b499-325096b39f47",
|
||||
"value": "Polaris Wireless"
|
||||
},
|
||||
{
|
||||
"description": "Pro4Tech, Tel Aviv/Israel based company which provides tactical surveillance systems designed by field-professionals for law-enforcement and government agencies.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.atlanticcouncil.org/wp-content/uploads/2021/11/Surveillance-Technology-at-the-Fair.pdf",
|
||||
"https://www.israeldefense.co.il/en/content/israeli-companies-milopol-pro4tech"
|
||||
]
|
||||
},
|
||||
"uuid": "dd594940-82ea-11ee-b2da-325096b39f47",
|
||||
"value": "Pro4Tech"
|
||||
},
|
||||
{
|
||||
"description": "Rayzone, Israeli cyber intelligence company. The surveillance software makes it possible, among other things, to locate a person's location and path of movement with an accuracy of one meter and makes it possible to receive additional information from the applications on the target's device.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.atlanticcouncil.org/wp-content/uploads/2021/11/Surveillance-Technology-at-the-Fair.pdf",
|
||||
"https://www.haaretz.com/israel-news/tech-news/2020-12-17/ty-article/israeli-spy-tech-firm-tracked-mobile-users-around-the-world-investigation-suggests/0000017f-e76b-da9b-a1ff-ef6f847c0000"
|
||||
]
|
||||
},
|
||||
"uuid": "d7f0eac6-82ea-11ee-a3fc-325096b39f47",
|
||||
"value": "Rayzone"
|
||||
},
|
||||
{
|
||||
"description": "Seartech is a South African company specializing in the design and manufacture of tactical surveillance equipment.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.atlanticcouncil.org/wp-content/uploads/2021/11/Surveillance-Technology-at-the-Fair.pdf",
|
||||
"https://www.seartech.co.za/"
|
||||
]
|
||||
},
|
||||
"uuid": "d2af90da-82ea-11ee-ae9e-325096b39f47",
|
||||
"value": "Seartech"
|
||||
},
|
||||
{
|
||||
"description": "Securcube s.r.l is an Italian company that specializes in services and products for the Digital Forensics..",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.atlanticcouncil.org/wp-content/uploads/2021/11/Surveillance-Technology-at-the-Fair.pdf",
|
||||
"https://securcube.net/"
|
||||
]
|
||||
},
|
||||
"uuid": "ce09094e-82ea-11ee-92b0-325096b39f47",
|
||||
"value": "Securcube"
|
||||
},
|
||||
{
|
||||
"description": "Septier Communication Ltd, with global headquarters in Israel and offices across several continentshas dozens of installations serving telecommunication operators and law-enforcement agencies and organizations throughout the world. Septier develops and markets comprehensive lawful interception systems which include cutting-edge monitor centers and passive front ends based on high capacity signaling monitoring probes.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.atlanticcouncil.org/wp-content/uploads/2021/11/Surveillance-Technology-at-the-Fair.pdf",
|
||||
"https://www.israeldefense.co.il/company/septier-communication-ltd"
|
||||
]
|
||||
},
|
||||
"uuid": "c8b2b486-82ea-11ee-bf5a-325096b39f47",
|
||||
"value": "Septier"
|
||||
},
|
||||
{
|
||||
"description": "Cy4gate, Italian based company, sells its products worldwide, including to dictatorships, while competing with companies involved in scandals related to repression of opponents and journalists.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.atlanticcouncil.org/wp-content/uploads/2021/11/Surveillance-Technology-at-the-Fair.pdf",
|
||||
"https://irpimedia.irpi.eu/en-surveillances-cy4gate/",
|
||||
"https://www.vice.com/en/article/m7awav/prosecutors-suspend-cy4gate-government-spyware-used-in-whatsapp-phishing-attacks"
|
||||
]
|
||||
},
|
||||
"uuid": "c36f60aa-82ea-11ee-9893-325096b39f47",
|
||||
"value": "Cy4gate"
|
||||
},
|
||||
{
|
||||
"description": "Toka, Israeli based company, which offers its police, government and intelligence clients the ability to obtain targeted intelligence and conduct forensic investigations as well as covert operations. In addition, Toka offers governments its Cyber Designers service, which provides agencies with the full-spectrum strategies, customized projects, and technologies needed to ensure the security and sustainability of critical infrastructure, the digital landscape, and government institutions.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.atlanticcouncil.org/wp-content/uploads/2021/11/Surveillance-Technology-at-the-Fair.pdf",
|
||||
"https://www.haaretz.com/israel-news/security-aviation/2022-12-26/ty-article-magazine/.premium/this-dystopian-cyber-firm-could-have-saved-mossad-assassins-from-exposure/00000185-0bc6-d26d-a1b7-dbd739100000",
|
||||
"https://www.orishas-finance.com/actualite/5310?lang=en"
|
||||
]
|
||||
},
|
||||
"uuid": "bef4dde8-82ea-11ee-b431-325096b39f47",
|
||||
"value": "Toka"
|
||||
},
|
||||
{
|
||||
"description": "Trovicor, Germany based companies’ surveillance technology allegedly used in connection with human rights abuses by authoritarian govts.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.atlanticcouncil.org/wp-content/uploads/2021/11/Surveillance-Technology-at-the-Fair.pdf",
|
||||
"https://www.business-humanrights.org/en/latest-news/response-by-trovicor-german-companies-surveillance-technology-allegedly-used-in-connection-with-human-rights-abuses-by-authoritarian-govts/",
|
||||
"https://trovicor.com/"
|
||||
]
|
||||
},
|
||||
"uuid": "b857854e-82ea-11ee-8e7b-325096b39f47",
|
||||
"value": "Trovicor"
|
||||
},
|
||||
{
|
||||
"description": "Utimaco, Aachen/Germany based company which praises itself as market leader in eavesdropping technology.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.atlanticcouncil.org/wp-content/uploads/2021/11/Surveillance-Technology-at-the-Fair.pdf",
|
||||
"https://digit.site36.net/2022/03/07/utimaco-german-wiretapping-technology-could-strengthen-junta-in-myanmar/"
|
||||
]
|
||||
},
|
||||
"uuid": "b46b4d8a-82ea-11ee-a797-325096b39f47",
|
||||
"value": "Utimaco"
|
||||
},
|
||||
{
|
||||
"description": "Wintego Systems develops advanced communication, intelligence, and data-decoding solutions for the government and homeland security sectors.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.atlanticcouncil.org/wp-content/uploads/2021/11/Surveillance-Technology-at-the-Fair.pdf",
|
||||
"https://www.forbes.com/sites/thomasbrewster/2016/09/29/wintego-whatsapp-encryption-surveillance-exploits/?sh=53f93cd1aa95"
|
||||
]
|
||||
},
|
||||
"uuid": "afc73226-82ea-11ee-8a25-325096b39f47",
|
||||
"value": "Wintego"
|
||||
},
|
||||
{
|
||||
"description": "Wispear Systems Ltd (renamed Passitoria Ltd), provides interception equipment designed for the extraction of voice or data, transmitted over the air interface.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.atlanticcouncil.org/wp-content/uploads/2021/11/Surveillance-Technology-at-the-Fair.pdf",
|
||||
"https://in-cyprus.philenews.com/local/surveillance-software-has-been-exported-from-cyprus/"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "4dbfa61e-0cf5-4142-babf-3cdce348568d",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "acquires"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "4dbfa61e-0cf5-4142-babf-3cdce348568d",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "is-allied-with "
|
||||
},
|
||||
{
|
||||
"dest-uuid": "eb6af48e-82ea-11ee-a4dc-325096b39f47",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "is-allied-with "
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d3e48fbb-9be5-4387-bf2b-bc9a72cdbd8a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "is-allied-with "
|
||||
},
|
||||
{
|
||||
"dest-uuid": "1c909820-82eb-11ee-80c7-325096b39f47",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "part-of"
|
||||
}
|
||||
],
|
||||
"uuid": "ab53ed38-82ea-11ee-8613-325096b39f47",
|
||||
"value": "Wispear"
|
||||
},
|
||||
{
|
||||
"description": "DarkMatter founded in the United Arab Emirates (UAE) was under investigation by the FBI for crimes including digital espionage services, involvement in the Jamal Khashoggi assassination, and incarceration of foreign dissidents.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.atlanticcouncil.org/wp-content/uploads/2021/11/Surveillance-Technology-at-the-Fair.pdf",
|
||||
"https://en.wikipedia.org/wiki/DarkMatter_Group"
|
||||
]
|
||||
},
|
||||
"uuid": "a6712272-82ea-11ee-b70e-325096b39f47",
|
||||
"value": "DarkMatter"
|
||||
},
|
||||
{
|
||||
"description": "Lench IT Solutions, Germany based company. Lench IT Solutions plc has a UK-based branch, Gamma International Ltd in Andover, England, and a Germany-based branch, Gamma International GmbH in Munich. FinFisher, also known as FinSpy, is surveillance software marketed by Lench IT Solutions plc.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.atlanticcouncil.org/wp-content/uploads/2021/11/Surveillance-Technology-at-the-Fair.pdf",
|
||||
"https://en.wikipedia.org/wiki/FinFisher"
|
||||
]
|
||||
},
|
||||
"uuid": "a1002342-82ea-11ee-8b84-325096b39f47",
|
||||
"value": "Lench"
|
||||
},
|
||||
{
|
||||
"description": "GR Sistemi, Italian firm that's been trying to enter the crowded market of government spyware, also known by insiders as lawful interception.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.atlanticcouncil.org/wp-content/uploads/2021/11/Surveillance-Technology-at-the-Fair.pdf",
|
||||
"https://www.vice.com/en/article/kbyg7a/government-spyware-maker-doxes-itself-by-linking-to-its-site-in-malware-code"
|
||||
]
|
||||
},
|
||||
"uuid": "9c29b716-82ea-11ee-a0d8-325096b39f47",
|
||||
"value": "GR Sistemi"
|
||||
},
|
||||
{
|
||||
"description": "SS8, US based company is selling to a range of US government agencies as well as exporting surveillance equipment abroad. SS8 were also reportedly responsible for selling intrusion systems to the United Arab Emirates.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.atlanticcouncil.org/wp-content/uploads/2021/11/Surveillance-Technology-at-the-Fair.pdf",
|
||||
"https://privacyinternational.org/sites/default/files/2017-12/global_surveillance_0.pdf"
|
||||
]
|
||||
},
|
||||
"uuid": "8f3205ae-82ea-11ee-be61-325096b39f47",
|
||||
"value": "SS8"
|
||||
},
|
||||
{
|
||||
"description": "Wolf Intelligence a Germany-based spyware company that made headlines for sending a bodyguard to Mauritania and prompting an international incident after the local government detained the bodyguard as collateral for a deal went wrong, left a trove of its own data exposed online.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.atlanticcouncil.org/wp-content/uploads/2021/11/Surveillance-Technology-at-the-Fair.pdf",
|
||||
"https://www.vice.com/en/article/vbka8b/wolf-intelligence-leak-customer-victim-data-online",
|
||||
"https://www.vice.com/en/article/wxq85w/scam-spyware-vendor-gets-caught-once-again"
|
||||
]
|
||||
},
|
||||
"uuid": "8b50f9e0-82ea-11ee-b818-325096b39f47",
|
||||
"value": "Wolf Intelligence"
|
||||
},
|
||||
{
|
||||
"description": "Vervata, Thailand-based software company, which among other, provides mobile monitoring applications that secretly records all activity on a phone.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.atlanticcouncil.org/wp-content/uploads/2021/11/Surveillance-Technology-at-the-Fair.pdf",
|
||||
"https://www.gmanetwork.com/news/topstories/nation/3072/new-program-snoops-on-cell-phones/story/",
|
||||
"https://www.forbes.com/sites/thomasbrewster/2017/02/16/government-iphone-android-spyware-is-the-same-as-seedy-spouseware/?sh=3a06dacb455c"
|
||||
]
|
||||
},
|
||||
"uuid": "86cb5eb0-82ea-11ee-83e0-325096b39f47",
|
||||
"value": "Vervata"
|
||||
},
|
||||
{
|
||||
"description": "Raxir, Italy based surveillance firm that is housed in Naples, in a tech startup incubator. According to the company's page on the incubator's website, Raxir was founded in 2013 and produces software systems to support legal and intelligence investigations.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.atlanticcouncil.org/wp-content/uploads/2021/11/Surveillance-Technology-at-the-Fair.pdf",
|
||||
"https://www.vice.com/en/article/9a3g4e/malware-hunters-catch-new-android-spyware-raxir"
|
||||
]
|
||||
},
|
||||
"uuid": "8198124e-82ea-11ee-859b-325096b39f47",
|
||||
"value": "Raxir"
|
||||
},
|
||||
{
|
||||
"description": "Senpai Technologies is a company specializing in OSINT and persona creation based out of Israel, while WiSpear, also based in Israel, specializes in Wi-Fi interception.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://blog.talosintelligence.com/intellexa-and-cytrox-intel-agency-grade-spyware/"
|
||||
],
|
||||
"synonyms": [
|
||||
"Senpai Technologies"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "1c909820-82eb-11ee-80c7-325096b39f47",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "part-of"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "4dbfa61e-0cf5-4142-babf-3cdce348568d",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "is-allied-with"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "ab53ed38-82ea-11ee-8613-325096b39f47",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "is-allied-with"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "eb6af48e-82ea-11ee-a4dc-325096b39f47",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "is-allied-with"
|
||||
}
|
||||
],
|
||||
"uuid": "d3e48fbb-9be5-4387-bf2b-bc9a72cdbd8a",
|
||||
"value": "Senpai"
|
||||
}
|
||||
],
|
||||
"version": 1
|
||||
"version": 7
|
||||
}
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -132,7 +132,20 @@
|
|||
},
|
||||
"uuid": "ec0048f2-a7b2-4a71-83de-6e8fe4fef252",
|
||||
"value": "Orchid TDS"
|
||||
},
|
||||
{
|
||||
"description": "Proofpoint has tracked the 404 TDS since at least September 2022. Proofpoint is not aware if this is a service sold on underground forums, but it is likely a shared or sold tool due to its involvement in a variety of phishing and malware campaigns.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.proofpoint.com/us/blog/threat-insight/screentime-sometimes-it-feels-like-somebodys-watching-me"
|
||||
],
|
||||
"type": [
|
||||
"Underground"
|
||||
]
|
||||
},
|
||||
"uuid": "7b956ff0-9021-499c-82a4-24b958cb32d9",
|
||||
"value": "404 TDS"
|
||||
}
|
||||
],
|
||||
"version": 4
|
||||
"version": 5
|
||||
}
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,757 @@
|
|||
{
|
||||
"authors": [
|
||||
"Tidal Cyber"
|
||||
],
|
||||
"category": "Campaigns",
|
||||
"description": "Tidal Campaigns Cluster",
|
||||
"name": "Tidal Campaigns",
|
||||
"source": "https://app-api.tidalcyber.com/api/v1/campaigns/",
|
||||
"type": "campaigns",
|
||||
"uuid": "3db4b6cb-5b89-4096-a057-e0205777adc9",
|
||||
"values": [
|
||||
{
|
||||
"description": "[2015 Ukraine Electric Power Attack](https://app.tidalcyber.com/campaigns/96e367d0-a744-5b63-85ec-595f505248a3) was a [Sandworm Team](https://app.tidalcyber.com/groups/16a65ee9-cd60-4f04-ba34-f2f45fcfc666) campaign during which they used [BlackEnergy](https://app.tidalcyber.com/software/908216c7-3ad4-4e0c-9dd3-a7ed5d1c695f) (specifically BlackEnergy3) and [KillDisk](https://app.tidalcyber.com/software/b5532e91-d267-4819-a05d-8c5358995add) to target and disrupt transmission and distribution substations within the Ukrainian power grid. This campaign was the first major public attack conducted against the Ukrainian power grid by Sandworm Team.",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C0028",
|
||||
"first_seen": "2015-12-01T05:00:00Z",
|
||||
"last_seen": "2016-01-01T05:00:00Z",
|
||||
"source": "MITRE"
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "96e367d0-a744-5b63-85ec-595f505248a3",
|
||||
"value": "2015 Ukraine Electric Power Attack"
|
||||
},
|
||||
{
|
||||
"description": "[2016 Ukraine Electric Power Attack](https://app.tidalcyber.com/campaigns/06197e03-e1c1-56af-ba98-5071f98f91f1) was a [Sandworm Team](https://app.tidalcyber.com/groups/16a65ee9-cd60-4f04-ba34-f2f45fcfc666) campaign during which they used [Industroyer](https://app.tidalcyber.com/software/09398a7c-aee5-44af-b99d-f73d3b39c299) malware to target and disrupt distribution substations within the Ukrainian power grid. This campaign was the second major public attack conducted against Ukraine by [Sandworm Team](https://app.tidalcyber.com/groups/16a65ee9-cd60-4f04-ba34-f2f45fcfc666).<sup>[[ESET Industroyer](https://app.tidalcyber.com/references/9197f712-3c53-4746-9722-30e248511611)]</sup><sup>[[Dragos Crashoverride 2018](https://app.tidalcyber.com/references/d14442d5-2557-4a92-9a29-b15a20752f56)]</sup>",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C0025",
|
||||
"first_seen": "2016-12-01T05:00:00Z",
|
||||
"last_seen": "2016-12-01T05:00:00Z",
|
||||
"source": "MITRE"
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "06197e03-e1c1-56af-ba98-5071f98f91f1",
|
||||
"value": "2016 Ukraine Electric Power Attack"
|
||||
},
|
||||
{
|
||||
"description": "The [2022 Ukraine Electric Power Attack](https://app.tidalcyber.com/campaigns/a79e06d1-df08-5c72-9180-2c373274f889) was a [Sandworm Team](https://app.tidalcyber.com/groups/16a65ee9-cd60-4f04-ba34-f2f45fcfc666) campaign that used a combination of GOGETTER, Neo-REGEORG, [CaddyWiper](https://app.tidalcyber.com/software/62d0ddcd-790d-4d2d-9d94-276f54b40cf0), and living of the land (LotL) techniques to gain access to a Ukrainian electric utility to send unauthorized commands from their SCADA system.<sup>[[Mandiant-Sandworm-Ukraine-2022](https://app.tidalcyber.com/references/7ad64744-2790-54e4-97cd-e412423f6ada)]</sup><sup>[[Dragos-Sandworm-Ukraine-2022](https://app.tidalcyber.com/references/a17aa1b1-cda4-5aeb-b401-f4fd47d29f93)]</sup> ",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C0034",
|
||||
"first_seen": "2022-06-01T04:00:00Z",
|
||||
"last_seen": "2022-10-01T04:00:00Z",
|
||||
"source": "MITRE"
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "a79e06d1-df08-5c72-9180-2c373274f889",
|
||||
"value": "2022 Ukraine Electric Power Attack"
|
||||
},
|
||||
{
|
||||
"description": "In July 2023, U.S. authorities released joint Cybersecurity Advisory AA23-187A, which detailed increased observations of new variants of the Truebot botnet malware infecting organizations in the United States and Canada. Authorities assessed that Truebot infections are primarily motivated around collection and exfiltration of sensitive victim data for financial gain. Officials also assessed that actors were using both spearphishing emails containing malicious hyperlinks and exploitation of CVE-2022-31199 in the IT system auditing application Netwrix Auditor to deliver Truebot during these attacks. Additional tools associated with the attacks included Raspberry Robin for initial infections, FlawedGrace and Cobalt Strike for various post-exploitation activities, and Teleport, a custom tool for data exfiltration.<sup>[[U.S. CISA Increased Truebot Activity July 6 2023](/references/6f9b8f72-c55f-4268-903e-1f8a82efa5bb)]</sup>\n\nThe Advisory did not provide specific impacted victim sectors. The Advisory referred to activity taking place “in recent months” prior to July 2023 but did not provide an estimated date when the summarized activity began. A public threat report referenced in the Advisory reported an observed increase in Truebot infections beginning in August 2022, including several compromises involving education sector organizations.<sup>[[U.S. CISA Increased Truebot Activity July 6 2023](/references/6f9b8f72-c55f-4268-903e-1f8a82efa5bb)]</sup><sup>[[Cisco Talos Blog December 08 2022](/references/bcf92374-48a3-480f-a679-9fd34b67bcdd)]</sup>\n\n**Related Vulnerabilities**: CVE-2022-31199<sup>[[U.S. CISA Increased Truebot Activity July 6 2023](/references/6f9b8f72-c55f-4268-903e-1f8a82efa5bb)]</sup>",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C5000",
|
||||
"first_seen": "2022-08-01T00:00:00Z",
|
||||
"last_seen": "2023-05-31T00:00:00Z",
|
||||
"owner": "TidalCyberIan",
|
||||
"source": "Tidal Cyber",
|
||||
"tags": [
|
||||
"1dc8fd1e-0737-405a-98a1-111dd557f1b5",
|
||||
"15787198-6c8b-4f79-bf50-258d55072fee",
|
||||
"7cc57262-5081-447e-85a3-31ebb4ab2ae5"
|
||||
]
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "87e14285-b86f-4f50-8d60-85398ba728b1",
|
||||
"value": "2023 Increased Truebot Activity"
|
||||
},
|
||||
{
|
||||
"description": "In August 2023, U.S. Cybersecurity & Infrastructure Security Agency (CISA) and Norwegian National Cyber Security Centre (NCSC-NO) authorities released Cybersecurity Advisory AA23-213A, which detailed observed exploitation of two vulnerabilities, CVE-2023-35078 and CVE-2023-35081, affecting Ivanti Endpoint Manager Mobile (EPMM), a solution which provides elevated access to an organization's mobile devices. According to the Advisory, authorities observed unspecified advanced persistent threat (APT) actors exploiting CVE-2023-35078 as a zero-day from at least April 2023 in order to gather information from unspecified organizations in Norway, and to gain initial access to a Norwegian government agency.\n\nIvanti released a CVE-2023-35078 patch on July 23, but then determined that CVE-2023-35081 could be chained together with the first vulnerability, a process which can enable arbitrary upload and execution of actor files, such as web shells. Ivanti released a CVE-2023-35081 patch on July 28. The Advisory provided mitigation recommendations, vulnerability and compromise identification methods, and incident response guidance, which can be found in the [source report](https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-213a).<sup>[[U.S. CISA CVE-2023-35078 Exploits](/references/62305b8a-76c8-49ec-82dc-6756643ccf7a)]</sup>\n\n**Related Vulnerabilities**: CVE-2023-35078<sup>[[U.S. CISA CVE-2023-35078 Exploits](/references/62305b8a-76c8-49ec-82dc-6756643ccf7a)]</sup>, CVE-2023-35081<sup>[[U.S. CISA CVE-2023-35078 Exploits](/references/62305b8a-76c8-49ec-82dc-6756643ccf7a)]</sup>",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C5004",
|
||||
"first_seen": "2023-04-01T00:00:00Z",
|
||||
"last_seen": "2023-07-28T00:00:00Z",
|
||||
"owner": "TidalCyberIan",
|
||||
"source": "Tidal Cyber",
|
||||
"tags": [
|
||||
"2d80c940-ba2c-4d45-8272-69928953e9eb",
|
||||
"15787198-6c8b-4f79-bf50-258d55072fee",
|
||||
"a98d7a43-f227-478e-81de-e7299639a355",
|
||||
"81e948b3-5ec0-4df8-b6e7-1b037b1b2e67",
|
||||
"7551097a-dfdd-426f-aaa2-a2916dd9b873"
|
||||
]
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "33fd2417-0a9c-4748-ab99-0e641ab29fbc",
|
||||
"value": "2023 Ivanti EPMM APT Vulnerability Exploits"
|
||||
},
|
||||
{
|
||||
"description": "In September 2023, U.S. cybersecurity authorities released Cybersecurity Advisory AA23-250A, which detailed multiple intrusions in early 2023 involving an aeronautical sector organization and attributed to multiple unspecified “nation-state advanced persistent threat (APT) actors”. As early as January, one set of actors exploited CVE-2022-47966, a vulnerability in the Zoho ManageEngine ServiceDesk Plus IT service management application that allows remote code execution, to access the organization’s public-facing web servers. A separate set of actors was also observed exploiting CVE-2022-42475, a vulnerability in Fortinet, Inc.’s FortiOS SSL-VPN that also allows remote code execution, to gain access to the organization’s firewall devices.\n\nAfter gaining access, the actors downloaded malware, performed network discovery, collected administrator credentials, and moved laterally, but according to the advisory, unclear data storage records inhibited insight into whether any proprietary information was accessed, altered, or exfiltrated. A common behavior among both sets of actors was log deletion from critical servers and the use of disabled, legitimate administrator credentials, which in one case belonged to a previously employed contractor (the organization confirmed the credentials were disabled before the observed threat activity).<sup>[[U.S. CISA Zoho Exploits September 7 2023](/references/6bb581e8-ed0e-41fe-bf95-49b5d11b4e6b)]</sup>\n\nIn addition to behavioral observations and indicators of compromise, the Advisory provided detection and mitigation guidance, which can be found in the [source report](https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250a).\n\n**Related Vulnerabilities**: CVE-2022-47966, CVE-2022-42475, CVE-2021-44228<sup>[[U.S. CISA Zoho Exploits September 7 2023](/references/6bb581e8-ed0e-41fe-bf95-49b5d11b4e6b)]</sup>",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C5005",
|
||||
"first_seen": "2023-01-01T00:00:00Z",
|
||||
"last_seen": "2023-04-01T00:00:00Z",
|
||||
"owner": "TidalCyberIan",
|
||||
"source": "Tidal Cyber",
|
||||
"tags": [
|
||||
"15787198-6c8b-4f79-bf50-258d55072fee",
|
||||
"a98d7a43-f227-478e-81de-e7299639a355",
|
||||
"7e6ef160-8e4f-4132-bdc4-9991f01c472e",
|
||||
"793f4441-3916-4b3d-a3fd-686a59dc3de2",
|
||||
"532b7819-d407-41e9-9733-0d716b69eb17"
|
||||
]
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "d25f0485-fdf3-4b85-b2ec-53e98e215d0b",
|
||||
"value": "2023 Zoho ManageEngine APT Exploits"
|
||||
},
|
||||
{
|
||||
"description": "In April 2023, U.S. and UK cybersecurity authorities released joint Cybersecurity Advisory AA23-108, which detailed a campaign by Russia-backed APT28 to compromise vulnerable routers running Cisco Internetworking Operating System (IOS). Actors collected device information and conducted further network reconnaissance on victims “worldwide”, including U.S. government institutions, 250 Ukrainian entities, and “a small number” of victims elsewhere in Europe. Adversary activity occurred over an unspecified timeframe in 2021.\n\nActors exploited CVE-2017-6742, a Simple Network Management Protocol (SNMP) vulnerability for which Cisco released a patch in 2017, and used default authentication strings to gain initial access to devices and subsequently gather router information, such as router interface details. In some cases, authorities observed actors deploying Jaguar Tooth, a malicious software bundle consisting of a series of payloads and patches. Jaguar Tooth deployments allowed actors to collect further device information via execution of Cisco IOS Command Line Interface commands, discover other network devices, and achieve unauthenticated, backdoor access to victim systems.<sup>[[U.S. CISA APT28 Cisco Routers April 18 2023](/references/c532a6fc-b27f-4240-a071-3eaa866bce89)]</sup>\n\nIn addition to behavioral observations, the Advisory also provided mitigation recommendations and indicators of compromise, which can be found in the [source report](https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-108).\n\n**Related Vulnerabilities**: CVE-2017-6742<sup>[[U.S. CISA APT28 Cisco Routers April 18 2023](/references/c532a6fc-b27f-4240-a071-3eaa866bce89)]</sup>",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C5007",
|
||||
"first_seen": "2021-01-01T00:00:00Z",
|
||||
"last_seen": "2021-12-31T00:00:00Z",
|
||||
"owner": "TidalCyberIan",
|
||||
"source": "Tidal Cyber",
|
||||
"tags": [
|
||||
"f01290d9-7160-44cb-949f-ee4947d04b6f",
|
||||
"b20e7912-6a8d-46e3-8e13-9a3fc4813852"
|
||||
]
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "ed8de8c3-03d2-4892-bd74-ccbc9afc3935",
|
||||
"value": "APT28 Cisco Router Exploits"
|
||||
},
|
||||
{
|
||||
"description": "U.S. authorities and various international partners released joint cybersecurity advisory AA20-150A, which detailed a series of attacks linked to APT28 that leveraged compromised Ubiquiti EdgeRouters to facilitate the attacks. Actors used the network of compromised routers for a range of malicious activities, including harvesting credentials, proxying network traffic, and hosting fake landing pages and post-exploitation tools. Attacks targeted organizations in a wide range of sectors around the world.<sup>[[U.S. Federal Bureau of Investigation 2 27 2024](/references/962fb031-dfd1-43a7-8202-3a2231b0472b)]</sup> According to a separate U.S. Justice Department announcement, the botnet involved in these attacks differed from previous APT28-linked cases, since nation-state actors accessed routers that had been initially compromised by a separate, unspecified cybercriminal group.<sup>[[U.S. Justice Department GRU Botnet February 2024](/references/26a554dc-39c0-4638-902d-7e84fe01b961)]</sup>",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C5015",
|
||||
"first_seen": "2022-12-01T00:00:00Z",
|
||||
"last_seen": "2024-01-01T00:00:00Z",
|
||||
"owner": "TidalCyberIan",
|
||||
"source": "Tidal Cyber",
|
||||
"tags": [
|
||||
"af5e9be5-b86e-47af-91dd-966a5e34a186",
|
||||
"6070668f-1cbd-4878-8066-c636d1d8659c",
|
||||
"d8f7e071-fbfd-46f8-b431-e241bb1513ac",
|
||||
"61cdbb28-cbfd-498b-9ab1-1f14337f9524",
|
||||
"e551ae97-d1b4-484e-9267-89f33829ec2c",
|
||||
"a98d7a43-f227-478e-81de-e7299639a355",
|
||||
"916ea1e8-d117-45a4-8564-0597a02b06e4",
|
||||
"b20e7912-6a8d-46e3-8e13-9a3fc4813852",
|
||||
"e809d252-12cc-494d-94f5-954c49eb87ce"
|
||||
]
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "2514a83a-3516-4d5d-a13c-2b6175989a26",
|
||||
"value": "APT28 Router Compromise Attacks"
|
||||
},
|
||||
{
|
||||
"description": "UK cybersecurity authorities and international partners published Cybersecurity Advisory AA24-057A (February 2024), which detailed recent tactics, techniques, and procedures (TTPs) used by Russian state-backed adversary group APT29 to target cloud environments. The advisory indicated that as more government agencies and enterprises move elements of their operations to cloud infrastructure, APT29 actors have especially adapted their TTPs for gaining initial access into these cloud environments.<sup>[[U.S. CISA APT29 Cloud Access](/references/e9e08eca-1e01-4ff0-a8ef-49ecf66aaf3d)]</sup>",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C5016",
|
||||
"first_seen": "2023-02-26T00:00:00Z",
|
||||
"last_seen": "2024-02-26T00:00:00Z",
|
||||
"owner": "TidalCyberIan",
|
||||
"source": "Tidal Cyber",
|
||||
"tags": [
|
||||
"af5e9be5-b86e-47af-91dd-966a5e34a186",
|
||||
"291c006e-f77a-4c9c-ae7e-084974c0e1eb"
|
||||
]
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "c1257a02-716f-4477-9eab-c38827418ed2",
|
||||
"value": "APT29 Cloud TTP Evolution"
|
||||
},
|
||||
{
|
||||
"description": "*Operationalize this intelligence by pivoting to relevant defensive resources via the Techniques below. Alternatively, use the **Add to Matrix** button above, then overlay entire sets of capabilities from your own defensive stack to identify threat overlaps & potential gaps (watch a [60-second tutorial here](https://www.youtube.com/watch?v=4jBo3XLO01E)).*\n\nIn December 2023, U.S. cybersecurity authorities and international partners released Cybersecurity Advisory AA23-347A, which detailed large-scale observed exploitation of CVE-2023-42793 since September 2023 by cyber threat actors associated with Russia’s Foreign Intelligence Service (SVR). According to the advisory, these actors are also known as APT29, the Dukes, CozyBear, and NOBELIUM/Midnight Blizzard.\n\nCVE-2023-42793 is an authentication bypass vulnerability in the JetBrains TeamCity software development program. After exploiting the vulnerability to gain access into victim networks, SVR actors were then observed escalating privileges, moving laterally, and deploying additional backdoors in an apparent effort to maintain long-term persistent access to victim environments. The advisory noted how SVR actors used access gained during the 2020 compromise of SolarWinds, another software company, to conduct supply chain operations affecting SolarWinds customers, but it also noted that such activity has not been observed in this case to date.\n\nJetBrains released a patch for CVE-2023-42793 in September 2023. The advisory indicated that the compromises observed to date appear to be opportunistic, impacting unpatched, internet-accessible TeamCity servers. “A few dozen” compromised entities have been identified so far (companies in disparate sectors in the United States, Europe, Asia, and Australia), but authorities assess that this tally does not represent the full number of compromised victims. Indicators of compromise, mitigation guidance, and detection resources – including Sigma and YARA rules – can be found in the [source report](https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a).<sup>[[U.S. CISA SVR TeamCity Exploits December 2023](/references/5f66f864-58c2-4b41-8011-61f954e04b7e)]</sup>",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C5012",
|
||||
"first_seen": "2023-09-01T00:00:00Z",
|
||||
"last_seen": "2023-12-14T00:00:00Z",
|
||||
"owner": "TidalCyberIan",
|
||||
"source": "Tidal Cyber",
|
||||
"tags": [
|
||||
"08809fa0-61b6-4394-b103-1c4d19a5be16",
|
||||
"4a457eb3-e404-47e5-b349-8b1f743dc657"
|
||||
]
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "80ae546a-70e5-4427-be1d-e74efc428ffd",
|
||||
"value": "APT29 TeamCity Exploits"
|
||||
},
|
||||
{
|
||||
"description": "ArcaneDoor was a campaign, which likely ran from November 2023 until around February 2024, that targeted Cisco Adaptive Security Appliances (ASAs). ASAs are network devices that combine firewall, VPN, and other functionality. The campaign targeted unspecified government institutions around the world and was believed to have been conducted for espionage purposes.<sup>[[Cisco Talos ArcaneDoor April 24 2024](/references/531c3f6f-2d2b-4774-b069-e2b7a13602c1)]</sup>\n\nResearchers attributed the campaign to UAT4356 (aka Storm-1849), a possible China-linked adversary.<sup>[[Wired ArcaneDoor April 24 2024](/references/05a8afd3-0173-41ca-b23b-196ea0f3b1c1)]</sup> The initial access vector for the ArcaneDoor attacks remains unclear. After gaining a foothold, actors used the Line Dancer tool to upload Line Runner, a persistence and arbitrary code execution capability, to compromised ASAs (Cisco assigned two vulnerabilities, CVE-2024-20359 and CVE-2024-20353, to these activities). Responders observed various actions on objectives during the attacks, including device configuration modification, network traffic capture, and possible lateral movement.<sup>[[Cisco Talos ArcaneDoor April 24 2024](/references/531c3f6f-2d2b-4774-b069-e2b7a13602c1)]</sup>",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C5019",
|
||||
"first_seen": "2023-11-01T00:00:00Z",
|
||||
"last_seen": "2024-02-29T00:00:00Z",
|
||||
"owner": "TidalCyberIan",
|
||||
"source": "Tidal Cyber",
|
||||
"tags": [
|
||||
"a159c91c-5258-49ea-af7d-e803008d97d3",
|
||||
"af5e9be5-b86e-47af-91dd-966a5e34a186",
|
||||
"15787198-6c8b-4f79-bf50-258d55072fee",
|
||||
"6bb2f579-a5cd-4647-9dcd-eff05efe3679",
|
||||
"c25f341a-7030-4688-a00b-6d637298e52e",
|
||||
"9768aada-9d63-4d46-ab9f-d41b8c8e4010",
|
||||
"2e85babc-77cd-4455-9c6e-312223a956de",
|
||||
"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"
|
||||
]
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "ccc6401a-b79f-424b-8617-3c2d55475584",
|
||||
"value": "ArcaneDoor"
|
||||
},
|
||||
{
|
||||
"description": "[C0010](https://app.tidalcyber.com/campaigns/a1e33caf-6eb0-442f-b97a-f6042f21df48) was a cyber espionage campaign conducted by UNC3890 that targeted Israeli shipping, government, aviation, energy, and healthcare organizations. Security researcher assess UNC3890 conducts operations in support of Iranian interests, and noted several limited technical connections to Iran, including PDB strings and Farsi language artifacts. [C0010](https://app.tidalcyber.com/campaigns/a1e33caf-6eb0-442f-b97a-f6042f21df48) began by at least late 2020, and was still ongoing as of mid-2022.<sup>[[Mandiant UNC3890 Aug 2022](https://app.tidalcyber.com/references/7b3fda0b-d327-4f02-bebe-2b8974f9959d)]</sup>",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C0010",
|
||||
"first_seen": "2020-12-01T07:00:00Z",
|
||||
"last_seen": "2022-08-01T06:00:00Z",
|
||||
"source": "MITRE"
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "a1e33caf-6eb0-442f-b97a-f6042f21df48",
|
||||
"value": "C0010"
|
||||
},
|
||||
{
|
||||
"description": "[C0011](https://app.tidalcyber.com/campaigns/4c7386a7-9741-4ae4-8ad9-def03ed77e29) was a suspected cyber espionage campaign conducted by [Transparent Tribe](https://app.tidalcyber.com/groups/441b91d1-256a-4763-bac6-8f1c76764a25) that targeted students at universities and colleges in India. Security researchers noted this campaign against students was a significant shift from [Transparent Tribe](https://app.tidalcyber.com/groups/441b91d1-256a-4763-bac6-8f1c76764a25)'s historic targeting Indian government, military, and think tank personnel, and assessed it was still ongoing as of July 2022.<sup>[[Cisco Talos Transparent Tribe Education Campaign July 2022](https://app.tidalcyber.com/references/acb10fb6-608f-44d3-9faf-7e577b0e2786)]</sup> ",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C0011",
|
||||
"first_seen": "2021-12-01T06:00:00Z",
|
||||
"last_seen": "2022-07-01T05:00:00Z",
|
||||
"source": "MITRE"
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "4c7386a7-9741-4ae4-8ad9-def03ed77e29",
|
||||
"value": "C0011"
|
||||
},
|
||||
{
|
||||
"description": "[C0015](https://app.tidalcyber.com/campaigns/85bbff82-ba0c-4193-a3b5-985afd5690c5) was a ransomware intrusion during which the unidentified attackers used [Bazar](https://app.tidalcyber.com/software/b35d9817-6ead-4dbd-a2fa-4b8e217f8eac), [Cobalt Strike](https://app.tidalcyber.com/software/9b6bcbba-3ab4-4a4c-a233-cd12254823f6), and [Conti](https://app.tidalcyber.com/software/8e995c29-2759-4aeb-9a0f-bb7cd97b06e5), along with other tools, over a 5 day period. Security researchers assessed the actors likely used the widely-circulated [Conti](https://app.tidalcyber.com/software/8e995c29-2759-4aeb-9a0f-bb7cd97b06e5) ransomware playbook based on the observed pattern of activity and operator errors.<sup>[[DFIR Conti Bazar Nov 2021](https://app.tidalcyber.com/references/a6f1a15d-448b-41d4-81f0-ee445cba83bd)]</sup>",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C0015",
|
||||
"first_seen": "2021-08-01T05:00:00Z",
|
||||
"last_seen": "2021-08-01T05:00:00Z",
|
||||
"source": "MITRE",
|
||||
"tags": [
|
||||
"5e7433ad-a894-4489-93bc-41e90da90019",
|
||||
"7e7b0c67-bb85-4996-a289-da0e792d7172"
|
||||
]
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "85bbff82-ba0c-4193-a3b5-985afd5690c5",
|
||||
"value": "C0015"
|
||||
},
|
||||
{
|
||||
"description": "[C0017](https://app.tidalcyber.com/campaigns/a56d7700-c015-52ca-9c52-fed4d122c100) was an [APT41](https://app.tidalcyber.com/groups/502223ee-8947-42f8-a532-a3b3da12b7d9) campaign conducted between May 2021 and February 2022 that successfully compromised at least six U.S. state government networks through the exploitation of vulnerable Internet facing web applications. During [C0017](https://app.tidalcyber.com/campaigns/a56d7700-c015-52ca-9c52-fed4d122c100), [APT41](https://app.tidalcyber.com/groups/502223ee-8947-42f8-a532-a3b3da12b7d9) was quick to adapt and use publicly-disclosed as well as zero-day vulnerabilities for initial access, and in at least two cases re-compromised victims following remediation efforts. The goals of [C0017](https://app.tidalcyber.com/campaigns/a56d7700-c015-52ca-9c52-fed4d122c100) are unknown, however [APT41](https://app.tidalcyber.com/groups/502223ee-8947-42f8-a532-a3b3da12b7d9) was observed exfiltrating Personal Identifiable Information (PII).<sup>[[Mandiant APT41](https://app.tidalcyber.com/references/e54415fe-40c2-55ff-9e75-881bc8a912b8)]</sup>",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C0017",
|
||||
"first_seen": "2021-05-01T04:00:00Z",
|
||||
"last_seen": "2022-02-01T05:00:00Z",
|
||||
"source": "MITRE",
|
||||
"tags": [
|
||||
"a98d7a43-f227-478e-81de-e7299639a355"
|
||||
]
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "a56d7700-c015-52ca-9c52-fed4d122c100",
|
||||
"value": "C0017"
|
||||
},
|
||||
{
|
||||
"description": "\n[C0018](https://app.tidalcyber.com/campaigns/0452e367-aaa4-5a18-8028-a7ee136fe646) was a month-long ransomware intrusion that successfully deployed [AvosLocker](https://app.tidalcyber.com/software/e792dc8d-b0f4-5916-8850-a61ff53125d0) onto a compromised network. The unidentified actors gained initial access to the victim network through an exposed server and used a variety of open-source tools prior to executing [AvosLocker](https://app.tidalcyber.com/software/e792dc8d-b0f4-5916-8850-a61ff53125d0).<sup>[[Costa AvosLocker May 2022](https://app.tidalcyber.com/references/a94268d8-6b7c-574b-a588-d8fd80c27fd3)]</sup><sup>[[Cisco Talos Avos Jun 2022](https://app.tidalcyber.com/references/1170fdc2-6d8e-5b60-bf9e-ca915790e534)]</sup>",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C0018",
|
||||
"first_seen": "2022-02-01T05:00:00Z",
|
||||
"last_seen": "2022-03-01T05:00:00Z",
|
||||
"source": "MITRE",
|
||||
"tags": [
|
||||
"5e7433ad-a894-4489-93bc-41e90da90019",
|
||||
"7e7b0c67-bb85-4996-a289-da0e792d7172"
|
||||
]
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "0452e367-aaa4-5a18-8028-a7ee136fe646",
|
||||
"value": "C0018"
|
||||
},
|
||||
{
|
||||
"description": "[C0021](https://app.tidalcyber.com/campaigns/86bed8da-4cab-55fe-a2d0-9214db1a09cf) was a spearphishing campaign conducted in November 2018 that targeted public sector institutions, non-governmental organizations (NGOs), educational institutions, and private-sector corporations in the oil and gas, chemical, and hospitality industries. The majority of targets were located in the US, particularly in and around Washington D.C., with other targets located in Europe, Hong Kong, India, and Canada. [C0021](https://app.tidalcyber.com/campaigns/86bed8da-4cab-55fe-a2d0-9214db1a09cf)'s technical artifacts, tactics, techniques, and procedures (TTPs), and targeting overlap with previous suspected [APT29](https://app.tidalcyber.com/groups/4c3e48b9-4426-4271-a7af-c3dfad79f447) activity.<sup>[[Microsoft Unidentified Dec 2018](https://app.tidalcyber.com/references/896c88f9-8765-4b60-b679-667b338757e3)]</sup><sup>[[FireEye APT29 Nov 2018](https://app.tidalcyber.com/references/30e769e0-4552-429b-b16e-27830d42edea)]</sup>",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C0021",
|
||||
"first_seen": "2018-11-01T05:00:00Z",
|
||||
"last_seen": "2018-11-01T05:00:00Z",
|
||||
"source": "MITRE"
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "86bed8da-4cab-55fe-a2d0-9214db1a09cf",
|
||||
"value": "C0021"
|
||||
},
|
||||
{
|
||||
"description": "[C0026](https://app.tidalcyber.com/campaigns/41f283a1-b2ac-547d-98d5-ff907afd08c7) was a campaign identified in September 2022 that included the selective distribution of [KOPILUWAK](https://app.tidalcyber.com/software/d09c4459-1aa3-547d-99f4-7ac73b8043f0) and [QUIETCANARY](https://app.tidalcyber.com/software/52d3515c-5184-5257-bf24-56adccb4cccd) malware to previous [ANDROMEDA](https://app.tidalcyber.com/software/69aac793-9e6a-5167-bc62-823189ee2f7b) malware victims in Ukraine through re-registered [ANDROMEDA](https://app.tidalcyber.com/software/69aac793-9e6a-5167-bc62-823189ee2f7b) C2 domains. Several tools and tactics used during [C0026](https://app.tidalcyber.com/campaigns/41f283a1-b2ac-547d-98d5-ff907afd08c7) were consistent with historic [Turla](https://app.tidalcyber.com/groups/47ae4fb1-fc61-4e8e-9310-66dda706e1a2) operations.<sup>[[Mandiant Suspected Turla Campaign February 2023](https://app.tidalcyber.com/references/d8f43a52-a59e-5567-8259-821b1b6bde43)]</sup>",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C0026",
|
||||
"first_seen": "2022-08-01T05:00:00Z",
|
||||
"last_seen": "2022-09-01T04:00:00Z",
|
||||
"source": "MITRE"
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "41f283a1-b2ac-547d-98d5-ff907afd08c7",
|
||||
"value": "C0026"
|
||||
},
|
||||
{
|
||||
"description": "[C0027](https://app.tidalcyber.com/campaigns/a9719584-4f52-5a5d-b0f7-1059e715c2b8) was a financially-motivated campaign linked to [Scattered Spider](https://app.tidalcyber.com/groups/3d77fb6c-cfb4-5563-b0be-7aa1ad535337) that targeted telecommunications and business process outsourcing (BPO) companies from at least June through December of 2022. During [C0027](https://app.tidalcyber.com/campaigns/a9719584-4f52-5a5d-b0f7-1059e715c2b8) [Scattered Spider](https://app.tidalcyber.com/groups/3d77fb6c-cfb4-5563-b0be-7aa1ad535337) used various forms of social engineering, performed SIM swapping, and attempted to leverage access from victim environments to mobile carrier networks.<sup>[[Crowdstrike TELCO BPO Campaign December 2022](https://app.tidalcyber.com/references/382785e1-4ef3-506e-b74f-cd07df9ae46e)]</sup>\n",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C0027",
|
||||
"first_seen": "2022-06-01T04:00:00Z",
|
||||
"last_seen": "2022-12-01T05:00:00Z",
|
||||
"source": "MITRE"
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "a9719584-4f52-5a5d-b0f7-1059e715c2b8",
|
||||
"value": "C0027"
|
||||
},
|
||||
{
|
||||
"description": "[C0032](https://app.tidalcyber.com/campaigns/c26b3156-8472-5b87-971f-41a7a4702268) was an extended campaign suspected to involve the [Triton](https://app.tidalcyber.com/software/) adversaries with related capabilities and techniques focused on gaining a foothold within IT environments. This campaign occurred in 2019 and was distinctly different from the [Triton Safety Instrumented System Attack](https://app.tidalcyber.com/campaigns/6c7185e1-bd46-5a80-9a76-a376b16fbc7b).<sup>[[FireEye TRITON 2019](https://app.tidalcyber.com/references/49c97b85-ca22-400a-9dc4-6290cc117f04)]</sup>",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C0032",
|
||||
"first_seen": "2014-10-01T04:00:00Z",
|
||||
"last_seen": "2017-01-01T05:00:00Z",
|
||||
"source": "MITRE"
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "c26b3156-8472-5b87-971f-41a7a4702268",
|
||||
"value": "C0032"
|
||||
},
|
||||
{
|
||||
"description": "[C0033](https://app.tidalcyber.com/campaigns/c5d35d8d-fe96-5210-bb57-4692081a25a9) was a [PROMETHIUM](https://app.tidalcyber.com/groups/cc798766-8662-4b55-8536-6d057fbc58f0) campaign during which they used [StrongPity](https://app.tidalcyber.com/software/ed563524-235e-4e06-8c69-3f9d8ddbfd8a) to target Android users. [C0033](https://app.tidalcyber.com/campaigns/c5d35d8d-fe96-5210-bb57-4692081a25a9) was the first publicly documented mobile campaign for [PROMETHIUM](https://app.tidalcyber.com/groups/cc798766-8662-4b55-8536-6d057fbc58f0), who previously used Windows-based techniques.<sup>[[welivesec_strongpity](https://app.tidalcyber.com/references/1b89df2c-e756-599a-9f7f-a5230db9de46)]</sup>",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C0033",
|
||||
"first_seen": "2016-05-01T07:00:00Z",
|
||||
"last_seen": "2023-01-01T08:00:00Z",
|
||||
"source": "MITRE"
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "c5d35d8d-fe96-5210-bb57-4692081a25a9",
|
||||
"value": "C0033"
|
||||
},
|
||||
{
|
||||
"description": "In June 2023, U.S. authorities released Cybersecurity Advisory AA23-158A, which detailed observed exploits of a zero-day SQL injection vulnerability (CVE-2023-34362) affecting Progress Software's managed file transfer (MFT) solution, MOVEit Transfer. According to the Advisory, exploit activity began on May 27, 2023, as threat actors, which the Advisory attributed to \"CL0P Ransomware Gang, also known as TA505\", began compromising internet-facing MOVEit Transfer web applications. Actors deployed web shells, dubbed LEMURLOOT, on compromised MOVEit applications, which enabled persistence, discovery of files and folders stored on MOVEit servers, and staging and exfiltration of compressed victim data. Authorities indicated they expected to see \"widespread exploitation of unpatched software services in both private and public networks\".<sup>[[U.S. CISA CL0P CVE-2023-34362 Exploitation](/references/07e48ca8-b965-4234-b04a-dfad45d58b22)]</sup> Progress Software acknowledged the vulnerability and issued guidance on known affected versions, software upgrades, and patching.<sup>[[Progress Software MOVEit Transfer Critical Vulnerability](/references/9f364e22-b73c-4f3a-902c-a3f0eb01a2b9)]</sup>\n\n**Related Vulnerabilities**: CVE-2023-34362<sup>[[U.S. CISA CL0P CVE-2023-34362 Exploitation](/references/07e48ca8-b965-4234-b04a-dfad45d58b22)]</sup>",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C5002",
|
||||
"first_seen": "2023-05-27T00:00:00Z",
|
||||
"last_seen": "2023-06-16T00:00:00Z",
|
||||
"owner": "TidalCyberIan",
|
||||
"source": "Tidal Cyber",
|
||||
"tags": [
|
||||
"5e7433ad-a894-4489-93bc-41e90da90019",
|
||||
"a98d7a43-f227-478e-81de-e7299639a355",
|
||||
"173e1480-8d9b-49c5-854d-594dde9740d6"
|
||||
]
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "f20c935b-e0c5-4941-b710-73cf06dd2b4a",
|
||||
"value": "Clop MOVEit Transfer Vulnerability Exploitation"
|
||||
},
|
||||
{
|
||||
"description": "[CostaRicto](https://app.tidalcyber.com/campaigns/fb011ed2-bfb9-4f0f-bd88-8b3fa0cf9b48) was a suspected hacker-for-hire cyber espionage campaign that targeted multiple industries worldwide, with a large number being financial institutions. [CostaRicto](https://app.tidalcyber.com/campaigns/fb011ed2-bfb9-4f0f-bd88-8b3fa0cf9b48) actors targeted organizations in Europe, the Americas, Asia, Australia, and Africa, with a large concentration in South Asia (especially India, Bangladesh, and Singapore), using custom malware, open source tools, and a complex network of proxies and SSH tunnels.<sup>[[BlackBerry CostaRicto November 2020](https://app.tidalcyber.com/references/93a23447-641c-4ee2-9fbd-64b2adea8a5f)]</sup>",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C0004",
|
||||
"first_seen": "2019-10-01T04:00:00Z",
|
||||
"last_seen": "2020-11-01T04:00:00Z",
|
||||
"source": "MITRE"
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "fb011ed2-bfb9-4f0f-bd88-8b3fa0cf9b48",
|
||||
"value": "CostaRicto"
|
||||
},
|
||||
{
|
||||
"description": "[Cutting Edge](https://app.tidalcyber.com/campaigns/4e605e33-57fe-5bb2-b0ad-ec146aac041b) was a campaign conducted by suspected China-nexus espionage actors, variously identified as UNC5221/UTA0178 and UNC5325, that began as early as December 2023 with the exploitation of zero-day vulnerabilities in Ivanti Connect Secure (previously Pulse Secure) VPN appliances. [Cutting Edge](https://app.tidalcyber.com/campaigns/4e605e33-57fe-5bb2-b0ad-ec146aac041b) targeted the U.S. defense industrial base and multiple sectors globally including telecommunications, financial, aerospace, and technology. [Cutting Edge](https://app.tidalcyber.com/campaigns/4e605e33-57fe-5bb2-b0ad-ec146aac041b) featured the use of defense evasion and living-off-the-land (LoTL) techniques along with the deployment of web shells and other custom malware.<sup>[[Mandiant Cutting Edge January 2024](https://app.tidalcyber.com/references/9d9ec923-89c1-5155-ae6e-98d4776d4250)]</sup><sup>[[Volexity Ivanti Zero-Day Exploitation January 2024](https://app.tidalcyber.com/references/93eda380-ea21-59e0-97e8-5bec1f9a0e71)]</sup><sup>[[Volexity Ivanti Global Exploitation January 2024](https://app.tidalcyber.com/references/b96fa4f2-864d-5d88-9a29-b117da8f8c5c)]</sup><sup>[[Mandiant Cutting Edge Part 2 January 2024](https://app.tidalcyber.com/references/5209d259-4293-58c0-bbdc-f30ff77d57f7)]</sup><sup>[[Mandiant Cutting Edge Part 3 February 2024](https://app.tidalcyber.com/references/49e5b125-5503-5cb0-9a56-a93f82b55753)]</sup>",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C0029",
|
||||
"first_seen": "2023-12-01T05:00:00Z",
|
||||
"last_seen": "2024-02-01T05:00:00Z",
|
||||
"source": "MITRE",
|
||||
"tags": [
|
||||
"9768aada-9d63-4d46-ab9f-d41b8c8e4010",
|
||||
"758c3085-2f79-40a8-ab95-f8a684737927",
|
||||
"af5e9be5-b86e-47af-91dd-966a5e34a186",
|
||||
"35e694ec-5133-46e3-b7e1-5831867c3b55",
|
||||
"1dc8fd1e-0737-405a-98a1-111dd557f1b5",
|
||||
"15787198-6c8b-4f79-bf50-258d55072fee",
|
||||
"d1ab6bd6-2688-4e54-a1d3-d180bb8fd41a",
|
||||
"1ff4614e-0ee6-4e04-921d-61abba7fcdb7",
|
||||
"e00b65fc-8f56-4a9e-9f09-ccf3124a3272"
|
||||
]
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "4e605e33-57fe-5bb2-b0ad-ec146aac041b",
|
||||
"value": "Cutting Edge"
|
||||
},
|
||||
{
|
||||
"description": "German and South Korean cybersecurity authorities published an advisory highlighting recent attempts by North Korea-linked cyber actors to target enterprises and research centers in the defense sector. The advisory detailed a supply chain attack, attributed to an unnamed threat group, in which actors compromised a company that maintained a defense sector research center's web servers, then used stolen SSH credentials to remotely access the research center's network. The actors then used various methods to evade defenses, including impersonating security staff, deployed malware via a patch management system, and stole account information and email contents before being evicted from the network.<sup>[[BfV North Korea February 17 2024](/references/cc76be15-6d9d-40b2-b7f3-196bb0a7106a)]</sup>",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C5014",
|
||||
"first_seen": "2022-12-01T00:00:00Z",
|
||||
"last_seen": "2022-12-31T00:00:00Z",
|
||||
"owner": "TidalCyberIan",
|
||||
"source": "Tidal Cyber",
|
||||
"tags": [
|
||||
"6070668f-1cbd-4878-8066-c636d1d8659c",
|
||||
"d8f7e071-fbfd-46f8-b431-e241bb1513ac",
|
||||
"e7ea1f6d-59f2-40c1-bbfe-835dedf033ee"
|
||||
]
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "1a2caf4c-658d-4117-a912-55f4d6bca899",
|
||||
"value": "Defense Sector Supply Chain Compromise by North Korea-Linked Actors"
|
||||
},
|
||||
{
|
||||
"description": "In September 2023, French cybersecurity authorities released advisory CERTFR-2023-CTI-007, which detailed a network intrusion of the Regional and University Hospital Center of Brest, in northwestern France. Actors used valid credentials belonging to a healthcare professional to connect to a remote desktop service exposed to the Internet, then installed Cobalt Strike and SystemBC to provide backdoor network access. Authorities indicated that the credentials were likely compromised via unspecified infostealer malware.\n\nThe actors used multiple third-party tools for credential access and discovery, and they attempted to exploit at least five vulnerabilities for privilege escalation and lateral movement. Authorities worked with hospital personnel to isolate affected systems and disrupt the intrusion before suspected data exfiltration and encryption could take place. Based on infrastructural and behavioral overlaps with other incidents, officials attributed the intrusion to the FIN12 financially motivated actor group and indicated the same actors are responsible for dozens of attacks on French victims in recent years.\n\nAdditional details, indicators of compromise, and the observed Cobalt Strike configuration can be found in the [source report](https://www.cert.ssi.gouv.fr/uploads/CERTFR-2023-CTI-007.pdf).<sup>[[CERTFR-2023-CTI-007](/references/0f4a03c5-79b3-418e-a77d-305d5a32caca)]</sup>\n\n**Related Vulnerabilities**: CVE-2023-21746, CVE-2022-24521, CVE-2021-34527, CVE-2019-0708, CVE-2020-1472<sup>[[CERTFR-2023-CTI-007](/references/0f4a03c5-79b3-418e-a77d-305d5a32caca)]</sup>",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C5006",
|
||||
"first_seen": "2023-03-01T00:00:00Z",
|
||||
"last_seen": "2023-03-31T00:00:00Z",
|
||||
"owner": "TidalCyberIan",
|
||||
"source": "Tidal Cyber",
|
||||
"tags": [
|
||||
"2743d495-7728-4a75-9e5f-b64854039792",
|
||||
"ecd84106-2a5b-4d25-854e-b8d1f57f6b75",
|
||||
"a6ba64e1-4b4a-4bbd-a26d-ce35c22b2530",
|
||||
"4bc9ab8f-7f57-4b1a-8857-ffaa7e5cc930",
|
||||
"d385b541-4033-48df-93cd-237ca6e46f36"
|
||||
]
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "129ffe04-ea90-45d1-a2fd-7ff0bffa0433",
|
||||
"value": "FIN12 March 2023 Hospital Center Intrusion"
|
||||
},
|
||||
{
|
||||
"description": "[Frankenstein](https://app.tidalcyber.com/campaigns/2fab9878-8aae-445a-86db-6b47b473f56b) was described by security researchers as a highly-targeted campaign conducted by moderately sophisticated and highly resourceful threat actors in early 2019. The unidentified actors primarily relied on open source tools, including [Empire](https://app.tidalcyber.com/software/fea655ac-558f-4dd0-867f-9a5553626207). The campaign name refers to the actors' ability to piece together several unrelated open-source tool components.<sup>[[Talos Frankenstein June 2019](https://app.tidalcyber.com/references/a6faa495-db01-43e8-9db3-d446570802bc)]</sup>",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C0001",
|
||||
"first_seen": "2019-01-01T06:00:00Z",
|
||||
"last_seen": "2019-04-01T05:00:00Z",
|
||||
"source": "MITRE"
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "2fab9878-8aae-445a-86db-6b47b473f56b",
|
||||
"value": "Frankenstein"
|
||||
},
|
||||
{
|
||||
"description": "[FunnyDream](https://app.tidalcyber.com/campaigns/94587edf-0292-445b-8c66-b16629597f1e) was a suspected Chinese cyber espionage campaign that targeted government and foreign organizations in Malaysia, the Philippines, Taiwan, Vietnam, and other parts of Southeast Asia. Security researchers linked the [FunnyDream](https://app.tidalcyber.com/campaigns/94587edf-0292-445b-8c66-b16629597f1e) campaign to possible Chinese-speaking threat actors through the use of the [Chinoxy](https://app.tidalcyber.com/software/7c36563a-9143-4766-8aef-4e1787e18d8c) backdoor and noted infrastructure overlap with the TAG-16 threat group.<sup>[[Bitdefender FunnyDream Campaign November 2020](https://app.tidalcyber.com/references/b62a9f2c-02ca-4dfa-95fc-5dc6ad9568de)]</sup><sup>[[Kaspersky APT Trends Q1 2020](https://app.tidalcyber.com/references/23c91719-5ebe-4d03-8018-df1809fffd2f)]</sup><sup>[[Recorded Future Chinese Activity in Southeast Asia December 2021](https://app.tidalcyber.com/references/0809db3b-81a8-475d-920a-cb913b30f42e)]</sup>",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C0007",
|
||||
"first_seen": "2018-07-01T05:00:00Z",
|
||||
"last_seen": "2020-11-01T04:00:00Z",
|
||||
"source": "MITRE"
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "94587edf-0292-445b-8c66-b16629597f1e",
|
||||
"value": "FunnyDream"
|
||||
},
|
||||
{
|
||||
"description": "In November 2022, U.S. cybersecurity authorities released Cybersecurity Advisory AA22-320A, which detailed an incident response engagement at an unspecified U.S. Federal Civilian Executive Branch organization. Authorities assessed that the network compromise was carried out by unspecified Iranian government-sponsored advanced persistent threat (APT) actors. The actors achieved initial network access by exploiting the Log4Shell vulnerability in an unpatched VMware Horizon server. Post-exploit activities included installing XMRig crypto mining software and executing Mimikatz to harvest credentials, as well as moving laterally to the domain controller and implanting Ngrok reverse proxies on multiple hosts to maintain persistence.\n\nAdditional details, including incident response guidance and relevant mitigations, can be found in the [source report](https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-320a).<sup>[[U.S. CISA Advisory November 25 2022](/references/daae1f54-8471-4620-82d5-023d04144acd)]</sup>\n\n**Related Vulnerabilities**: CVE-2021-44228<sup>[[U.S. CISA Advisory November 25 2022](/references/daae1f54-8471-4620-82d5-023d04144acd)]</sup>",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C5008",
|
||||
"first_seen": "2022-06-15T00:00:00Z",
|
||||
"last_seen": "2022-07-15T00:00:00Z",
|
||||
"owner": "TidalCyberIan",
|
||||
"source": "Tidal Cyber",
|
||||
"tags": [
|
||||
"15787198-6c8b-4f79-bf50-258d55072fee",
|
||||
"7e6ef160-8e4f-4132-bdc4-9991f01c472e"
|
||||
]
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "7d6ff40d-51f3-42f8-b986-e7421f59b4bd",
|
||||
"value": "Iranian APT Credential Harvesting & Cryptomining Activity"
|
||||
},
|
||||
{
|
||||
"description": "In November 2020, U.S. cybersecurity authorities released joint Cybersecurity Advisory AA20-304A, which detailed efforts by an unspecified Iranian advanced persistent threat (APT) actor to target U.S. state websites, including election-related sites, with the goal of obtaining voter registration data. The actors used a legitimate vulnerability scanner, Acunetix, to scan state election websites, and they attempted to exploit sites with directory traversal, SQL injection, and web shell upload attacks. Authorities confirmed the actors successfully obtained voter registration data in at least one state – after abusing a website misconfiguration, they used a cURL-based scripting tool to iterate through and retrieve voter records. Officials assessed that the actor behind the website attacks is responsible for mass dissemination of intimidation emails to U.S. citizens and a disinformation campaign featuring a U.S. election-related propaganda video in mid-October 2020. Authorities furthermore assessed that information obtained during the website attacks was featured in the propaganda video.<sup>[[U.S. CISA Iran Voter Data November 3 2020](/references/be89be75-c33f-4c58-8bf0-979c1debaad7)]</sup>",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C5010",
|
||||
"first_seen": "2020-09-20T00:00:00Z",
|
||||
"last_seen": "2020-10-20T00:00:00Z",
|
||||
"owner": "TidalCyberIan",
|
||||
"source": "Tidal Cyber"
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "18cf25b5-ed3a-40f6-bf0a-a3938a4f8da2",
|
||||
"value": "Iranian APT Targeting U.S. Voter Data"
|
||||
},
|
||||
{
|
||||
"description": "In September 2022, U.S., Canadian, United Kingdom, and Australian cybersecurity authorities released joint Cybersecurity Advisory AA22-257A, which detailed malicious cyber activity attributed to advanced persistent threat (APT) actors affiliated with the Iranian government’s Islamic Revolutionary Guard Corps (IRGC). The advisory updated a previous alert (AA21-321A), published in November 2021, and summarized recent activities linked to the actors. Since at least March 2021, the actors were observed targeting victims in a wide range of U.S. critical infrastructure sectors, including transportation and healthcare, and victims in unspecified sectors in Australia, Canada, and the United Kingdom.\n\nThe actors typically exploited vulnerabilities to gain initial network access. They were observed exploiting vulnerabilities in Microsoft Exchange servers (ProxyShell) and Fortinet devices in 2021, and VMware Horizon (Log4j) in 2022. After gaining access, the actors typically evaluated the perceived value of data held within a victim network and either encrypted it for ransom and/or exfiltrated it. The actors are believed to have sold some exfiltrated data or used it as leverage to further pressure victims into paying a ransom.\n\nIn addition to behavioral observations and indicators of compromise, the advisories provided detection and mitigation guidance, which can be found in the source reports [here](https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-257a) and [here](https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-321a).\n\n**Related Vulnerabilities**: CVE-2021-34523, CVE-2021-31207, CVE-2021-44228, CVE-2021-45046, CVE-2021-45105<sup>[[U.S. CISA IRGC Actors September 14 2022](/references/728b20b0-f702-4dbe-afea-50270648a3a2)]</sup>, CVE-2021-34473, CVE-2018-13379, CVE-2020-12812, CVE-2019-5591<sup>[[U.S. CISA Iranian Government Actors November 19 2021](/references/d7014279-bc6a-43d4-953a-a6bc1d97a13b)]</sup>",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C5009",
|
||||
"first_seen": "2021-03-01T00:00:00Z",
|
||||
"last_seen": "2022-09-14T00:00:00Z",
|
||||
"owner": "TidalCyberIan",
|
||||
"source": "Tidal Cyber",
|
||||
"tags": [
|
||||
"5e7433ad-a894-4489-93bc-41e90da90019",
|
||||
"7e7b0c67-bb85-4996-a289-da0e792d7172",
|
||||
"15787198-6c8b-4f79-bf50-258d55072fee",
|
||||
"d84be7c9-c652-4a43-a79e-ef0fa2318c58",
|
||||
"1423b5a8-cff3-48d5-a0a2-09b3afc9f195",
|
||||
"1b98f09a-7d93-4abb-8f3e-1eacdb9f9871",
|
||||
"fde4c246-7d2d-4d53-938b-44651cf273f1",
|
||||
"c3779a84-8132-4c62-be2f-9312ad41c273",
|
||||
"c035da8e-f96c-4793-885d-45017d825596",
|
||||
"7e6ef160-8e4f-4132-bdc4-9991f01c472e",
|
||||
"d713747c-2d53-487e-9dac-259230f04460",
|
||||
"964c2590-4b52-48c6-afff-9a6d72e68908"
|
||||
]
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "338c6497-2b13-4c2b-bd45-d8b636c35cac",
|
||||
"value": "Iranian IRGC Data Extortion Operations"
|
||||
},
|
||||
{
|
||||
"description": "This object represents a collection of MITRE ATT&CK® Techniques and other objects (Groups and/or Software) related to joint Cybersecurity Advisory AA24-060B, which detailed recent exploits of vulnerabilities (CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893) affecting Ivanti Connect Secure and Policy Secure VPN and gateway appliances by unspecified threat actors. Further background & contextual details can be found in the References tab below.",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C5017",
|
||||
"first_seen": "2023-12-01T00:00:00Z",
|
||||
"last_seen": "2024-02-29T00:00:00Z",
|
||||
"owner": "TidalCyberIan",
|
||||
"source": "Tidal Cyber",
|
||||
"tags": [
|
||||
"fe984a01-910d-4e39-9c49-179aa03f75ab",
|
||||
"9768aada-9d63-4d46-ab9f-d41b8c8e4010",
|
||||
"758c3085-2f79-40a8-ab95-f8a684737927",
|
||||
"af5e9be5-b86e-47af-91dd-966a5e34a186",
|
||||
"35e694ec-5133-46e3-b7e1-5831867c3b55",
|
||||
"1dc8fd1e-0737-405a-98a1-111dd557f1b5",
|
||||
"15787198-6c8b-4f79-bf50-258d55072fee",
|
||||
"d1ab6bd6-2688-4e54-a1d3-d180bb8fd41a",
|
||||
"1ff4614e-0ee6-4e04-921d-61abba7fcdb7",
|
||||
"e00b65fc-8f56-4a9e-9f09-ccf3124a3272"
|
||||
]
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "c2544d1d-3c99-4601-86fe-8b62020aaffc",
|
||||
"value": "Ivanti Gateway Vulnerability Exploits"
|
||||
},
|
||||
{
|
||||
"description": "In July 2023, U.S. Cybersecurity & Infrastructure Security Agency authorities released Cybersecurity Advisory AA23-201A, which detailed an observed exploit of a zero-day vulnerability (CVE-2023-3519) affecting NetScaler (formerly Citrix) Application Delivery Controller (\"ADC\") and NetScaler Gateway appliances. According to the Advisory, the exploitation activity occurred in June 2023, and the victim (an undisclosed entity in the critical infrastructure sector) reported it in July 2023.<sup>[[U.S. CISA CVE-2023-3519 Exploits](/references/021c4caa-7a7a-4e49-9c5c-6eec176bf923)]</sup> Citrix acknowledged the reported exploit of the vulnerability, which enables unauthenticated remote code execution, and released a patch on July 18, 2023.<sup>[[Citrix Bulletin CVE-2023-3519](/references/245ef1b7-778d-4df2-99a9-b51c95c57580)]</sup>\n\nAfter achieving initial access via exploit of CVE-2023-3519, threat actors dropped a web shell on the vulnerable ADC appliance, which was present on a non-production environment. The web shell enabled subsequent information discovery on the victim's Active Directory (\"AD\"), followed by collection and exfiltration of AD-related data. The actors also attempted lateral movement to a domain controller, but the Advisory indicated that network segementation controls for the ADC appliance blocked this attempted activity.<sup>[[U.S. CISA CVE-2023-3519 Exploits](/references/021c4caa-7a7a-4e49-9c5c-6eec176bf923)]</sup> Separately, in a blog on CVE-2023-3519 exploit investigations released the day after the CISA Advisory, Mandiant indicated that the type of activity observed is \"consistent with previous operations by China-nexus actors\".<sup>[[Mandiant CVE-2023-3519 Exploitation](/references/4404ed65-3020-453d-8c51-2885018ba03b)]</sup>\n\n**Related Vulnerabilities**: CVE-2023-3519<sup>[[U.S. CISA CVE-2023-3519 Exploits](/references/021c4caa-7a7a-4e49-9c5c-6eec176bf923)]</sup>",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C5001",
|
||||
"first_seen": "2023-06-01T00:00:00Z",
|
||||
"last_seen": "2023-06-30T00:00:00Z",
|
||||
"owner": "TidalCyberIan",
|
||||
"source": "Tidal Cyber",
|
||||
"tags": [
|
||||
"fe984a01-910d-4e39-9c49-179aa03f75ab",
|
||||
"a98d7a43-f227-478e-81de-e7299639a355",
|
||||
"c475ad68-3fdc-4725-8abc-784c56125e96"
|
||||
]
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "86e3565d-93dc-40e5-8f84-20d1c15b8e9d",
|
||||
"value": "June 2023 Citrix Vulnerability Exploitation"
|
||||
},
|
||||
{
|
||||
"description": "In November 2023, U.S. cybersecurity authorities and international partners released Cybersecurity Advisory AA23-325A, which detailed observed exploitation of CVE-2023-4966 (known colloquially as the “Citrix Bleed” vulnerability) by threat actors believed to be affiliated with the LockBit ransomware operation.\n\nCitrix Bleed is a vulnerability in Citrix NetScaler web application delivery control (“ADC”) and NetScaler Gateway appliances, which allows adversaries to bypass password requirements and multifactor authentication, enabling hijacking of legitimate user sessions and subsequent credential harvesting, lateral movement, and data or resource access. Authorities indicated that they expected “widespread” Citrix Bleed exploitation on unpatched services due to the ease of carrying out the exploit.\n\nAfter successful Citrix Bleed exploitation, LockBit affiliates were observed using a variety of follow-on TTPs and using a range of software, including abuse of native utilities and popular legitimate remote management and monitoring (“RMM”) tools. Indicators of compromise associated with recent intrusions and further incident response and mitigation guidance can be found in the [source report](https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a).<sup>[[U.S. CISA LockBit Citrix Bleed November 21 2023](/references/21f56e0c-9605-4fbb-9cb1-f868ba6eb053)]</sup> Public reporting suggested that actors associated with the Medusa and Qilin ransomware operations, plus other unknown ransomware and uncategorized actors, had also exploited Citrix Bleed as part of their operations.<sup>[[Malwarebytes Citrix Bleed November 24 2023](/references/fdc86cea-0015-48d1-934f-b22244de6306)]</sup><sup>[[Cybernews Yanfeng Qilin November 2023](/references/93c89ca5-1863-4ee2-9fff-258f94f655c4)]</sup>",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C5011",
|
||||
"first_seen": "2023-08-01T00:00:00Z",
|
||||
"last_seen": "2023-11-16T00:00:00Z",
|
||||
"owner": "TidalCyberIan",
|
||||
"source": "Tidal Cyber",
|
||||
"tags": [
|
||||
"35e694ec-5133-46e3-b7e1-5831867c3b55",
|
||||
"15787198-6c8b-4f79-bf50-258d55072fee",
|
||||
"15b77e5c-2285-434d-9719-73c14beba8bd",
|
||||
"5e7433ad-a894-4489-93bc-41e90da90019",
|
||||
"7e7b0c67-bb85-4996-a289-da0e792d7172"
|
||||
]
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "f4225d6a-8734-401f-aa2a-1a73c23b16e6",
|
||||
"value": "LockBit Affiliate Citrix Bleed Exploits"
|
||||
},
|
||||
{
|
||||
"description": "[Night Dragon](https://app.tidalcyber.com/campaigns/85f136b3-d5a3-4c4c-a37c-40e4418dc989) was a cyber espionage campaign that targeted oil, energy, and petrochemical companies, along with individuals and executives in Kazakhstan, Taiwan, Greece, and the United States. The unidentified threat actors searched for information related to oil and gas field production systems, financials, and collected data from SCADA systems. Based on the observed techniques, tools, and network activities, security researchers assessed the campaign involved a threat group based in China.<sup>[[McAfee Night Dragon](https://app.tidalcyber.com/references/242d2933-ca2b-4511-803a-454727a3acc5)]</sup>",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C0002",
|
||||
"first_seen": "2009-11-01T04:00:00Z",
|
||||
"last_seen": "2011-02-01T05:00:00Z",
|
||||
"source": "MITRE"
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "85f136b3-d5a3-4c4c-a37c-40e4418dc989",
|
||||
"value": "Night Dragon"
|
||||
},
|
||||
{
|
||||
"description": "\"Operation Bearded Barbie\" was a suspected AridViper (aka APT-C-23/Desert Falcon) campaign that appeared to target Israeli individuals, especially \"high-profile\" defense, law enforcement, and other government service personnel. The campaign heavily relied upon social engineering techniques, including the use of well-developed social media personas, aimed at tricking targets into installing backdoors for Windows and Android devices. The campaign appeared to be motivated by information collection for espionage purposes.<sup>[[Cybereason Operation Bearded Barbie April 5 2022](/references/7d71b7c9-531e-4e4f-ab85-df2380555b7a)]</sup>",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C5018",
|
||||
"first_seen": "2022-03-01T00:00:00Z",
|
||||
"last_seen": "2022-04-01T00:00:00Z",
|
||||
"owner": "TidalCyberIan",
|
||||
"source": "Tidal Cyber"
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "0496e076-1813-4f51-86e6-8f551983e8f8",
|
||||
"value": "Operation Bearded Barbie"
|
||||
},
|
||||
{
|
||||
"description": "[Operation CuckooBees](https://app.tidalcyber.com/campaigns/81bf4e45-f0d3-4fec-a9d4-1259cf8542a1) was a cyber espionage campaign targeting technology and manufacturing companies in East Asia, Western Europe, and North America since at least 2019. Security researchers noted the goal of [Operation CuckooBees](https://app.tidalcyber.com/campaigns/81bf4e45-f0d3-4fec-a9d4-1259cf8542a1), which was still ongoing as of May 2022, was likely the theft of proprietary information, research and development documents, source code, and blueprints for various technologies. Researchers assessed [Operation CuckooBees](https://app.tidalcyber.com/campaigns/81bf4e45-f0d3-4fec-a9d4-1259cf8542a1) was conducted by actors affiliated with [Winnti Group](https://app.tidalcyber.com/groups/6932662a-53a7-4e43-877f-6e940e2d744b), [APT41](https://app.tidalcyber.com/groups/502223ee-8947-42f8-a532-a3b3da12b7d9), and BARIUM.<sup>[[Cybereason OperationCuckooBees May 2022](https://app.tidalcyber.com/references/fe3e2c7e-2287-406c-b717-cf7721b5843a)]</sup>",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C0012",
|
||||
"first_seen": "2019-12-01T07:00:00Z",
|
||||
"last_seen": "2022-05-01T06:00:00Z",
|
||||
"source": "MITRE"
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "81bf4e45-f0d3-4fec-a9d4-1259cf8542a1",
|
||||
"value": "Operation CuckooBees"
|
||||
},
|
||||
{
|
||||
"description": "[Operation Dream Job](https://app.tidalcyber.com/campaigns/9a94e646-cbe5-54a1-8bf6-70ef745e641b) was a cyber espionage operation likely conducted by [Lazarus Group](https://app.tidalcyber.com/groups/0bc66e95-de93-4de7-b415-4041b7191f08) that targeted the defense, aerospace, government, and other sectors in the United States, Israel, Australia, Russia, and India. In at least one case, the cyber actors tried to monetize their network access to conduct a business email compromise (BEC) operation. In 2020, security researchers noted overlapping TTPs, to include fake job lures and code similarities, between [Operation Dream Job](https://app.tidalcyber.com/campaigns/9a94e646-cbe5-54a1-8bf6-70ef745e641b), Operation North Star, and Operation Interception; by 2022 security researchers described [Operation Dream Job](https://app.tidalcyber.com/campaigns/9a94e646-cbe5-54a1-8bf6-70ef745e641b) as an umbrella term covering both Operation Interception and Operation North Star.<sup>[[ClearSky Lazarus Aug 2020](https://app.tidalcyber.com/references/2827e6e4-8163-47fb-9e22-b59e59cd338f)]</sup><sup>[[McAfee Lazarus Jul 2020](https://app.tidalcyber.com/references/43581a7d-d71a-4121-abb6-127483a49d12)]</sup><sup>[[ESET Lazarus Jun 2020](https://app.tidalcyber.com/references/b16a0141-dea3-4b34-8279-7bc1ce3d7052)]</sup><sup>[[The Hacker News Lazarus Aug 2022](https://app.tidalcyber.com/references/8ae38830-1547-5cc1-83a4-87c3a7c82aa6)]</sup>",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C0022",
|
||||
"first_seen": "2019-09-01T04:00:00Z",
|
||||
"last_seen": "2020-08-01T04:00:00Z",
|
||||
"source": "MITRE"
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "9a94e646-cbe5-54a1-8bf6-70ef745e641b",
|
||||
"value": "Operation Dream Job"
|
||||
},
|
||||
{
|
||||
"description": "[Operation Dust Storm](https://app.tidalcyber.com/campaigns/af0c0f55-dc4f-4cb5-9350-3a2d7c07595f) was a long-standing persistent cyber espionage campaign that targeted multiple industries in Japan, South Korea, the United States, Europe, and several Southeast Asian countries. By 2015, the [Operation Dust Storm](https://app.tidalcyber.com/campaigns/af0c0f55-dc4f-4cb5-9350-3a2d7c07595f) threat actors shifted from government and defense-related intelligence targets to Japanese companies or Japanese subdivisions of larger foreign organizations supporting Japan's critical infrastructure, including electricity generation, oil and natural gas, finance, transportation, and construction.<sup>[[Cylance Dust Storm](https://app.tidalcyber.com/references/001dd53c-74e6-4add-aeb7-da76b0d2afe8)]</sup>\n\n[Operation Dust Storm](https://app.tidalcyber.com/campaigns/af0c0f55-dc4f-4cb5-9350-3a2d7c07595f) threat actors also began to use Android backdoors in their operations by 2015, with all identified victims at the time residing in Japan or South Korea.<sup>[[Cylance Dust Storm](https://app.tidalcyber.com/references/001dd53c-74e6-4add-aeb7-da76b0d2afe8)]</sup>",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C0016",
|
||||
"first_seen": "2010-01-01T07:00:00Z",
|
||||
"last_seen": "2016-02-01T06:00:00Z",
|
||||
"source": "MITRE"
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "af0c0f55-dc4f-4cb5-9350-3a2d7c07595f",
|
||||
"value": "Operation Dust Storm"
|
||||
},
|
||||
{
|
||||
"description": "[Operation Ghost](https://app.tidalcyber.com/campaigns/1fcfe949-5f96-578e-86ad-069ba123c867) was an [APT29](https://app.tidalcyber.com/groups/4c3e48b9-4426-4271-a7af-c3dfad79f447) campaign starting in 2013 that included operations against ministries of foreign affairs in Europe and the Washington, D.C. embassy of a European Union country. During [Operation Ghost](https://app.tidalcyber.com/campaigns/1fcfe949-5f96-578e-86ad-069ba123c867), [APT29](https://app.tidalcyber.com/groups/4c3e48b9-4426-4271-a7af-c3dfad79f447) used new families of malware and leveraged web services, steganography, and unique C2 infrastructure for each victim.<sup>[[ESET Dukes October 2019](https://app.tidalcyber.com/references/fbc77b85-cc5a-4c65-956d-b8556974b4ef)]</sup>\n",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C0023",
|
||||
"first_seen": "2013-09-01T04:00:00Z",
|
||||
"last_seen": "2019-10-01T04:00:00Z",
|
||||
"source": "MITRE"
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "1fcfe949-5f96-578e-86ad-069ba123c867",
|
||||
"value": "Operation Ghost"
|
||||
},
|
||||
{
|
||||
"description": "[Operation Honeybee](https://app.tidalcyber.com/campaigns/f741ed36-2d52-40ae-bbdc-70722f4071c7) was a campaign that targeted humanitarian aid and inter-Korean affairs organizations from at least late 2017 through early 2018. [Operation Honeybee](https://app.tidalcyber.com/campaigns/f741ed36-2d52-40ae-bbdc-70722f4071c7) initially targeted South Korea, but expanded to include Vietnam, Singapore, Japan, Indonesia, Argentina, and Canada. Security researchers assessed the threat actors were likely Korean speakers based on metadata used in both lure documents and executables, and named the campaign \"Honeybee\" after the author name discovered in malicious Word documents.<sup>[[McAfee Honeybee](https://app.tidalcyber.com/references/e6f0f7b5-01fe-437f-a9c9-2ea054e7d69d)]</sup> ",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C0006",
|
||||
"first_seen": "2017-08-01T05:00:00Z",
|
||||
"last_seen": "2018-02-01T06:00:00Z",
|
||||
"source": "MITRE"
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "f741ed36-2d52-40ae-bbdc-70722f4071c7",
|
||||
"value": "Operation Honeybee"
|
||||
},
|
||||
{
|
||||
"description": "[Operation Sharpshooter](https://app.tidalcyber.com/campaigns/57e858c8-fd0b-4382-a178-0165d03aa8a9) was a global cyber espionage campaign that targeted nuclear, defense, government, energy, and financial companies, with many located in Germany, Turkey, the United Kingdom, and the United States. Security researchers noted the campaign shared many similarities with previous [Lazarus Group](https://app.tidalcyber.com/groups/0bc66e95-de93-4de7-b415-4041b7191f08) operations, including fake job recruitment lures and shared malware code.<sup>[[McAfee Sharpshooter December 2018](https://app.tidalcyber.com/references/96b6d012-8620-4ef5-bf9a-5f88e465a495)]</sup><sup>[[Bleeping Computer Op Sharpshooter March 2019](https://app.tidalcyber.com/references/84430646-6568-4288-8710-2827692a8862)]</sup><sup>[[Threatpost New Op Sharpshooter Data March 2019](https://app.tidalcyber.com/references/2361b5b1-3a01-4d77-99c6-261f444a498e)]</sup> ",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C0013",
|
||||
"first_seen": "2017-09-01T05:00:00Z",
|
||||
"last_seen": "2019-03-01T06:00:00Z",
|
||||
"source": "MITRE"
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "57e858c8-fd0b-4382-a178-0165d03aa8a9",
|
||||
"value": "Operation Sharpshooter"
|
||||
},
|
||||
{
|
||||
"description": "[Operation Spalax](https://app.tidalcyber.com/campaigns/98d3a8ac-6af9-4471-83f6-e880ca70261f) was a campaign that primarily targeted Colombian government organizations and private companies, particularly those associated with the energy and metallurgical industries. The [Operation Spalax](https://app.tidalcyber.com/campaigns/98d3a8ac-6af9-4471-83f6-e880ca70261f) threat actors distributed commodity malware and tools using generic phishing topics related to COVID-19, banking, and law enforcement action. Security researchers noted indicators of compromise and some infrastructure overlaps with other campaigns dating back to April 2018, including at least one separately attributed to [APT-C-36](https://app.tidalcyber.com/groups/153c14a6-31b7-44f2-892e-6d9fdc152267), however identified enough differences to report this as separate, unattributed activity.<sup>[[ESET Operation Spalax Jan 2021](https://app.tidalcyber.com/references/b699dd10-7d3f-4542-bf8a-b3f0c747bd0e)]</sup> ",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C0005",
|
||||
"first_seen": "2019-11-01T05:00:00Z",
|
||||
"last_seen": "2021-01-01T06:00:00Z",
|
||||
"source": "MITRE"
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "98d3a8ac-6af9-4471-83f6-e880ca70261f",
|
||||
"value": "Operation Spalax"
|
||||
},
|
||||
{
|
||||
"description": "[Operation Wocao](https://app.tidalcyber.com/campaigns/56e4e10f-8c8c-4b7c-8355-7ed89af181be) was a cyber espionage campaign that targeted organizations around the world, including in Brazil, China, France, Germany, Italy, Mexico, Portugal, Spain, the United Kingdom, and the United States. The suspected China-based actors compromised government organizations and managed service providers, as well as aviation, construction, energy, finance, health care, insurance, offshore engineering, software development, and transportation companies.<sup>[[FoxIT Wocao December 2019](https://app.tidalcyber.com/references/aa3e31c7-71cd-4a3f-b482-9049c9abb631)]</sup>\n\nSecurity researchers assessed the [Operation Wocao](https://app.tidalcyber.com/campaigns/56e4e10f-8c8c-4b7c-8355-7ed89af181be) actors used similar TTPs and tools as APT20, suggesting a possible overlap. [Operation Wocao](https://app.tidalcyber.com/campaigns/56e4e10f-8c8c-4b7c-8355-7ed89af181be) was named after an observed command line entry by one of the threat actors, possibly out of frustration from losing webshell access.<sup>[[FoxIT Wocao December 2019](https://app.tidalcyber.com/references/aa3e31c7-71cd-4a3f-b482-9049c9abb631)]</sup>",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C0014",
|
||||
"first_seen": "2017-12-01T05:00:00Z",
|
||||
"last_seen": "2019-12-01T05:00:00Z",
|
||||
"source": "MITRE"
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "56e4e10f-8c8c-4b7c-8355-7ed89af181be",
|
||||
"value": "Operation Wocao"
|
||||
},
|
||||
{
|
||||
"description": "In May 2023, U.S. Cybersecurity & Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) authorities released Cybersecurity Advisory AA23-131A, which detailed observed exploits of a vulnerability, CVE-2023-27350, affecting certain versions of PaperCut NG and PaperCut MF, software applications for print management. PaperCut released a patch for the vulnerability in March 2023.<sup>[[PaperCut MF/NG vulnerability bulletin](/references/d6e71b45-fc91-40f4-8201-2186994ae42a)]</sup> According to the Advisory, authorities observed unspecified threat actors exploiting the vulnerability in mid-April 2023, followed by exploitation by the self-identified Bl00dy Ransomware Gang the following month.<sup>[[U.S. CISA PaperCut May 2023](/references/b5ef2b97-7cc7-470b-ae97-a45dc4af32a6)]</sup>\n\nCVE-2023-27350 allows a remote actor to bypass authentication and remotely execute code on servers running affected versions of PaperCut software. In May, U.S. authorities observed Bl00dy Ransomware Gang actors exploiting the vulnerability to achieve initial access into education sector entities' networks and ingressing both legitimate remote management and maintenance (RMM) tools and several other command and control-related malware, including Lizar, Truebot, and Cobalt Strike. In some cases, the actors ultimately exfiltrated victim data and encrypted files, demanding payment in order to decrypt affected systems (the Advisory did not indicate how precisely actors encrypted data). The Advisory indicated that the \"Education Facilities Subsector\" maintains nearly 70% of exposed (but not necessarily vulnerable) U.S.-based PaperCut servers.<sup>[[U.S. CISA PaperCut May 2023](/references/b5ef2b97-7cc7-470b-ae97-a45dc4af32a6)]</sup>\n\nThe Advisory instructed defenders to focus CVE-2023-27350 detection efforts on three areas: network traffic signatures, system monitoring, and server settings and log files. More details and resources for detection can be found in the [source report](https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-131a).\n\n**Related Vulnerabilities**: CVE-2023-27350<sup>[[U.S. CISA PaperCut May 2023](/references/b5ef2b97-7cc7-470b-ae97-a45dc4af32a6)]</sup>",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C5003",
|
||||
"first_seen": "2023-04-15T00:00:00Z",
|
||||
"last_seen": "2023-05-30T00:00:00Z",
|
||||
"owner": "TidalCyberIan",
|
||||
"source": "Tidal Cyber",
|
||||
"tags": [
|
||||
"5e7433ad-a894-4489-93bc-41e90da90019",
|
||||
"7e7b0c67-bb85-4996-a289-da0e792d7172",
|
||||
"15787198-6c8b-4f79-bf50-258d55072fee",
|
||||
"a98d7a43-f227-478e-81de-e7299639a355",
|
||||
"992bdd33-4a47-495d-883a-58010a2f0efb"
|
||||
]
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "38443d11-135a-47ac-909f-fa34744bc3a5",
|
||||
"value": "PaperCut Vulnerability Exploitation"
|
||||
},
|
||||
{
|
||||
"description": "*Operationalize this intelligence by pivoting to relevant defensive resources via the Techniques below. Alternatively, use the **Add to Matrix** button above, then overlay entire sets of capabilities from your own defensive stack to identify threat overlaps & potential gaps (watch a [60-second tutorial here](https://www.youtube.com/watch?v=4jBo3XLO01E)).*\n\nThis is a single object to represent the initial access and delivery methods observed with Pikabot distribution in the first year after its discovery. Distribution campaigns have been linked to the TA577 threat actor (previously known for distributing payloads including QakBot, IcedID, SystemBC, and Cobalt Strike)<sup>[[Malwarebytes Pikabot December 15 2023](/references/50b29ef4-7ade-4672-99b6-fdf367170a5b)]</sup><sup>[[Unit42 Malware Roundup December 29 2023](/references/a18e19b5-9046-4c2c-bd94-2cd5061064bf)]</sup>; however, the Technique- and Procedure level intelligence associated with these campaigns that is provided below was not explicitly linked to that group, so we are providing this intelligence to users in this Campaign form. The Water Curupira intrusion set (affiliated with the Black Basta ransomware operation) has also been observed distributing Pikabot.<sup>[[Trend Micro Pikabot January 9 2024](/references/dc7d882b-4e83-42da-8e2f-f557b675930a)]</sup>",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C5013",
|
||||
"first_seen": "2023-02-01T00:00:00Z",
|
||||
"last_seen": "2023-12-31T00:00:00Z",
|
||||
"owner": "TidalCyberIan",
|
||||
"source": "Tidal Cyber",
|
||||
"tags": [
|
||||
"f8669b82-2194-49a9-8e20-92e7f9ab0a6f",
|
||||
"84615fe0-c2a5-4e07-8957-78ebc29b4635"
|
||||
]
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "71f6d3b1-c45e-421c-99cb-3b695647cf0b",
|
||||
"value": "Pikabot Distribution Campaigns 2023"
|
||||
},
|
||||
{
|
||||
"description": "The [SolarWinds Compromise](https://app.tidalcyber.com/campaigns/8bde8146-0656-5800-82e6-e24e008e4f4a) was a sophisticated supply chain cyber operation conducted by [APT29](https://app.tidalcyber.com/groups/4c3e48b9-4426-4271-a7af-c3dfad79f447) that was discovered in mid-December 2020. [APT29](https://app.tidalcyber.com/groups/4c3e48b9-4426-4271-a7af-c3dfad79f447) used customized malware to inject malicious code into the SolarWinds Orion software build process that was later distributed through a normal software update; they also used password spraying, token theft, API abuse, spear phishing, and other supply chain attacks to compromise user accounts and leverage their associated access. Victims of this campaign included government, consulting, technology, telecom, and other organizations in North America, Europe, Asia, and the Middle East. Industry reporting initially referred to the actors involved in this campaign as UNC2452, NOBELIUM, StellarParticle, Dark Halo, and SolarStorm.<sup>[[SolarWinds Advisory Dec 2020](https://app.tidalcyber.com/references/4e8b908a-bdc5-441b-bc51-98dfa87f6b7a)]</sup><sup>[[SolarWinds Sunburst Sunspot Update January 2021](https://app.tidalcyber.com/references/1be1b6e0-1b42-4d07-856b-b6321c17bb88)]</sup><sup>[[FireEye SUNBURST Backdoor December 2020](https://app.tidalcyber.com/references/d006ed03-a8af-4887-9356-3481d81d43e4)]</sup><sup>[[Volexity SolarWinds](https://app.tidalcyber.com/references/355cecf8-ef3e-4a6e-a652-3bf26fe46d88)]</sup><sup>[[CrowdStrike StellarParticle January 2022](https://app.tidalcyber.com/references/149c1446-d6a1-4a63-9420-def9272d6cb9)]</sup><sup>[[Unit 42 SolarStorm December 2020](https://app.tidalcyber.com/references/ecbb602a-2427-5eba-8c2b-25d90c95f166)]</sup><sup>[[Microsoft Analyzing Solorigate Dec 2020](https://app.tidalcyber.com/references/8ad72d46-ba2c-426f-bb0d-eb47723c8e11)]</sup><sup>[[Microsoft Internal Solorigate Investigation Blog](https://app.tidalcyber.com/references/66cade99-0040-464c-98a6-bba57719f0a4)]</sup> \n\nIn April 2021, the US and UK governments attributed the [SolarWinds Compromise](https://app.tidalcyber.com/campaigns/8bde8146-0656-5800-82e6-e24e008e4f4a) to Russia's Foreign Intelligence Service (SVR); public statements included citations to [APT29](https://app.tidalcyber.com/groups/4c3e48b9-4426-4271-a7af-c3dfad79f447), Cozy Bear, and The Dukes.<sup>[[NSA Joint Advisory SVR SolarWinds April 2021](https://app.tidalcyber.com/references/43d9c469-1d54-454b-ba67-74e7f1de9c10)]</sup><sup>[[UK NSCS Russia SolarWinds April 2021](https://app.tidalcyber.com/references/f49e6780-8caa-4c3c-8d68-47a2cc4319a1)]</sup><sup>[[Mandiant UNC2452 APT29 April 2022](https://app.tidalcyber.com/references/5276508c-6792-56be-b757-e4b495ef6c37)]</sup> The US government assessed that of the approximately 18,000 affected public and private sector customers of Solar Winds’ Orion product, a much smaller number were compromised by follow-on [APT29](https://app.tidalcyber.com/groups/4c3e48b9-4426-4271-a7af-c3dfad79f447) activity on their systems.<sup>[[USG Joint Statement SolarWinds January 2021](https://app.tidalcyber.com/references/336a6549-a95d-5763-bbaf-5ef0d3141800)]</sup> ",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C0024",
|
||||
"first_seen": "2019-08-01T05:00:00Z",
|
||||
"last_seen": "2021-01-01T06:00:00Z",
|
||||
"source": "MITRE",
|
||||
"tags": [
|
||||
"f2ae2283-f94d-4f8f-bbde-43f2bed66c55"
|
||||
]
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "8bde8146-0656-5800-82e6-e24e008e4f4a",
|
||||
"value": "SolarWinds Compromise"
|
||||
},
|
||||
{
|
||||
"description": "[Triton Safety Instrumented System Attack](https://app.tidalcyber.com/campaigns/6c7185e1-bd46-5a80-9a76-a376b16fbc7b) was a campaign employed by [TEMP.Veles](https://app.tidalcyber.com/groups/3a54b8dc-a231-4db8-96da-1c0c1aa396f6) which leveraged the [Triton](https://app.tidalcyber.com/software/) malware framework against a petrochemical organization.<sup>[[Triton-EENews-2017](https://app.tidalcyber.com/references/5cc54d85-ee53-579d-a8fb-9b54b3540dc0)]</sup> The malware and techniques used within this campaign targeted specific Triconex [Safety Controller](https://attack.mitre.org/assets/A0010)s within the environment.<sup>[[FireEye TRITON 2018](https://app.tidalcyber.com/references/bfa5886a-a7f4-40d1-98d0-c3358abcf265)]</sup> The incident was eventually discovered due to a safety trip that occurred as a result of an issue in the malware.<sup>[[FireEye TRITON 2017](https://app.tidalcyber.com/references/597a4d8b-ffb2-4551-86db-b319f5a5b707)]</sup>\n",
|
||||
"meta": {
|
||||
"campaign_attack_id": "C0030",
|
||||
"first_seen": "2017-06-01T04:00:00Z",
|
||||
"last_seen": "2017-08-01T04:00:00Z",
|
||||
"source": "MITRE"
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "6c7185e1-bd46-5a80-9a76-a376b16fbc7b",
|
||||
"value": "Triton Safety Instrumented System Attack"
|
||||
}
|
||||
],
|
||||
"version": 1
|
||||
}
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because one or more lines are too long
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,630 @@
|
|||
{
|
||||
"authors": [
|
||||
"Microsoft",
|
||||
"Evgeny Bogokovsky",
|
||||
"Ram Pliskin"
|
||||
],
|
||||
"category": "tmss",
|
||||
"description": "Microsoft Defender for Cloud threat matrix for storage services contains attack tactics, techniques and mitigations relevant storage services delivered by cloud providers.",
|
||||
"name": "Threat Matrix for storage services",
|
||||
"source": "https://github.com/microsoft/Threat-matrix-for-storage-services",
|
||||
"type": "tmss",
|
||||
"uuid": "aaf033a6-7f1e-45ab-beef-20a52b75b641",
|
||||
"values": [
|
||||
{
|
||||
"description": "Attackers may execute active reconnaissance scans to gather storage account names that becomes a potential target. Active scans are those where the adversary probes victim infrastructure via network traffic, as opposed to other forms of reconnaissance that do not involve direct interaction.",
|
||||
"meta": {
|
||||
"external_id": "MS-T801",
|
||||
"kill_chain": [
|
||||
"TMSS-tactics:Reconnaissance"
|
||||
],
|
||||
"refs": [
|
||||
"https://microsoft.github.io/Threat-matrix-for-storage-services/techniques/storage-account-discovery"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "67073dde-d720-45ae-83da-b12d5e73ca3b",
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "106eb589-71e3-58a1-a37e-916cdc902414",
|
||||
"value": "MS-T801 - Storage account discovery"
|
||||
},
|
||||
{
|
||||
"description": "Attackers may use search engines to collect information about victim storage accounts that can be used during targeting. Search engine services typical crawl online sites to index context and may provide users with specialized syntax to search for specific keywords such as storage accounts domain names (site:*.blob.core.windows.net)",
|
||||
"meta": {
|
||||
"external_id": "MS-T804",
|
||||
"kill_chain": [
|
||||
"TMSS-tactics:Reconnaissance"
|
||||
],
|
||||
"refs": [
|
||||
"https://microsoft.github.io/Threat-matrix-for-storage-services/techniques/search-engines"
|
||||
]
|
||||
},
|
||||
"uuid": "044be881-7476-5fbe-a760-bdf9cf949cab",
|
||||
"value": "MS-T804 - Search engines"
|
||||
},
|
||||
{
|
||||
"description": "Attackers may search public databases for publicly available storage accounts that can be used during targeting.",
|
||||
"meta": {
|
||||
"external_id": "MS-T803",
|
||||
"kill_chain": [
|
||||
"TMSS-tactics:Reconnaissance"
|
||||
],
|
||||
"refs": [
|
||||
"https://microsoft.github.io/Threat-matrix-for-storage-services/techniques/databases-of-public-accounts"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "55fc4df0-b42c-479a-b860-7a6761bcaad0",
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "ef3d435e-8ca6-5864-a882-e7b092870719",
|
||||
"value": "MS-T803 - Databases of publicly available storage accounts"
|
||||
},
|
||||
{
|
||||
"description": "Attackers may search for DNS data for valid storage account names that can become potential targets. Threat actors can query nameservers using brute-force technique to enumerate existing storage accounts in the wild, or search through centralized repositories of logged DNS query responses (known as passive DNS).",
|
||||
"meta": {
|
||||
"external_id": "MS-T826",
|
||||
"kill_chain": [
|
||||
"TMSS-tactics:Reconnaissance"
|
||||
],
|
||||
"refs": [
|
||||
"https://microsoft.github.io/Threat-matrix-for-storage-services/techniques/dns-passive-dns"
|
||||
]
|
||||
},
|
||||
"uuid": "e5b2e210-fedb-5651-bb82-484e9f0dfde8",
|
||||
"value": "MS-T826 - DNS/Passive DNS"
|
||||
},
|
||||
{
|
||||
"description": "Attackers may look for storage accounts of a victim enterprise by searching its websites. Victim-owned website pages may be stored on a storage account or contain links to retrieve data stored in a storage account. The links contain the URL of the storage and provide an entry point into the account.",
|
||||
"meta": {
|
||||
"external_id": "MS-T805",
|
||||
"kill_chain": [
|
||||
"TMSS-tactics:Reconnaissance"
|
||||
],
|
||||
"refs": [
|
||||
"https://microsoft.github.io/Threat-matrix-for-storage-services/techniques/victim-owned-websites"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "16cdd21f-da65-4e4f-bc04-dd7d198c7b26",
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "53e65db3-5177-56fc-ae07-088c9919463e",
|
||||
"value": "MS-T805 - Victim-owned websites"
|
||||
},
|
||||
{
|
||||
"description": "A shared access signature (SAS) is a token, that is appended to the a uniform resource identifier (URI) for a storage resource, that grants restricted access rights over the associated resource in your storage account. Attackers may get a SAS token using one of the Credential Access techniques or during the reconnaissance process through social engineering.",
|
||||
"meta": {
|
||||
"external_id": "MS-T814",
|
||||
"kill_chain": [
|
||||
"TMSS-tactics:Initial Access"
|
||||
],
|
||||
"refs": [
|
||||
"https://microsoft.github.io/Threat-matrix-for-storage-services/techniques/valid-sas-token"
|
||||
]
|
||||
},
|
||||
"uuid": "1900b9ba-0b3c-5ad7-bdd0-ac8c40a8da0a",
|
||||
"value": "MS-T814 - Valid SAS token"
|
||||
},
|
||||
{
|
||||
"description": "Attackers may get a shared key using one of Credential Access techniques or capture one earlier in their reconnaissance process through social engineering to gain initial access. Adversaries may leverage keys left in source code or configuration files. Sophisticated attackers may also obtain keys from hosts (virtual machines) that have mounted File Share on their system (SMB). Shared key provides unrestricted permissions over all data plane operations.",
|
||||
"meta": {
|
||||
"external_id": "MS-T815",
|
||||
"kill_chain": [
|
||||
"TMSS-tactics:Initial Access"
|
||||
],
|
||||
"refs": [
|
||||
"https://microsoft.github.io/Threat-matrix-for-storage-services/techniques/valid-shared-key"
|
||||
]
|
||||
},
|
||||
"uuid": "3348438e-9ed7-5aa3-b60b-8c97075c0550",
|
||||
"value": "MS-T815 - Valid shared key"
|
||||
},
|
||||
{
|
||||
"description": "Attackers may steal account credentials using one of the credential access techniques or capture an account earlier in their reconnaissance process through social engineering to gain initial access. An authorized principal account can result in full control of storage account resources.",
|
||||
"meta": {
|
||||
"external_id": "MS-T816",
|
||||
"kill_chain": [
|
||||
"TMSS-tactics:Initial Access"
|
||||
],
|
||||
"refs": [
|
||||
"https://microsoft.github.io/Threat-matrix-for-storage-services/techniques/authorized-principal-account"
|
||||
]
|
||||
},
|
||||
"uuid": "ad800a27-4d29-58f4-962e-f3b01acea800",
|
||||
"value": "MS-T816 - Authorized principal account"
|
||||
},
|
||||
{
|
||||
"description": "Attackers may leverage publicly exposed storage accounts to list containers/blobs and their properties. Azure Storage supports optional anonymous public read access for containers and blobs. By default, anonymous access to your data is never permitted. Unless you explicitly enable anonymous access, all requests to a container and its blobs must be authorized. When you configure a container's public access level setting to permit anonymous access, clients can read data in that container without authorizing the request.",
|
||||
"meta": {
|
||||
"external_id": "MS-T817",
|
||||
"kill_chain": [
|
||||
"TMSS-tactics:Initial Access"
|
||||
],
|
||||
"refs": [
|
||||
"https://microsoft.github.io/Threat-matrix-for-storage-services/techniques/anonymous-public-read-access"
|
||||
]
|
||||
},
|
||||
"uuid": "3e5fba42-41c6-54ff-8977-e9f861f9e039",
|
||||
"value": "MS-T817 - Anonymous public read access"
|
||||
},
|
||||
{
|
||||
"description": "Attackers may obtain and abuse credentials of an SFTP account as a means of gaining initial access. SFTP is a prevalent file transfer protocol between a client and a remote service. Once the user connects to the cloud storage service, the user can upload and download blobs and perform other operations that are supported by the protocol. SFTP connection requires SFTP accounts which are managed locally in the storage service instance, including credentials in a form of passwords or key-pairs.",
|
||||
"meta": {
|
||||
"external_id": "MS-T825",
|
||||
"kill_chain": [
|
||||
"TMSS-tactics:Initial Access"
|
||||
],
|
||||
"refs": [
|
||||
"https://microsoft.github.io/Threat-matrix-for-storage-services/techniques/sftp-credentials"
|
||||
]
|
||||
},
|
||||
"uuid": "abc4f207-7149-54cb-baa8-685506759e03",
|
||||
"value": "MS-T825 - SFTP credentials"
|
||||
},
|
||||
{
|
||||
"description": "Attackers may perform initial access to a storage account using NFS protocol where enabled. While access is restricted to a list of allowed virtual networks that are configured on the storage account firewall, connection via NFS protocol does not require authentication and can be performed by any source on the specified networks.",
|
||||
"meta": {
|
||||
"external_id": "MS-T827",
|
||||
"kill_chain": [
|
||||
"TMSS-tactics:Initial Access"
|
||||
],
|
||||
"refs": [
|
||||
"https://microsoft.github.io/Threat-matrix-for-storage-services/techniques/nfs-access"
|
||||
]
|
||||
},
|
||||
"uuid": "6b17039c-ec8b-54af-8363-232d5acef0e3",
|
||||
"value": "MS-T827 - NFS access"
|
||||
},
|
||||
{
|
||||
"description": "Attackers may perform initial access to a storage account file shares using Server Message Block (SMB) protocol.",
|
||||
"meta": {
|
||||
"external_id": "MS-T828",
|
||||
"kill_chain": [
|
||||
"TMSS-tactics:Initial Access"
|
||||
],
|
||||
"refs": [
|
||||
"https://microsoft.github.io/Threat-matrix-for-storage-services/techniques/smb-access"
|
||||
]
|
||||
},
|
||||
"uuid": "2ede6cb7-2d42-577d-814d-a767b0dccf83",
|
||||
"value": "MS-T828 - SMB access"
|
||||
},
|
||||
{
|
||||
"description": "Attackers may set a replication policy between source and destination containers that asynchronously copies objects from source to destination. This feature can be maliciously misused in both directions. Outbound replication can serve as an exfiltration channel of customer data from the victim's container to an adversary's container. Inbound replication can be used to deliver malware from an adversary's container to a victim's container. After the policy is set, the attacker can operate on their container without accessing the victim container.",
|
||||
"meta": {
|
||||
"external_id": "MS-T840",
|
||||
"kill_chain": [
|
||||
"TMSS-tactics:Initial Access",
|
||||
"TMSS-tactics:Exfiltration"
|
||||
],
|
||||
"refs": [
|
||||
"https://microsoft.github.io/Threat-matrix-for-storage-services/techniques/object-replication"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "d4bdbdea-eaec-4071-b4f9-5105e12ea4b6",
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "8fdc8739-5b51-51c8-b290-f94a3bd07271",
|
||||
"value": "MS-T840 - Object replication"
|
||||
},
|
||||
{
|
||||
"description": "Attackers may disable firewall protection or set additional firewall rules to masquerade their access channel. Azure Storage offers a set of built-in network access features. Administrators can leverage these capabilities to restrict access to storage resources. Restriction rules can operate at the IP level or VNet IDs. When network rules are configured, only requests originated from authorized subnets will be served.",
|
||||
"meta": {
|
||||
"external_id": "MS-T813",
|
||||
"kill_chain": [
|
||||
"TMSS-tactics:Persistence",
|
||||
"TMSS-tactics:Defense Evasion"
|
||||
],
|
||||
"refs": [
|
||||
"https://microsoft.github.io/Threat-matrix-for-storage-services/techniques/firewall-configuration-changes"
|
||||
]
|
||||
},
|
||||
"uuid": "a608566b-99bc-523c-9e7c-0e220fe2c972",
|
||||
"value": "MS-T813 - Firewall and virtual networks configuratioin changes"
|
||||
},
|
||||
{
|
||||
"description": "Storage services offer built-in RBAC roles that encompass sets of permissions used to access different data types. Definition of custom roles is also supported. Upon assignment of an RBAC role to an identity object (like Azure AD security principal) the storage provider grants access to that security principal. Attackers may leverage the RBAC mechanism to ensure persistent access to their owned identity objects.",
|
||||
"meta": {
|
||||
"external_id": "MS-T808",
|
||||
"kill_chain": [
|
||||
"TMSS-tactics:Persistence",
|
||||
"TMSS-tactics:Defense Evasion"
|
||||
],
|
||||
"refs": [
|
||||
"https://microsoft.github.io/Threat-matrix-for-storage-services/techniques/rbac-permission"
|
||||
]
|
||||
},
|
||||
"uuid": "bf27614e-18ca-5ab0-add4-610777067754",
|
||||
"value": "MS-T808 - Role-based access control permission"
|
||||
},
|
||||
{
|
||||
"description": "Attackers may create a high-privileged SAS token with long expiry to preserve valid credentials for a long period. The tokens are not monitored by storage accounts thus they cannot be revoked (except Service SAS) and it's not easy to determine whether there are valid tokens in the wild until they are used.",
|
||||
"meta": {
|
||||
"external_id": "MS-T806",
|
||||
"kill_chain": [
|
||||
"TMSS-tactics:Persistence"
|
||||
],
|
||||
"refs": [
|
||||
"https://microsoft.github.io/Threat-matrix-for-storage-services/techniques/create-sas-token"
|
||||
]
|
||||
},
|
||||
"uuid": "5eefa8fc-0ae5-57f1-9a65-389186e25ca4",
|
||||
"value": "MS-T806 - Create SAS token"
|
||||
},
|
||||
{
|
||||
"description": "Attackers may adjust the container access level property at the granularity of a blob or container, to permit anonymous read access to data in the storage account. This configuration secures a channel to exfiltrate data even if the initial access technique is no longer valid.",
|
||||
"meta": {
|
||||
"external_id": "MS-T807",
|
||||
"kill_chain": [
|
||||
"TMSS-tactics:Persistence"
|
||||
],
|
||||
"refs": [
|
||||
"https://microsoft.github.io/Threat-matrix-for-storage-services/techniques/container-access-level-property"
|
||||
]
|
||||
},
|
||||
"uuid": "17061b42-9706-5594-9ac2-2b9dd2150649",
|
||||
"value": "MS-T807 - Container access level property"
|
||||
},
|
||||
{
|
||||
"description": "Attackers may create an SFTP account to maintain access to a target storage account. The SFTP account is local on the storage instance and is not subject to Azure RBAC permissions. The account is also unaffected in case of storage account access keys rotation.",
|
||||
"meta": {
|
||||
"external_id": "MS-T809",
|
||||
"kill_chain": [
|
||||
"TMSS-tactics:Persistence"
|
||||
],
|
||||
"refs": [
|
||||
"https://microsoft.github.io/Threat-matrix-for-storage-services/techniques/sftp-account"
|
||||
]
|
||||
},
|
||||
"uuid": "a31f49b0-5c72-577a-9f73-198daa685f17",
|
||||
"value": "MS-T809 - SFTP account"
|
||||
},
|
||||
{
|
||||
"description": "Attackers may configure the storage account firewall to allow access by trusted Azure services. Azure Storage provides a predefined list of trusted services. Any resource from that list that belongs to the same subscription as the storage account is allowed by the firewall even if there is no firewall rule that explicitly permits the source address of the resource.",
|
||||
"meta": {
|
||||
"external_id": "MS-T830",
|
||||
"kill_chain": [
|
||||
"TMSS-tactics:Persistence"
|
||||
],
|
||||
"refs": [
|
||||
"https://microsoft.github.io/Threat-matrix-for-storage-services/techniques/trusted-azure-services"
|
||||
]
|
||||
},
|
||||
"uuid": "c78756dd-1bb7-5145-bb82-8268b55d1996",
|
||||
"value": "MS-T830 - Trusted Azure services"
|
||||
},
|
||||
{
|
||||
"description": "Attackers may configure the storage account firewall to allow access by specific resource instances based on their system-assigned managed identity, regardless of their source address. The resource type can be chosen from a predefined list provided by Azure Storage, and the resource instance must be in the same tenant as the storage account. The RBAC permissions of the resource instance determine the types of operations that a resource instance can perform on storage account data.",
|
||||
"meta": {
|
||||
"external_id": "MS-T829",
|
||||
"kill_chain": [
|
||||
"TMSS-tactics:Persistence"
|
||||
],
|
||||
"refs": [
|
||||
"https://microsoft.github.io/Threat-matrix-for-storage-services/techniques/trusted-access-managed-identity"
|
||||
]
|
||||
},
|
||||
"uuid": "0f60104b-65bd-5ca4-8286-d83c6310d5b0",
|
||||
"value": "MS-T829 - Trusted access based on a managed identity"
|
||||
},
|
||||
{
|
||||
"description": "Attackers may set private endpoints for a storage account to establish a separate communication channel from a target virtual network. The new endpoint is assigned with a private IP address within the virtual network's address range. All the requests sent to the private endpoint bypass the storage account firewall by design.",
|
||||
"meta": {
|
||||
"external_id": "MS-T812",
|
||||
"kill_chain": [
|
||||
"TMSS-tactics:Persistence",
|
||||
"TMSS-tactics:Defense Evasion"
|
||||
],
|
||||
"refs": [
|
||||
"https://microsoft.github.io/Threat-matrix-for-storage-services/techniques/private-endpoint"
|
||||
]
|
||||
},
|
||||
"uuid": "b57fb931-e898-59f2-b456-fefce5e19e99",
|
||||
"value": "MS-T812 - Private endpoint"
|
||||
},
|
||||
{
|
||||
"description": "Storage services offer different types of cloning or backup data stored on them. Attackers may abuse these built-in capabilities to steal sensitive documents, source code, credentials, and other business crucial information.",
|
||||
"meta": {
|
||||
"external_id": "MS-T841",
|
||||
"kill_chain": [
|
||||
"TMSS-tactics:Defense Evasion"
|
||||
],
|
||||
"refs": [
|
||||
"https://microsoft.github.io/Threat-matrix-for-storage-services/techniques/storage-data-clone"
|
||||
]
|
||||
},
|
||||
"uuid": "1581f347-b5bf-5237-b4cf-9005fbe0fcf6",
|
||||
"value": "MS-T841 - Storage data clone"
|
||||
},
|
||||
{
|
||||
"description": "Attackers may fragment stolen information and exfiltrate it on different size chunks to avoid being detected by triggering potentially predefined transfer threshold alerts.",
|
||||
"meta": {
|
||||
"external_id": "MS-T831",
|
||||
"kill_chain": [
|
||||
"TMSS-tactics:Defense Evasion",
|
||||
"TMSS-tactics:Exfiltration"
|
||||
],
|
||||
"refs": [
|
||||
"https://microsoft.github.io/Threat-matrix-for-storage-services/techniques/data-transfer-size-limits"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "c3888c54-775d-4b2f-b759-75a2ececcbfd",
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "30de37bf-a416-5f25-8396-a2af42ff437a",
|
||||
"value": "MS-T831 - Data transfer size limits"
|
||||
},
|
||||
{
|
||||
"description": "Attackers may exploit legitimate automation processes, predefined by the compromised organization, with the goal of having their logging traces blend in normally within the company’s typical activities. Assimilating or disguising malicious intentions will keep adversary actions, such as data theft, stealthier.",
|
||||
"meta": {
|
||||
"external_id": "MS-T832",
|
||||
"kill_chain": [
|
||||
"TMSS-tactics:Defense Evasion",
|
||||
"TMSS-tactics:Exfiltration"
|
||||
],
|
||||
"refs": [
|
||||
"https://microsoft.github.io/Threat-matrix-for-storage-services/techniques/automated-exfiltration"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9",
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "f4a35b50-b56b-5663-8a84-e2235cee712f",
|
||||
"value": "MS-T832 - Automated exfiltration"
|
||||
},
|
||||
{
|
||||
"description": "Attackers may disable storage account audit logs to prevent event tracking and avoid detection. Audit logs provide a detailed record of operations performed on a target storage account and may be used to detect malicious activities. Thus, disabling these logs can leave a resource vulnerable to attacks without being detected.",
|
||||
"meta": {
|
||||
"external_id": "MS-T810",
|
||||
"kill_chain": [
|
||||
"TMSS-tactics:Defense Evasion"
|
||||
],
|
||||
"refs": [
|
||||
"https://microsoft.github.io/Threat-matrix-for-storage-services/techniques/disable-audit-logs"
|
||||
]
|
||||
},
|
||||
"uuid": "ef893695-23f7-5f90-9135-9c50a259abe1",
|
||||
"value": "MS-T810 - Disable audit logs"
|
||||
},
|
||||
{
|
||||
"description": "Attackers may disable the cloud workload protection service which raises security alerts upon detection of malicious activities in cloud storage services.",
|
||||
"meta": {
|
||||
"external_id": "MS-T811",
|
||||
"kill_chain": [
|
||||
"TMSS-tactics:Defense Evasion"
|
||||
],
|
||||
"refs": [
|
||||
"https://microsoft.github.io/Threat-matrix-for-storage-services/techniques/disable-protection-service"
|
||||
]
|
||||
},
|
||||
"uuid": "14af4a95-e84c-52fb-80ac-0f3aeb13a643",
|
||||
"value": "MS-T811 - Disable cloud workload protection"
|
||||
},
|
||||
{
|
||||
"description": "Attackers may split their requests across geo replicas to reduce the footprint in each region and avoid being detected by various rules and heuristics.",
|
||||
"meta": {
|
||||
"external_id": "MS-T833",
|
||||
"kill_chain": [
|
||||
"TMSS-tactics:Defense Evasion"
|
||||
],
|
||||
"refs": [
|
||||
"https://microsoft.github.io/Threat-matrix-for-storage-services/techniques/operations-across-geo-replicas"
|
||||
]
|
||||
},
|
||||
"uuid": "7853ec1a-6440-5119-a719-0cee735f3034",
|
||||
"value": "MS-T833 - Operations across geo replicas"
|
||||
},
|
||||
{
|
||||
"description": "Attackers may leverage subscription/account-level access to gather storage account keys and use these keys to authenticate at the resource level. This technique exhibits cloud resource pivoting in combination with control management and data planes. Adversaries can query management APIs to fetch primary and secondary storage account keys.",
|
||||
"meta": {
|
||||
"external_id": "MS-T818",
|
||||
"kill_chain": [
|
||||
"TMSS-tactics:Credential Access"
|
||||
],
|
||||
"refs": [
|
||||
"https://microsoft.github.io/Threat-matrix-for-storage-services/techniques/access-key-query"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "890c9858-598c-401d-a4d5-c67ebcdd703a",
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "06735c35-4f9d-5ba4-9f05-7d087eac2e84",
|
||||
"value": "MS-T818 - Access key query"
|
||||
},
|
||||
{
|
||||
"description": "Cloud Shell is an interactive, authenticated, browser-accessible shell for managing cloud resources. It provides the flexibility of shell experience, either Bash or PowerShell. To support the Cloud Shell promise of being accessible from everywhere, Cloud Shell profiles and session history are saved on storage account. Attackers may leverage the legitimate use of Cloud Shell to impersonate account owners and potentially obtain additional secrets logged as part of session history.",
|
||||
"meta": {
|
||||
"external_id": "MS-T834",
|
||||
"kill_chain": [
|
||||
"TMSS-tactics:Credential Access"
|
||||
],
|
||||
"refs": [
|
||||
"https://microsoft.github.io/Threat-matrix-for-storage-services/techniques/cloud-shell-profiles"
|
||||
]
|
||||
},
|
||||
"uuid": "cf858945-94ff-5d2d-ab02-bfe15626d8b3",
|
||||
"value": "MS-T834 - Cloud shell profiles"
|
||||
},
|
||||
{
|
||||
"description": "Attackers may sniff network traffic and capture credentials sent over an insecure protocol. When Storage account is configured to support unencrypted protocol such as HTTP, credentials are passed over the wire unprotected and are susceptible to leakage. The attacker can use the compromised credentials to gain initial access to the storage account.",
|
||||
"meta": {
|
||||
"external_id": "MS-T819",
|
||||
"kill_chain": [
|
||||
"TMSS-tactics:Credential Access"
|
||||
],
|
||||
"refs": [
|
||||
"https://microsoft.github.io/Threat-matrix-for-storage-services/techniques/unsecured-communication-channel"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529",
|
||||
"type": "related-to"
|
||||
}
|
||||
],
|
||||
"uuid": "37baec71-2c4e-5904-94c4-5bf1c88623b6",
|
||||
"value": "MS-T819 - Unsecured communication channel"
|
||||
},
|
||||
{
|
||||
"description": "Attackers may leverage access permission to explore the stored objects in the storage account. Tools witnessed, at the reconnaissance phase, are oftentimes used toward this post-compromise information-gathering objective, now with authorization to access storage APIs, such as the List Blobs call.",
|
||||
"meta": {
|
||||
"external_id": "MS-T820",
|
||||
"kill_chain": [
|
||||
"TMSS-tactics:Discovery"
|
||||
],
|
||||
"refs": [
|
||||
"https://microsoft.github.io/Threat-matrix-for-storage-services/techniques/storage-service-discovery"
|
||||
]
|
||||
},
|
||||
"uuid": "559ab713-b18f-5649-ab34-608a1f00a663",
|
||||
"value": "MS-T820 - Storage service discovery"
|
||||
},
|
||||
{
|
||||
"description": "Attackers may leverage control plane access permission to retrieve the storage account configuration. The configuration contains various technical details that may assist the attacker in implementing a variety of tactics. For example, firewall configuration provides network access information. Other parameters may reveal whether access operations are logged. The configuation may also contain the backup policy that may assist the attacker in performing data destruction.",
|
||||
"meta": {
|
||||
"external_id": "MS-T835",
|
||||
"kill_chain": [
|
||||
"TMSS-tactics:Discovery"
|
||||
],
|
||||
"refs": [
|
||||
"https://microsoft.github.io/Threat-matrix-for-storage-services/techniques/account-configuration-discovery"
|
||||
]
|
||||
},
|
||||
"uuid": "a58c9198-8b41-5d88-b856-ee48801b3a79",
|
||||
"value": "MS-T835 - Account configuration discovery"
|
||||
},
|
||||
{
|
||||
"description": "Attackers may use storage services to store a malicious program or toolset that will be executed at later times during their operation. In addition, adversaries may exploit the trust between users and their organization’s Storage services by storing phishing content. Furthermore, storage services can be leveraged to park gathered intelligence that will be exfiltrated when terms suit the actor group.",
|
||||
"meta": {
|
||||
"external_id": "MS-T821",
|
||||
"kill_chain": [
|
||||
"TMSS-tactics:Lateral Movement"
|
||||
],
|
||||
"refs": [
|
||||
"https://microsoft.github.io/Threat-matrix-for-storage-services/techniques/malicious-content-upload"
|
||||
]
|
||||
},
|
||||
"uuid": "23539a72-5e00-5775-8f7d-24f364dd5bb7",
|
||||
"value": "MS-T821 - Malicious content upload"
|
||||
},
|
||||
{
|
||||
"description": "Storage services offer different types of mechanisms to support auto-synchronization between various resources and the storage account. Attackers may leverage access to the storage account to upload malware and benefit from the auto-sync built-in capabilities to have their payload being populated and potentially weaponize multiple systems.",
|
||||
"meta": {
|
||||
"external_id": "MS-T822",
|
||||
"kill_chain": [
|
||||
"TMSS-tactics:Lateral Movement"
|
||||
],
|
||||
"refs": [
|
||||
"https://microsoft.github.io/Threat-matrix-for-storage-services/techniques/malware-distribution"
|
||||
]
|
||||
},
|
||||
"uuid": "a7100316-2a71-5b74-a2f2-a2529c08598c",
|
||||
"value": "MS-T822 - Malware distribution"
|
||||
},
|
||||
{
|
||||
"description": "Attackers may manipulate storage services to trigger a compute service, like Azure Functions, where an attacker already has a foothold on a storage container and can inject a blob that will initiate a chain of a compute process. This may allow an attacker to infiltrate another resource and cause harm.",
|
||||
"meta": {
|
||||
"external_id": "MS-T823",
|
||||
"kill_chain": [
|
||||
"TMSS-tactics:Lateral Movement"
|
||||
],
|
||||
"refs": [
|
||||
"https://microsoft.github.io/Threat-matrix-for-storage-services/techniques/trigger-cross-service-interaction"
|
||||
]
|
||||
},
|
||||
"uuid": "f9d6b919-6fe3-59ea-81a3-cbac0daacfa5",
|
||||
"value": "MS-T823 - Trigger cross-service interaction"
|
||||
},
|
||||
{
|
||||
"description": "Same is applicable for data blobs or files which may be eventually processed on a host by a legitimate application with software vulnerabilities. Attackers may tamper benign data with a payload that exploits a vulnerability on a user's end and execute a malicious code.",
|
||||
"meta": {
|
||||
"external_id": "MS-T824",
|
||||
"kill_chain": [
|
||||
"TMSS-tactics:Lateral Movement"
|
||||
],
|
||||
"refs": [
|
||||
"https://microsoft.github.io/Threat-matrix-for-storage-services/techniques/code-injection"
|
||||
]
|
||||
},
|
||||
"uuid": "ac060220-18b4-5757-9f5c-2fd43f2d2f61",
|
||||
"value": "MS-T824 - Code injection"
|
||||
},
|
||||
{
|
||||
"description": "Attackers may use the \"static website\" feature to exfiltrate collected data outside of the storage account. Static website is a cloud storage provider hosting capability that enables serving static web content directly from the storage account. The website can be reached via an alternative web endpoint which might be overlooked when restricting access to the storage account.",
|
||||
"meta": {
|
||||
"external_id": "MS-T836",
|
||||
"kill_chain": [
|
||||
"TMSS-tactics:Exfiltration"
|
||||
],
|
||||
"refs": [
|
||||
"https://microsoft.github.io/Threat-matrix-for-storage-services/techniques/static-website"
|
||||
]
|
||||
},
|
||||
"uuid": "ae3a9c3e-3316-5165-bc98-a1df76acdee2",
|
||||
"value": "MS-T836 - Static website"
|
||||
},
|
||||
{
|
||||
"description": "Attackers may corrupt or delete data stored on storage services to disrupt the availability of systems or other lines of business.",
|
||||
"meta": {
|
||||
"external_id": "MS-T839",
|
||||
"kill_chain": [
|
||||
"TMSS-tactics:Impact"
|
||||
],
|
||||
"refs": [
|
||||
"https://microsoft.github.io/Threat-matrix-for-storage-services/techniques/data-corruption"
|
||||
]
|
||||
},
|
||||
"uuid": "561d0cdd-ded3-5f52-b542-afd43ca5ca09",
|
||||
"value": "MS-T839 - Data corruption"
|
||||
},
|
||||
{
|
||||
"description": "Attackers may encrypt data stored on storage services to disrupt the availability of systems or other lines of business. Making resources inaccessible by encrypting files or blobs and withholding access to a decryption key. This may be done to extract monetary compensation from a victim in exchange for decryption or a decryption key (ransomware).",
|
||||
"meta": {
|
||||
"external_id": "MS-T838",
|
||||
"kill_chain": [
|
||||
"TMSS-tactics:Impact"
|
||||
],
|
||||
"refs": [
|
||||
"https://microsoft.github.io/Threat-matrix-for-storage-services/techniques/data-encryption-for-impact"
|
||||
]
|
||||
},
|
||||
"uuid": "7e243d46-1e08-51ff-af85-cb80f02c7e41",
|
||||
"value": "MS-T838 - Data encryption for impact (Ransomware)"
|
||||
},
|
||||
{
|
||||
"description": "Attackers may insert or modify data in order to influence external outcomes, thus threatening the integrity of the data. By manipulating data, adversaries may attempt to affect a business process, organizational understanding, or decision making. The type of modification and the impact it will have depends on the target application and process as well as the goals and objectives of the adversary.",
|
||||
"meta": {
|
||||
"external_id": "MS-T837",
|
||||
"kill_chain": [
|
||||
"TMSS-tactics:Impact"
|
||||
],
|
||||
"refs": [
|
||||
"https://microsoft.github.io/Threat-matrix-for-storage-services/techniques/data-manipulation"
|
||||
]
|
||||
},
|
||||
"uuid": "f0556667-5e4e-51f9-a92c-9e92193d141a",
|
||||
"value": "MS-T837 - Data manipulation"
|
||||
}
|
||||
],
|
||||
"version": 1
|
||||
}
|
2799
clusters/tool.json
2799
clusters/tool.json
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,482 @@
|
|||
{
|
||||
"authors": [
|
||||
"Enes AYATA"
|
||||
],
|
||||
"category": "military equipment",
|
||||
"description": "Unmanned Aerial Vehicles / Unmanned Combat Aerial Vehicles",
|
||||
"name": "UAVs/UCAVs",
|
||||
"source": "Popular Mechanics",
|
||||
"type": "uavs",
|
||||
"uuid": "bef5c29d-b0db-4923-aa9a-80921f26d3ab",
|
||||
"values": [
|
||||
{
|
||||
"description": "R18",
|
||||
"meta": {
|
||||
"Flight time": "40 minutes",
|
||||
"Made in": "Ukraine",
|
||||
"Operator": "Ukraine",
|
||||
"Powerplant": "Electric",
|
||||
"Top speed": "N/A",
|
||||
"Wingspan": "About 6 feet"
|
||||
},
|
||||
"uuid": "82a0a264-59dd-467a-9830-72c3fc8b25e6",
|
||||
"value": "R18"
|
||||
},
|
||||
{
|
||||
"description": "KBLA-IVT",
|
||||
"meta": {
|
||||
"Flight time": "60 minutes",
|
||||
"Made in": "Russia",
|
||||
"Operator": "Russia",
|
||||
"Power plant": "Internal combustion",
|
||||
"Top speed": "N/A",
|
||||
"Wingspan": "15 feet"
|
||||
},
|
||||
"uuid": "25bc036b-8b71-4098-8615-bf63204509d2",
|
||||
"value": "KBLA-IVT"
|
||||
},
|
||||
{
|
||||
"description": "Autel Evo II",
|
||||
"meta": {
|
||||
"Flight time": "40 minutes",
|
||||
"Made in": "China",
|
||||
"Operator": "Ukraine",
|
||||
"Powerplant": "Electric",
|
||||
"Top speed": "45 mph",
|
||||
"Wingspan": "16 inches"
|
||||
},
|
||||
"uuid": "c24e2133-23c7-4dcf-8fa1-5a38c713ad68",
|
||||
"value": "Autel Evo II"
|
||||
},
|
||||
{
|
||||
"description": "DJI Mavic Series",
|
||||
"meta": {
|
||||
"Flight time": "31 minutes",
|
||||
"Made in": "China",
|
||||
"Operator": "Ukraine",
|
||||
"Powerplant": "Electric",
|
||||
"Top speed": "29 mph",
|
||||
"Wingspan": "8 inches"
|
||||
},
|
||||
"uuid": "8df0e639-8ce6-4b6a-b35a-cab3e6ccb56a",
|
||||
"value": "DJI Mavic Series"
|
||||
},
|
||||
{
|
||||
"description": "Golden Eagle",
|
||||
"meta": {
|
||||
"Flight time": "Up to 55 minutes",
|
||||
"Made in": "USA",
|
||||
"Operator": "Ukraine",
|
||||
"Powerplant": "Electric",
|
||||
"Top Speed": "50 mph",
|
||||
"Wingspan": "About 20 inches"
|
||||
},
|
||||
"uuid": "de616d7c-8a9d-427f-8c6d-aeed9a3f2f3a",
|
||||
"value": "Golden Eagle"
|
||||
},
|
||||
{
|
||||
"description": "Skydio X2",
|
||||
"meta": {
|
||||
"Flight time": "35 minutes",
|
||||
"Made in": "USA",
|
||||
"Operator": "Ukraine",
|
||||
"Powerplant": "Electric",
|
||||
"Top speed": "25 mph",
|
||||
"Wingspan": "26 inches"
|
||||
},
|
||||
"uuid": "50b4a527-b371-4daf-8f93-8e5de4de6c90",
|
||||
"value": "Skydio X2"
|
||||
},
|
||||
{
|
||||
"description": "RQ-4 Global Hawk",
|
||||
"meta": {
|
||||
"Flight time": "More than 34 hours",
|
||||
"Made in": "USA",
|
||||
"Operator": "USA",
|
||||
"Powerplant": "Turbofan jet",
|
||||
"Top speed": "Faster than 350 mph",
|
||||
"Wingspan": "131 feet"
|
||||
},
|
||||
"uuid": "5ca96911-329e-4c0c-a582-e7857cc64963",
|
||||
"value": "RQ-4 Global Hawk"
|
||||
},
|
||||
{
|
||||
"description": "Orion",
|
||||
"meta": {
|
||||
"Flight time": "24 hours",
|
||||
"Made in": "Russia",
|
||||
"Operator": "Russia",
|
||||
"Powerplant": "Internal combustion",
|
||||
"Top speed": "120 mph",
|
||||
"Wingspan": "48 feet"
|
||||
},
|
||||
"uuid": "8c35bf52-03ae-4155-ba7c-ca1141001395",
|
||||
"value": "Orion"
|
||||
},
|
||||
{
|
||||
"description": "Bayraktar TB2",
|
||||
"meta": {
|
||||
"Flight time": "More than 20 hours",
|
||||
"Made in": "Turkey",
|
||||
"Operator": "Ukraine",
|
||||
"Powerplant": "Gasoline internal combustion",
|
||||
"Top speed": "100 mph",
|
||||
"Wingspan": "39 feet"
|
||||
},
|
||||
"uuid": "6b4b821a-fd00-47b4-b2da-451cf2017621",
|
||||
"value": "Bayraktar TB2"
|
||||
},
|
||||
{
|
||||
"description": "UJ-22 Airborne",
|
||||
"meta": {
|
||||
"Flight time": "7 hours",
|
||||
"Made in": "Ukraine",
|
||||
"Operator": "Ukraine",
|
||||
"Powerplant": "Gasoline internal combustion",
|
||||
"Top speed": "100 mph",
|
||||
"Wingspan": "32 feet"
|
||||
},
|
||||
"uuid": "0177e51e-6c68-415f-a887-4b40392f8010",
|
||||
"value": "UJ-22 Airborne"
|
||||
},
|
||||
{
|
||||
"description": "Forpost",
|
||||
"meta": {
|
||||
"Flight time": "20 hours",
|
||||
"Made in": "Russia",
|
||||
"Operator": "Russia",
|
||||
"Power plant": "Gasoline internal combustion",
|
||||
"Top speed": "125 mph",
|
||||
"Wingspan": "28 feet"
|
||||
},
|
||||
"uuid": "5f6f611d-4edb-48da-ac71-abb93f687270",
|
||||
"value": "Forpost"
|
||||
},
|
||||
{
|
||||
"description": "Zala 421",
|
||||
"meta": {
|
||||
"Flight time": "6 hours",
|
||||
"Made in": "Russia",
|
||||
"Operator": "Russia",
|
||||
"Powerplant": "Electric",
|
||||
"Top speed": "74 mph",
|
||||
"Wingspan": "17 feet"
|
||||
},
|
||||
"uuid": "385e7996-1f7e-4bc2-9606-e85aa9760448",
|
||||
"value": "Zala 421"
|
||||
},
|
||||
{
|
||||
"description": "PD-1 People’s Drone",
|
||||
"meta": {
|
||||
"Flight time": "7 hours",
|
||||
"Made in": "Ukraine",
|
||||
"Operator": "Ukraine",
|
||||
"Powerplant": "Internal combustion engine",
|
||||
"Top speed": "90 mph",
|
||||
"Wingspan": "13 feet"
|
||||
},
|
||||
"uuid": "c33bdc2c-8a52-4a74-8e7d-602ad4a4d3f4",
|
||||
"value": "PD-1 People’s Drone"
|
||||
},
|
||||
{
|
||||
"description": "Tupolev Tu-141 Strizh",
|
||||
"meta": {
|
||||
"Flight time": "60 minutes",
|
||||
"Made in": "Former USSR Member States",
|
||||
"Operator": "Unknown",
|
||||
"Powerplant": "Turbojet",
|
||||
"Top speed": "680 mph",
|
||||
"Wingspan": "12 feet"
|
||||
},
|
||||
"uuid": "e90bee1e-0e27-4712-90d9-86093b0dafee",
|
||||
"value": "Tupolev Tu-141 Strizh"
|
||||
},
|
||||
{
|
||||
"description": "WB FlyEye",
|
||||
"meta": {
|
||||
"Flight time": "2.5 hours",
|
||||
"Made in": "Poland",
|
||||
"Operator": "Ukraine",
|
||||
"Powerplant": "Electric",
|
||||
"Top speed": "80 mph",
|
||||
"Wingspan": "12 feet"
|
||||
},
|
||||
"uuid": "5048ea6b-1df9-4d19-8a7a-0837289a1399",
|
||||
"value": "WB FlyEye"
|
||||
},
|
||||
{
|
||||
"description": "Granat-4",
|
||||
"meta": {
|
||||
"Flight time": "6 hours",
|
||||
"Made in": "Russia",
|
||||
"Operator": "Russia",
|
||||
"Powerplant": "Gasoline internal combustion",
|
||||
"Top speed": "90 mph",
|
||||
"Wingspan": "11 feet"
|
||||
},
|
||||
"uuid": "e2c10d80-0641-4d82-b5b5-ea2d6d4d74d8",
|
||||
"value": "Granat-4"
|
||||
},
|
||||
{
|
||||
"description": "Orlan-10",
|
||||
"meta": {
|
||||
"Flight time": "18 hours",
|
||||
"Made in": "Russia",
|
||||
"Operator": "Russia",
|
||||
"Powerplant": "Internal combustion",
|
||||
"Top speed": "93 mph",
|
||||
"Wingspan": "10 feet"
|
||||
},
|
||||
"uuid": "4d604fd6-80b2-45dc-ab2b-a4f9e7f87a0d",
|
||||
"value": "Orlan-10"
|
||||
},
|
||||
{
|
||||
"description": "Orlan-30",
|
||||
"meta": {
|
||||
"Flight time": "5 hours",
|
||||
"Made in": "Russia",
|
||||
"Operator": "Russia",
|
||||
"Powerplant": "Internal combustion",
|
||||
"Top speed": "93 mph",
|
||||
"Wingspan": "10 feet"
|
||||
},
|
||||
"uuid": "9536d2ee-e4a2-46ee-a4d2-313169312cdf",
|
||||
"value": "Orlan-30"
|
||||
},
|
||||
{
|
||||
"description": "Quantum Systems Vector",
|
||||
"meta": {
|
||||
"Flight time": "2 hours",
|
||||
"Made in": "Germany",
|
||||
"Operator": "Ukraine",
|
||||
"Powerplant": "Electric",
|
||||
"Top speed": "Over 25 mph",
|
||||
"Wingspan": "9 feet"
|
||||
},
|
||||
"uuid": "b9e20493-a291-46f5-be3d-17c1335412c9",
|
||||
"value": "Quantum Systems Vector"
|
||||
},
|
||||
{
|
||||
"description": "Spectator",
|
||||
"meta": {
|
||||
"Flight time": "2 hours",
|
||||
"Made in": "Ukraine",
|
||||
"Operator": "Ukraine",
|
||||
"Powerplant": "Electric",
|
||||
"Top speed": "75 mph",
|
||||
"Wingspan": "10 feet"
|
||||
},
|
||||
"uuid": "a5b73ec0-a229-4117-b960-1a6636cfdd55",
|
||||
"value": "Spectator"
|
||||
},
|
||||
{
|
||||
"description": "RQ-20 Puma",
|
||||
"meta": {
|
||||
"Flight time": "2.5 hours",
|
||||
"Made in": "USA",
|
||||
"Operator": "Ukraine",
|
||||
"Powerplant": "Electric",
|
||||
"Top speed": "47 mph",
|
||||
"Wingspan": "9 feet"
|
||||
},
|
||||
"uuid": "9e390aab-cd07-4d3f-96ba-872605b22186",
|
||||
"value": "RQ-20 Puma"
|
||||
},
|
||||
{
|
||||
"description": "E95",
|
||||
"meta": {
|
||||
"Flight time": "30 minutes",
|
||||
"Made in": "Russia",
|
||||
"Operator": "Russia",
|
||||
"Powerplant": "Pulse jet",
|
||||
"Top speed": "250 mph",
|
||||
"Wingspan": "8 feet"
|
||||
},
|
||||
"uuid": "098c796d-0798-4506-a5eb-724b438448fc",
|
||||
"value": "E95"
|
||||
},
|
||||
{
|
||||
"description": "Tupolev Tu-143 Reis",
|
||||
"meta": {
|
||||
"Flight time": "13 minutes",
|
||||
"Made in": "Former Soviet Union",
|
||||
"Operator": "Ukraine",
|
||||
"Powerplant": "Turbojet",
|
||||
"Top speed": "Over 600 mph",
|
||||
"Wingspan": "9 feet"
|
||||
},
|
||||
"uuid": "381f9b9a-617c-4908-9081-2b1d0e6507b2",
|
||||
"value": "Tupolev Tu-143 Reis"
|
||||
},
|
||||
{
|
||||
"description": "Zastava",
|
||||
"meta": {
|
||||
"Flight time": "80 minutes",
|
||||
"Made in": "Russia and Israel",
|
||||
"Operator": "Russia",
|
||||
"Powerplant": "Electric",
|
||||
"Top speed": "52 mph",
|
||||
"Wingspan": "7 feet"
|
||||
},
|
||||
"uuid": "fcc0f47a-f148-4e94-a8e5-683984e9c489",
|
||||
"value": "Zastava"
|
||||
},
|
||||
{
|
||||
"description": "Punisher",
|
||||
"meta": {
|
||||
"Flight time": "90 minutes",
|
||||
"Made in": "Ukraine",
|
||||
"Operator": "Ukraine",
|
||||
"Power plant": "Electric",
|
||||
"Top speed": "Over 50 mph",
|
||||
"Wingspan": "7.5 feet"
|
||||
},
|
||||
"uuid": "38a1456f-85d5-4714-aebd-dcfc92a409b3",
|
||||
"value": "Punisher"
|
||||
},
|
||||
{
|
||||
"description": "Mini-Bayraktar",
|
||||
"meta": {
|
||||
"Flight time": "60 minutes",
|
||||
"Made in": "Turkey",
|
||||
"Operator": "Ukraine",
|
||||
"Powerplant": "Electric",
|
||||
"Top speed": "Over 45 mph",
|
||||
"Wingspan": "7 feet"
|
||||
},
|
||||
"uuid": "ac021cef-204f-4d14-8960-c3b40734f477",
|
||||
"value": "Mini-Bayraktar"
|
||||
},
|
||||
{
|
||||
"description": "Takion",
|
||||
"meta": {
|
||||
"Flight time": "2 hours",
|
||||
"Made in": "Russia",
|
||||
"Operator": "Russia",
|
||||
"Powerplant": "Electric",
|
||||
"Top speed": "75 mph",
|
||||
"Wingspan": "7 feet"
|
||||
},
|
||||
"uuid": "f5e68cef-7eca-483b-8487-2fc8384310ca",
|
||||
"value": "Takion"
|
||||
},
|
||||
{
|
||||
"description": "Leleka-100 “Stork”",
|
||||
"meta": {
|
||||
"Flight time": "2.5 hours",
|
||||
"Made in": "Ukraine",
|
||||
"Operator": "Ukraine",
|
||||
"Powerplant": "Electric",
|
||||
"Top speed": "75 mph",
|
||||
"Wingspan": "7 feet"
|
||||
},
|
||||
"uuid": "7e46ff41-3f34-4dd7-8b58-67c7bb2130c6",
|
||||
"value": "Leleka-100 “Stork”"
|
||||
},
|
||||
{
|
||||
"description": "Athlon Avia A1-CM Furia",
|
||||
"meta": {
|
||||
"Flight time": "3 hours",
|
||||
"Made in": "Ukraine",
|
||||
"Operator": "Ukraine",
|
||||
"Powerplant": "Electric",
|
||||
"Top speed": "Over 60 mph",
|
||||
"Wingspan": "7 feet"
|
||||
},
|
||||
"uuid": "4c535ed3-2fee-43a4-a220-1ed8b85498d2",
|
||||
"value": "Athlon Avia A1-CM Furia"
|
||||
},
|
||||
{
|
||||
"description": "Eleron-3",
|
||||
"meta": {
|
||||
"Flight time": "100 minutes",
|
||||
"Made in": "Russia",
|
||||
"Operator": "Russia",
|
||||
"Powerplant": "Electric",
|
||||
"Top speed": "80 mph",
|
||||
"Wingspan": "4 feet"
|
||||
},
|
||||
"uuid": "7d741517-6e70-4267-8b6f-7df4e025a0b0",
|
||||
"value": "Eleron-3"
|
||||
},
|
||||
{
|
||||
"description": "AeroVironment Quantix",
|
||||
"meta": {
|
||||
"Flight time": "45 minutes",
|
||||
"Made in": "USA",
|
||||
"Operator": "Ukraine",
|
||||
"Powerplant": "Electric",
|
||||
"Top speed": "Over 40 mph",
|
||||
"Wingspan": "About 4 feet"
|
||||
},
|
||||
"uuid": "91e4c548-fd50-43da-891a-8d5990c32cda",
|
||||
"value": "AeroVironment Quantix"
|
||||
},
|
||||
{
|
||||
"description": "Switchblade 300",
|
||||
"meta": {
|
||||
"Flight time": "Over 15 minutes",
|
||||
"Made in": "USA",
|
||||
"Operator": "Ukraine",
|
||||
"Powerplant": "Electric",
|
||||
"Top speed": "Over 100 mph",
|
||||
"Wingspan": "About 4 feet"
|
||||
},
|
||||
"uuid": "cd70cac7-e795-48ed-84cf-83fc688e368e",
|
||||
"value": "Switchblade 300"
|
||||
},
|
||||
{
|
||||
"description": "Switchblade 600",
|
||||
"meta": {
|
||||
"Flight time": "Over 40 minutes",
|
||||
"Made in": "USA",
|
||||
"Operator": "Ukraine",
|
||||
"Powerplant": "Electric",
|
||||
"Top speed": "115 mph",
|
||||
"Wingspan": "About 6 feet"
|
||||
},
|
||||
"uuid": "809bbef1-3477-4dd3-90ec-68c6f45cd76b",
|
||||
"value": "Switchblade 600"
|
||||
},
|
||||
{
|
||||
"description": "Phoenix Ghost",
|
||||
"meta": {
|
||||
"Flight Time": "6 hours",
|
||||
"Made in": "USA",
|
||||
"Operator": "Ukraine",
|
||||
"Power plant": "Electric",
|
||||
"Top speed": "N/A",
|
||||
"Wingspan": "N/A"
|
||||
},
|
||||
"uuid": "2a15042a-55a3-47f5-b1bf-d1319d3d2c87",
|
||||
"value": "Phoenix Ghost"
|
||||
},
|
||||
{
|
||||
"description": "WB Group Warmate",
|
||||
"meta": {
|
||||
"Flight time": "50 minutes",
|
||||
"Made in": "Poland and Ukraine",
|
||||
"Operator": "Ukraine",
|
||||
"Power plant": "Electric",
|
||||
"Top speed": "50 mph",
|
||||
"Wingspan": "4.5 feet"
|
||||
},
|
||||
"uuid": "7eab87c7-608c-4837-8adb-7aae9e422fa9",
|
||||
"value": "WB Group Warmate"
|
||||
},
|
||||
{
|
||||
"description": "Zala KYB",
|
||||
"meta": {
|
||||
"Flight time": "30 minutes",
|
||||
"Made in": "Russia",
|
||||
"Operator": "Russia",
|
||||
"Power plant": "Electric",
|
||||
"Top speed": "80 mph",
|
||||
"Wingspan": "4 feet"
|
||||
},
|
||||
"uuid": "7329fec9-c22c-42e4-83be-e778872c7b3d",
|
||||
"value": "Zala KYB"
|
||||
}
|
||||
],
|
||||
"version": 1
|
||||
}
|
File diff suppressed because it is too large
Load Diff
Binary file not shown.
After Width: | Height: | Size: 980 KiB |
|
@ -0,0 +1,9 @@
|
|||
{
|
||||
"description": "Known or estimated adversary groups as identified by 360.net.",
|
||||
"icon": "user-secret",
|
||||
"name": "360.net Threat Actors",
|
||||
"namespace": "360net",
|
||||
"type": "360net-threat-actor",
|
||||
"uuid": "20de4abf-f000-48ec-a929-3cdc5c2f3c23",
|
||||
"version": 1
|
||||
}
|
|
@ -0,0 +1,9 @@
|
|||
{
|
||||
"description": "Common ammunitions galaxy",
|
||||
"icon": "battery-full",
|
||||
"name": "Ammunitions",
|
||||
"namespace": "Ammunitions",
|
||||
"type": "ammunitions",
|
||||
"uuid": "e7394838-65a9-4b8a-b484-b8c4c7cf49c3",
|
||||
"version": 1
|
||||
}
|
|
@ -0,0 +1,20 @@
|
|||
{
|
||||
"description": "The purpose of the Azure Threat Research Matrix (ATRM) is to educate readers on the potential of Azure-based tactics, techniques, and procedures (TTPs). It is not to teach how to weaponize or specifically abuse them. For this reason, some specific commands will be obfuscated or parts will be omitted to prevent abuse.",
|
||||
"icon": "map",
|
||||
"kill_chain_order": {
|
||||
"ATRM-tactics": [
|
||||
"Reconnaissance",
|
||||
"Initial Access",
|
||||
"Execution",
|
||||
"Privilege Escalation",
|
||||
"Persistence",
|
||||
"Credential Access",
|
||||
"Impact"
|
||||
]
|
||||
},
|
||||
"name": "Azure Threat Research Matrix",
|
||||
"namespace": "microsoft",
|
||||
"type": "atrm",
|
||||
"uuid": "b541a056-154c-41e7-8a56-41db3f871c00",
|
||||
"version": 3
|
||||
}
|
|
@ -8,12 +8,13 @@
|
|||
"Perform Fraud",
|
||||
"Obtain Fraudulent Assets",
|
||||
"Assets Transfer",
|
||||
"Monetisation"
|
||||
"Monetisation",
|
||||
"Due Diligence"
|
||||
]
|
||||
},
|
||||
"name": "attck4fraud",
|
||||
"namespace": "misp",
|
||||
"type": "financial-fraud",
|
||||
"uuid": "cc0c8ae9-aec2-42c6-9939-f4f82b051836",
|
||||
"version": 1
|
||||
"version": 2
|
||||
}
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
{
|
||||
"description": "Cancer classifying",
|
||||
"icon": "android",
|
||||
"name": "Cancer",
|
||||
"namespace": "misp",
|
||||
"type": "disease",
|
||||
"uuid": "c03eba6e-a08a-11ec-b909-0242ac120002",
|
||||
"version": 1
|
||||
}
|
|
@ -0,0 +1,27 @@
|
|||
{
|
||||
"description": "CONCORDIA Mobile Modeling Framework - Tactics",
|
||||
"icon": "mobile",
|
||||
"kill_chain_order": {
|
||||
"cmtmf-attack": [
|
||||
"reconnaissance",
|
||||
"resource-development",
|
||||
"initial-access",
|
||||
"execution",
|
||||
"persistence",
|
||||
"privilege-escalation",
|
||||
"defense-evasion",
|
||||
"credential-access",
|
||||
"discovery",
|
||||
"lateral-movement",
|
||||
"collection",
|
||||
"command-and-control",
|
||||
"exfiltration",
|
||||
"impact"
|
||||
]
|
||||
},
|
||||
"name": "CONCORDIA Mobile Modelling Framework - Attack Pattern",
|
||||
"namespace": "cmmf-attack",
|
||||
"type": "cmtmf-attack-pattern",
|
||||
"uuid": "51060d01-ef29-40ab-8965-8031d0941811",
|
||||
"version": 3
|
||||
}
|
|
@ -0,0 +1,24 @@
|
|||
{
|
||||
"description": "DISARM is a framework designed for describing and understanding disinformation incidents.",
|
||||
"icon": "user-secret",
|
||||
"kill_chain_order": {
|
||||
"sectors": [
|
||||
"Nonprofit",
|
||||
"Civil Society",
|
||||
"Government",
|
||||
"Academic",
|
||||
"Activist",
|
||||
"General Public",
|
||||
"Social Media Company",
|
||||
"Other Tech Company",
|
||||
"Other Company",
|
||||
"Media",
|
||||
""
|
||||
]
|
||||
},
|
||||
"name": "Actor Types",
|
||||
"namespace": "disarm",
|
||||
"type": "disarm-actortypes",
|
||||
"uuid": "1658af88-b847-532d-adc9-efaea8604f14",
|
||||
"version": 1
|
||||
}
|
|
@ -0,0 +1,54 @@
|
|||
{
|
||||
"description": "DISARM is a framework designed for describing and understanding disinformation incidents.",
|
||||
"icon": "shield-alt",
|
||||
"kill_chain_order": {
|
||||
"metatechniques": [
|
||||
"Resilience",
|
||||
"Diversion",
|
||||
"Daylight",
|
||||
"Friction",
|
||||
"Removal",
|
||||
"Scoring",
|
||||
"Metatechnique",
|
||||
"Data Pollution",
|
||||
"Dilution",
|
||||
"Countermessaging",
|
||||
"Verification",
|
||||
"Cleaning",
|
||||
"Targeting",
|
||||
"Reduce Resources"
|
||||
],
|
||||
"responsetypes": [
|
||||
"Detect",
|
||||
"Deny",
|
||||
"Disrupt",
|
||||
"Degrade",
|
||||
"Deceive",
|
||||
"Destroy",
|
||||
"Deter"
|
||||
],
|
||||
"tactics": [
|
||||
"Plan Strategy",
|
||||
"Plan Objectives",
|
||||
"Microtarget",
|
||||
"Develop Content",
|
||||
"Select Channels and Affordances",
|
||||
"Conduct Pump Priming",
|
||||
"Deliver Content",
|
||||
"Drive Offline Activity",
|
||||
"Persist in the Information Environment",
|
||||
"Assess Effectiveness",
|
||||
"Target Audience Analysis",
|
||||
"Develop Narratives",
|
||||
"Establish Assets",
|
||||
"Establish Legitimacy",
|
||||
"Maximise Exposure",
|
||||
"Drive Online Harms"
|
||||
]
|
||||
},
|
||||
"name": "Countermeasures",
|
||||
"namespace": "disarm",
|
||||
"type": "disarm-countermeasures",
|
||||
"uuid": "9a3ac024-7c65-5ac0-87c4-eaed2238eec8",
|
||||
"version": 2
|
||||
}
|
|
@ -0,0 +1,38 @@
|
|||
{
|
||||
"description": "DISARM is a framework designed for describing and understanding disinformation incidents.",
|
||||
"icon": "bell",
|
||||
"kill_chain_order": {
|
||||
"responsetypes": [
|
||||
"Detect",
|
||||
"Deny",
|
||||
"Disrupt",
|
||||
"Degrade",
|
||||
"Deceive",
|
||||
"Destroy",
|
||||
"Deter"
|
||||
],
|
||||
"tactics": [
|
||||
"Plan Strategy",
|
||||
"Plan Objectives",
|
||||
"Microtarget",
|
||||
"Develop Content",
|
||||
"Select Channels and Affordances",
|
||||
"Conduct Pump Priming",
|
||||
"Deliver Content",
|
||||
"Drive Offline Activity",
|
||||
"Persist in the Information Environment",
|
||||
"Assess Effectiveness",
|
||||
"Target Audience Analysis",
|
||||
"Develop Narratives",
|
||||
"Establish Assets",
|
||||
"Establish Legitimacy",
|
||||
"Maximise Exposure",
|
||||
"Drive Online Harms"
|
||||
]
|
||||
},
|
||||
"name": "Detections",
|
||||
"namespace": "disarm",
|
||||
"type": "disarm-detections",
|
||||
"uuid": "bb61e6f3-b2bd-5c7d-929c-b6f292ccc56a",
|
||||
"version": 2
|
||||
}
|
|
@ -0,0 +1,29 @@
|
|||
{
|
||||
"description": "DISARM is a framework designed for describing and understanding disinformation incidents.",
|
||||
"icon": "map",
|
||||
"kill_chain_order": {
|
||||
"tactics": [
|
||||
"Plan Strategy",
|
||||
"Plan Objectives",
|
||||
"Microtarget",
|
||||
"Develop Content",
|
||||
"Select Channels and Affordances",
|
||||
"Conduct Pump Priming",
|
||||
"Deliver Content",
|
||||
"Drive Offline Activity",
|
||||
"Persist in the Information Environment",
|
||||
"Assess Effectiveness",
|
||||
"Target Audience Analysis",
|
||||
"Develop Narratives",
|
||||
"Establish Assets",
|
||||
"Establish Legitimacy",
|
||||
"Maximise Exposure",
|
||||
"Drive Online Harms"
|
||||
]
|
||||
},
|
||||
"name": "Techniques",
|
||||
"namespace": "disarm",
|
||||
"type": "disarm-techniques",
|
||||
"uuid": "a90f2bb6-11e1-58a7-9962-ba37886720ec",
|
||||
"version": 2
|
||||
}
|
|
@ -0,0 +1,9 @@
|
|||
{
|
||||
"description": "Description of entities that can be involved in events.",
|
||||
"icon": "user",
|
||||
"name": "Entity",
|
||||
"namespace": "misp",
|
||||
"type": "entity",
|
||||
"uuid": "f1b42b47-778f-4e50-bda5-969ee7f9029f",
|
||||
"version": 1
|
||||
}
|
|
@ -0,0 +1,9 @@
|
|||
{
|
||||
"description": "Common firearms galaxy",
|
||||
"icon": "fire",
|
||||
"name": "Firearms",
|
||||
"namespace": "Firearms",
|
||||
"type": "firearms",
|
||||
"uuid": "94af82d1-d62b-45a7-8c99-83c421cc0f3b",
|
||||
"version": 1
|
||||
}
|
|
@ -0,0 +1,9 @@
|
|||
{
|
||||
"description": "The Domain Name System (DNS) is a critical part of the Internet, including mapping domain names to IP addresses. Malicious threat actors use domain names, their corresponding technical resources, and other parts of the DNS infrastructure, including its protocols, for their malicious cyber operations. CERTs are confronted with reported DNS abuse on a continuous basis, and rely heavily on DNS analysis and infrastructure to protect their constituencies. Understanding the international customary norms applicable for detecting and mitigating DNS abuse from the perspective of the global incident response community is critical for the open Internet’s stability, security and resiliency. See also https://www.first.org/global/sigs/dns/ for more information.",
|
||||
"icon": "database",
|
||||
"name": "FIRST DNS Abuse Techniques Matrix",
|
||||
"namespace": "first-dns",
|
||||
"type": "first-dns",
|
||||
"uuid": "67d44607-ae1d-4b01-a419-c311e68fb28a",
|
||||
"version": 1
|
||||
}
|
|
@ -0,0 +1,9 @@
|
|||
{
|
||||
"description": "Handicap classifying",
|
||||
"icon": "wheelchair",
|
||||
"name": "Handicap",
|
||||
"namespace": "misp",
|
||||
"type": "handicap",
|
||||
"uuid": "84310ba3-fa6a-44aa-b378-b9e3271c7777",
|
||||
"version": 2
|
||||
}
|
|
@ -0,0 +1,9 @@
|
|||
{
|
||||
"description": "List of intelligence agencies",
|
||||
"icon": "ninja",
|
||||
"name": "Intelligence Agencies",
|
||||
"namespace": "intelligence-agency",
|
||||
"type": "intelligence-agency",
|
||||
"uuid": "3ef969e7-96cd-4048-aa83-191ac457d0db",
|
||||
"version": 1
|
||||
}
|
|
@ -0,0 +1,27 @@
|
|||
{
|
||||
"description": "This taxonomy defines common forms of abuses and entities that represent real-world actors and service that are part of a larger Darknet- and Cryptoasset Ecosystems.",
|
||||
"icon": "user-secret",
|
||||
"kill_chain_order": {
|
||||
"Abuses": [
|
||||
"Concept"
|
||||
],
|
||||
"Entities": [
|
||||
"Actor",
|
||||
"Asset",
|
||||
"Authorities",
|
||||
"Cryptocurrency",
|
||||
"Dark_Web",
|
||||
"Generic",
|
||||
"Infrastructure",
|
||||
"Process",
|
||||
"Service",
|
||||
"Technology",
|
||||
"Wallet"
|
||||
]
|
||||
},
|
||||
"name": "INTERPOL DWVA Taxonomy",
|
||||
"namespace": "interpol",
|
||||
"type": "dwva",
|
||||
"uuid": "a375d7fd-0a3e-41cf-a531-ef56033df967",
|
||||
"version": 1
|
||||
}
|
|
@ -1,9 +1,9 @@
|
|||
{
|
||||
"description": "Malware galaxy based on Malpedia archive.",
|
||||
"icon": "shield",
|
||||
"icon": "shield-virus",
|
||||
"name": "Malpedia",
|
||||
"namespace": "misp",
|
||||
"type": "malpedia",
|
||||
"uuid": "1d1c9af9-37fa-4deb-a928-f9b0abc7354a",
|
||||
"version": 1
|
||||
"version": 2
|
||||
}
|
||||
|
|
|
@ -0,0 +1,27 @@
|
|||
{
|
||||
"description": "MITRE ATLAS Attack Pattern - Adversarial Threat Landscape for Artificial-Intelligence Systems",
|
||||
"icon": "map",
|
||||
"kill_chain_order": {
|
||||
"mitre-atlas": [
|
||||
"reconnaissance",
|
||||
"resource-development",
|
||||
"initial-access",
|
||||
"ml-model-access",
|
||||
"execution",
|
||||
"persistence",
|
||||
"privilege-escalation",
|
||||
"defense-evasion",
|
||||
"credential-access",
|
||||
"discovery",
|
||||
"collection",
|
||||
"ml-attack-staging",
|
||||
"exfiltration",
|
||||
"impact"
|
||||
]
|
||||
},
|
||||
"name": "MITRE ATLAS Attack Pattern",
|
||||
"namespace": "mitre-atlas",
|
||||
"type": "mitre-atlas-attack-pattern",
|
||||
"uuid": "3f3d21aa-d8a1-4f8f-b31e-fc5425eec821",
|
||||
"version": 1
|
||||
}
|
|
@ -0,0 +1,9 @@
|
|||
{
|
||||
"description": "MITRE ATLAS Mitigation - Adversarial Threat Landscape for Artificial-Intelligence Systems",
|
||||
"icon": "link",
|
||||
"name": "MITRE ATLAS Course of Action",
|
||||
"namespace": "mitre-atlas",
|
||||
"type": "mitre-atlas-course-of-action",
|
||||
"uuid": "29d13ede-9667-415c-bb75-b34a4bd89a81",
|
||||
"version": 1
|
||||
}
|
|
@ -2,7 +2,55 @@
|
|||
"description": "ATT&CK Tactic",
|
||||
"icon": "map",
|
||||
"kill_chain_order": {
|
||||
"mitre-attack": [
|
||||
"attack-Azure-AD": [
|
||||
"initial-access",
|
||||
"execution",
|
||||
"persistence",
|
||||
"privilege-escalation",
|
||||
"defense-evasion",
|
||||
"credential-access",
|
||||
"discovery",
|
||||
"lateral-movement",
|
||||
"impact"
|
||||
],
|
||||
"attack-Containers": [
|
||||
"initial-access",
|
||||
"execution",
|
||||
"persistence",
|
||||
"privilege-escalation",
|
||||
"defense-evasion",
|
||||
"credential-access",
|
||||
"discovery",
|
||||
"lateral-movement",
|
||||
"impact"
|
||||
],
|
||||
"attack-Google-Workspace": [
|
||||
"initial-access",
|
||||
"execution",
|
||||
"persistence",
|
||||
"privilege-escalation",
|
||||
"defense-evasion",
|
||||
"credential-access",
|
||||
"discovery",
|
||||
"lateral-movement",
|
||||
"collection",
|
||||
"exfiltration",
|
||||
"impact"
|
||||
],
|
||||
"attack-IaaS": [
|
||||
"initial-access",
|
||||
"execution",
|
||||
"persistence",
|
||||
"privilege-escalation",
|
||||
"defense-evasion",
|
||||
"credential-access",
|
||||
"discovery",
|
||||
"lateral-movement",
|
||||
"collection",
|
||||
"exfiltration",
|
||||
"impact"
|
||||
],
|
||||
"attack-Linux": [
|
||||
"initial-access",
|
||||
"execution",
|
||||
"persistence",
|
||||
|
@ -16,22 +64,111 @@
|
|||
"exfiltration",
|
||||
"impact"
|
||||
],
|
||||
"mitre-mobile-attack": [
|
||||
"attack-Network": [
|
||||
"initial-access",
|
||||
"execution",
|
||||
"persistence",
|
||||
"privilege-escalation",
|
||||
"defense-evasion",
|
||||
"credential-access",
|
||||
"discovery",
|
||||
"lateral-movement",
|
||||
"collection",
|
||||
"command-and-control",
|
||||
"exfiltration",
|
||||
"impact"
|
||||
],
|
||||
"attack-Office-365": [
|
||||
"initial-access",
|
||||
"execution",
|
||||
"persistence",
|
||||
"privilege-escalation",
|
||||
"defense-evasion",
|
||||
"credential-access",
|
||||
"discovery",
|
||||
"lateral-movement",
|
||||
"effects",
|
||||
"collection",
|
||||
"exfiltration",
|
||||
"impact"
|
||||
],
|
||||
"attack-PRE": [
|
||||
"reconnaissance",
|
||||
"resource-development"
|
||||
],
|
||||
"attack-SaaS": [
|
||||
"initial-access",
|
||||
"execution",
|
||||
"persistence",
|
||||
"privilege-escalation",
|
||||
"defense-evasion",
|
||||
"credential-access",
|
||||
"discovery",
|
||||
"lateral-movement",
|
||||
"collection",
|
||||
"exfiltration",
|
||||
"impact"
|
||||
],
|
||||
"attack-Windows": [
|
||||
"initial-access",
|
||||
"execution",
|
||||
"persistence",
|
||||
"privilege-escalation",
|
||||
"defense-evasion",
|
||||
"credential-access",
|
||||
"discovery",
|
||||
"lateral-movement",
|
||||
"collection",
|
||||
"command-and-control",
|
||||
"exfiltration",
|
||||
"impact"
|
||||
],
|
||||
"attack-macOS": [
|
||||
"initial-access",
|
||||
"execution",
|
||||
"persistence",
|
||||
"privilege-escalation",
|
||||
"defense-evasion",
|
||||
"credential-access",
|
||||
"discovery",
|
||||
"lateral-movement",
|
||||
"collection",
|
||||
"command-and-control",
|
||||
"exfiltration",
|
||||
"impact"
|
||||
],
|
||||
"mobile-attack-Android": [
|
||||
"initial-access",
|
||||
"execution",
|
||||
"persistence",
|
||||
"privilege-escalation",
|
||||
"defense-evasion",
|
||||
"credential-access",
|
||||
"discovery",
|
||||
"lateral-movement",
|
||||
"collection",
|
||||
"command-and-control",
|
||||
"exfiltration",
|
||||
"impact",
|
||||
"network-effects",
|
||||
"remote-service-effects"
|
||||
],
|
||||
"mitre-pre-attack": [
|
||||
"mobile-attack-iOS": [
|
||||
"initial-access",
|
||||
"execution",
|
||||
"persistence",
|
||||
"privilege-escalation",
|
||||
"defense-evasion",
|
||||
"credential-access",
|
||||
"discovery",
|
||||
"lateral-movement",
|
||||
"collection",
|
||||
"command-and-control",
|
||||
"exfiltration",
|
||||
"impact",
|
||||
"network-effects",
|
||||
"remote-service-effects"
|
||||
],
|
||||
"pre-attack": [
|
||||
"priority-definition-planning",
|
||||
"priority-definition-direction",
|
||||
"target-selection",
|
||||
|
@ -46,12 +183,14 @@
|
|||
"persona-development",
|
||||
"build-capabilities",
|
||||
"test-capabilities",
|
||||
"stage-capabilities"
|
||||
"stage-capabilities",
|
||||
"launch",
|
||||
"compromise"
|
||||
]
|
||||
},
|
||||
"name": "Attack Pattern",
|
||||
"namespace": "mitre-attack",
|
||||
"type": "mitre-attack-pattern",
|
||||
"uuid": "c4e851fa-775f-11e7-8163-b774922098cd",
|
||||
"version": 8
|
||||
"version": 10
|
||||
}
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
{
|
||||
"description": "Data components are parts of data sources. ",
|
||||
"icon": "sitemap",
|
||||
"name": "mitre-data-component",
|
||||
"namespace": "mitre-attack",
|
||||
"type": "mitre-data-component",
|
||||
"uuid": "afff2d74-5d4a-4aa7-995a-3701a2dbe593",
|
||||
"version": 1
|
||||
}
|
|
@ -0,0 +1,9 @@
|
|||
{
|
||||
"description": "Data sources represent the various subjects/topics of information that can be collected by sensors/logs. ",
|
||||
"icon": "sitemap",
|
||||
"name": "mitre-data-source",
|
||||
"namespace": "mitre-attack",
|
||||
"type": "mitre-data-source",
|
||||
"uuid": "dca5da28-fdc0-4b37-91cd-989d139d96cf",
|
||||
"version": 1
|
||||
}
|
|
@ -1,9 +1,9 @@
|
|||
{
|
||||
"description": "Name of ATT&CK software",
|
||||
"icon": "gavel",
|
||||
"name": "Tool",
|
||||
"name": "mitre-tool",
|
||||
"namespace": "mitre-attack",
|
||||
"type": "mitre-tool",
|
||||
"uuid": "d5cbd1a2-78f6-11e7-a833-7b9bccca9649",
|
||||
"version": 6
|
||||
"version": 7
|
||||
}
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
{
|
||||
"description": "North American Industry Classification System - NAICS",
|
||||
"icon": "industry",
|
||||
"name": "NAICS",
|
||||
"namespace": "misp",
|
||||
"type": "naics",
|
||||
"uuid": "b73ecad4-6529-4625-8c4f-ee3ef703a72a",
|
||||
"version": 1
|
||||
}
|
|
@ -1,9 +1,11 @@
|
|||
{
|
||||
"description": "o365-exchange-techniques - Office365/Exchange related techniques by @johnLaTwC",
|
||||
"description": "o365-exchange-techniques - Office365/Exchange related techniques by @johnLaTwC and @inversecos",
|
||||
"icon": "map",
|
||||
"kill_chain_order": {
|
||||
"tactics": [
|
||||
"Recon",
|
||||
"Initial Access",
|
||||
"Discovery",
|
||||
"Compromise",
|
||||
"Persistence",
|
||||
"Expansion",
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
{
|
||||
"description": "Known public online services.",
|
||||
"icon": "cloud",
|
||||
"name": "online-service",
|
||||
"namespace": "misp",
|
||||
"type": "online-service",
|
||||
"uuid": "c0a960b6-bba4-4914-8d54-87011aaf447e",
|
||||
"version": 1
|
||||
}
|
|
@ -1,9 +1,9 @@
|
|||
{
|
||||
"description": "Preventive measures based on the ransomware document overview as published in https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml# . The preventive measures are quite generic and can fit any standard Windows infrastructure and their security measures.",
|
||||
"icon": "shield",
|
||||
"icon": "shield-alt",
|
||||
"name": "Preventive Measure",
|
||||
"namespace": "misp",
|
||||
"type": "preventive-measure",
|
||||
"uuid": "8168995b-adcd-4684-9e37-206c5771505a",
|
||||
"version": 3
|
||||
"version": 4
|
||||
}
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
{
|
||||
"description": "List of threat intelligence producer from security vendors to CERTs including any producer of intelligence at large.",
|
||||
"icon": "book",
|
||||
"name": "Producer",
|
||||
"namespace": "misp",
|
||||
"type": "producer",
|
||||
"uuid": "2d74a15e-9c88-452e-af14-d0ecd2e9cd63",
|
||||
"version": 1
|
||||
}
|
|
@ -0,0 +1,9 @@
|
|||
{
|
||||
"description": "Sigma Rules are used to detect suspicious behaviors related to threat actors, malware and tools",
|
||||
"icon": "link",
|
||||
"name": "Sigma-Rules",
|
||||
"namespace": "misp",
|
||||
"type": "sigma-rules",
|
||||
"uuid": "9cf7cd2e-d5f1-48c4-9909-7896ba1c96b2",
|
||||
"version": 1
|
||||
}
|
|
@ -0,0 +1,9 @@
|
|||
{
|
||||
"description": "Tidal Campaigns Galaxy",
|
||||
"icon": "bullhorn",
|
||||
"name": "Tidal Campaigns",
|
||||
"namespace": "tidal",
|
||||
"type": "campaigns",
|
||||
"uuid": "3db4b6cb-5b89-4096-a057-e0205777adc9",
|
||||
"version": 1
|
||||
}
|
|
@ -0,0 +1,9 @@
|
|||
{
|
||||
"description": "Tidal Groups Galaxy",
|
||||
"icon": "user-secret",
|
||||
"name": "Tidal Groups",
|
||||
"namespace": "tidal",
|
||||
"type": "groups",
|
||||
"uuid": "877cdc4b-3392-4353-a7d4-2e46d40e5936",
|
||||
"version": 1
|
||||
}
|
|
@ -0,0 +1,9 @@
|
|||
{
|
||||
"description": "Tidal References Galaxy",
|
||||
"icon": "list",
|
||||
"name": "Tidal References",
|
||||
"namespace": "tidal",
|
||||
"type": "references",
|
||||
"uuid": "efd98ec4-16ef-41c4-bc3c-60c7c1ae8b39",
|
||||
"version": 1
|
||||
}
|
|
@ -0,0 +1,9 @@
|
|||
{
|
||||
"description": "Tidal Software Galaxy",
|
||||
"icon": "file-code",
|
||||
"name": "Tidal Software",
|
||||
"namespace": "tidal",
|
||||
"type": "software",
|
||||
"uuid": "6eb44da4-ed4f-4a5d-a444-0f105ff1b3c2",
|
||||
"version": 1
|
||||
}
|
|
@ -0,0 +1,9 @@
|
|||
{
|
||||
"description": "Tidal Tactic Galaxy",
|
||||
"icon": "map",
|
||||
"name": "Tidal Tactic",
|
||||
"namespace": "tidal",
|
||||
"type": "tactic",
|
||||
"uuid": "16b963e7-4b88-44e0-b184-16bf9e71fdc9",
|
||||
"version": 1
|
||||
}
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue